|
|||||||
|
|
|
 |
|
|
Strumenti |
18-05-2016, 13:27
|
#1 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
firewall xp non attivo - combofix non va - help
ciao a tutti
 ho un pc con xp sp3 installato, dovrebbe avere fatto tutti gli aggiornamenti. da un po' di giorni mi sono accorto che il firewall non è attivo, non riesco ad attivarlo come servizio, potreste aiutarmi per favore? grazie p.s. ho fatto scansione anche con avast, malwarebytes e combofix, non si è risolto, anzi combofix da modalità normale va bene ma non trova nulla, da provvisoria mi dice sempre che è una versione obsoleta e non parte la scansione. allego i log |
|
|
|
18-05-2016, 13:28
|
#2 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
combofix
|
|
|
|
|
18-05-2016, 13:32
|
#3 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
hijackthis
|
|
|
|
|
18-05-2016, 13:34
|
#4 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
gmer log
GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-17 21:46:51 Windows 5.1.2600 Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-19 ST500DM002-1BD142 rev.KC48 465,76GB Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\axrdrpog.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA8D1D67A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA907CAE2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA8D1E158] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA8D64D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA8D2A8F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA8D2A942] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA8D2AADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA8D646F0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA8D2A864] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA8D2A986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA8D2A8AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA8D1E68E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA8D2AA96] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA8D1EDC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA8D1D6E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA8D65402] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA8D656B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA8D22252] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA8D6526D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA8D650D8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xA907CBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0xA8D1F652] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA8D1D2CC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA907CF9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA8D1D746] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA8D22648] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA8D1FBE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA8D2A920] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA8D2A964] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA8D2AB00] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA8D64A4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA8D2A88A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA8D21B2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA8D2AA14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA8D2A8D4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA8D21F20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA8D2AABA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA907CD3A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA8D64F53] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA8D1F9FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA8D64DA5] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA8D1F3EA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA908AF10] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA908B8DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA8D63D33] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0xA8D1EF8A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0xA8D1F196] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA8D1D7AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA8D1D812] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA8D1F77C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA8D1D366] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA8D1D538] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA8D65509] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA8D1D4C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA8D1F090] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA8D1F2C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA8D1D5C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA8D1EBFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA8D1EDA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xA9079D7A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA8D1D878] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA8D1E1B4] ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ZwYieldExecution + 346 804E4AF0 4 Bytes JMP DFA8D1F3 .text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4B50 12 Bytes [33, 3D, D6, A8, 8A, EF, D1, ...] {XOR EDI, [0xef8aa8d6]; SHR DWORD [EAX-0x572e0e6a], 0x1} .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4B6C 12 Bytes [AC, D7, D1, A8, 12, D8, D1, ...] .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [90, F0, D1, A8, C0, F2, D1, ...] PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576715 4 Bytes CALL A8D2025D \SystemRoot\system32\drivers\aswSnx.sys ? system32\drivers\04353099.sys Impossibile trovare il percorso specificato. ! ? system32\drivers\4EA2F5D4.sys Impossibile trovare il percorso specificato. ! ---- User code sections - GMER 2.2 ---- .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[280] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\gtwatch.exe[656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\WINDOWS\gtwatch.exe[656] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\WINDOWS\gtwatch.exe[656] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\WINDOWS\gtwatch.exe[656] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\WINDOWS\gtwatch.exe[656] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\WINDOWS\gtwatch.exe[656] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [73, 71] {JAE 0x73} .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [76, 71] {JBE 0x73} .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [70, 71] {JO 0x73} .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [6A, 71] {PUSH 0x71} .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [67, 71] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [6D, 71] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [79, 71] {JNS 0x73} .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [61, 71] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [64, 71] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 715C000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [5E, 71] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7180000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 717D000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7183000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 7189000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 7186000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [8E, 71] .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 718C000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 7195000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 7192000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] WS2_32.dll!WSALookupServiceBeginW 71A335EF 6 Bytes JMP 7198000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71A1000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] WS2_32.dll!listen 71A38CD3 6 Bytes JMP 719B000A .text C:\Programmi\AVAST Software\Avast\AvastUI.exe[732] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 719E000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [71, 71] {JNO 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [6E, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [80, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [68, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [6B, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7163000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [65, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 718A000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 7190000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 718D000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [95, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 7193000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 719C000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 7199000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7187000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7184000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] WS2_32.dll!WSALookupServiceBeginW 71A335EF 6 Bytes JMP 719F000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AB000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] WS2_32.dll!listen 71A38CD3 6 Bytes JMP 71A5000A .text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1012] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 71A8000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [7A, 71] {JP 0x73} .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [77, 71] {JA 0x73} .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [71, 71] {JNO 0x73} .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [6E, 71] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [74, 71] {JZ 0x73} .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [80, 71] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [68, 71] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [6B, 71] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7163000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [65, 71] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7187000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7184000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 718A000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 7190000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 718D000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [95, 71] .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 7193000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 719C000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 7199000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] WS2_32.dll!WSALookupServiceBeginW 71A335EF 6 Bytes JMP 719F000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AB000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] WS2_32.dll!listen 71A38CD3 6 Bytes JMP 71A5000A .text C:\Documents and Settings\Administrator\Dati applicazioni\Spotify\SpotifyWebHelper.exe[1028] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 71A8000A .text C:\Programmi\Emsisoft Anti-Malware\a2service.exe[1336] kernel32.dll!ReadFile + 211 7C801A23 7 Bytes JMP 079CB3CC C:\Programmi\Emsisoft Anti-Malware\a2update.dll .text C:\Programmi\Emsisoft Anti-Malware\a2service.exe[1336] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 0058DD8C C:\Programmi\Emsisoft Anti-Malware\a2service.exe .text C:\Programmi\Emsisoft Anti-Malware\a2service.exe[1336] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 07A2B520 C:\Programmi\Emsisoft Anti-Malware\a2update.dll .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile + 4 7C91D0B2 6 Bytes [89, 71, 28, 48, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 4B, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile + 4 7C91D5A2 6 Bytes [86, 71, 68, 48, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess + 4 7C91D602 6 Bytes [80, 71, A8, 49, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B929762 .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 4A, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 49, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 4A, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B9297D3 .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 48, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B929901 .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile + 4 7C91DC62 6 Bytes [83, 71, 28, 49, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 4A, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 4B, C1, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 32DD01F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 32DD03FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] WS2_32.dll!WSALookupServiceBeginW 018635EF 6 Bytes JMP 7166000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] WS2_32.dll!connect 01864A07 6 Bytes JMP 716F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] WS2_32.dll!listen 01868CD3 6 Bytes JMP 7169000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[1396] WS2_32.dll!WSAConnect 01870C81 6 Bytes JMP 716C000A .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\system32\ctfmon.exe[1400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\WINDOWS\system32\ctfmon.exe[1400] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\WINDOWS\system32\ctfmon.exe[1400] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\WINDOWS\system32\ctfmon.exe[1400] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\ctfmon.exe[1400] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\WINDOWS\system32\ctfmon.exe[1400] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\WINDOWS\Explorer.EXE[1492] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\WINDOWS\Explorer.EXE[1492] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\WINDOWS\Explorer.EXE[1492] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!WSALookupServiceBeginW 02D735EF 6 Bytes JMP 7151000A .text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!connect 02D74A07 6 Bytes JMP 715A000A .text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!listen 02D78CD3 6 Bytes JMP 7154000A .text C:\WINDOWS\Explorer.EXE[1492] WS2_32.dll!WSAConnect 02D80C81 6 Bytes JMP 7157000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [83, 71] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [86, 71] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [80, 71] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [77, 71] {JA 0x73} .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [89, 71] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [71, 71] {JNO 0x73} .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [74, 71] {JZ 0x73} .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 716C000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [6E, 71] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7193000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 7199000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 7196000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [9E, 71] .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 719C000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71A5000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A2000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7190000A .text C:\WINDOWS\twain_32\L3U16\WATCH.exe[1716] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 718D000A .text C:\Programmi\AVAST Software\Avast\AvastSvc.exe[1920] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [71, 71] {JNO 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [6E, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [80, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [68, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [6B, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7163000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [65, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7187000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7184000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 718A000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 7190000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 718D000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [95, 71] .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 7193000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 719C000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 7199000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] WS2_32.dll!WSALookupServiceBeginW 71A335EF 6 Bytes JMP 719F000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] WS2_32.dll!connect 71A34A07 6 Bytes JMP 71AB000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] WS2_32.dll!listen 71A38CD3 6 Bytes JMP 71A5000A .text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 71A8000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] kernel32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] kernel32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ws2_32.dll!WSALookupServiceBeginW 026F35EF 6 Bytes JMP 7166000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ws2_32.dll!connect 026F4A07 6 Bytes JMP 716F000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ws2_32.dll!listen 026F8CD3 6 Bytes JMP 7169000A .text C:\Documents and Settings\Administrator\Documenti\PROGRAMMI ANTIVIRUS\gmer.exe[2324] ws2_32.dll!WSAConnect 02700C81 6 Bytes JMP 716C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 1BFB01F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1BFB03FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2704] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + 4 7C91D0B2 6 Bytes [89, 71, 28, DC, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, DF, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + 4 7C91D5A2 6 Bytes [86, 71, 68, DC, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + 4 7C91D602 6 Bytes [80, 71, A8, DD, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EDF6 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, DE, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, DD, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, DE, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EE67 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, DC, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EF95 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + 4 7C91DC62 6 Bytes [83, 71, 28, DD, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, DE, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, DF, 17, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 64C301F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 64C303FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] WS2_32.dll!WSALookupServiceBeginW 00EA35EF 6 Bytes JMP 7166000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] WS2_32.dll!connect 00EA4A07 6 Bytes JMP 716F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] WS2_32.dll!listen 00EA8CD3 6 Bytes JMP 7169000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[2880] WS2_32.dll!WSAConnect 00EB0C81 6 Bytes JMP 716C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [89, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [18, F0, C3, 01] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenFile + 4 7C91D5A2 2 Bytes [86, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [80, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [83, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 5DDE01F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 5DDE03FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] WS2_32.dll!WSALookupServiceBeginW 012C35EF 6 Bytes JMP 7166000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] WS2_32.dll!connect 012C4A07 6 Bytes JMP 716F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] WS2_32.dll!listen 012C8CD3 6 Bytes JMP 7169000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3504] WS2_32.dll!WSAConnect 012D0C81 6 Bytes JMP 716C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile + 4 7C91D0B2 6 Bytes [89, 71, 28, E4, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, E7, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile + 4 7C91D5A2 6 Bytes [86, 71, 68, E4, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess + 4 7C91D602 6 Bytes [80, 71, A8, E5, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B9256FE .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, E6, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, E5, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, E6, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92576F .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, E4, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92589D .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile + 4 7C91DC62 6 Bytes [83, 71, 28, E5, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, E6, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, E7, 80, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 582001F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 582003FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] WS2_32.dll!WSALookupServiceBeginW 014535EF 6 Bytes JMP 7166000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] WS2_32.dll!connect 01454A07 6 Bytes JMP 716F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] WS2_32.dll!listen 01458CD3 6 Bytes JMP 7169000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3712] WS2_32.dll!WSAConnect 01460C81 6 Bytes JMP 716C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile + 4 7C91D0B2 6 Bytes [89, 71, 28, EC, 02, 01] {MOV [ECX+0x28], ESI; IN AL, DX; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, EF, 02, 01] {SUB BH, CH; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile + 4 7C91D5A2 6 Bytes [86, 71, 68, EC, 02, 01] {XCHG [ECX+0x68], DH; IN AL, DX; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess + 4 7C91D602 6 Bytes [80, 71, A8, ED, 02, 01] {XOR BYTE [ECX-0x58], 0xed; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92D906 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, EE, 02, 01] {TEST AL, 0xee; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, ED, 02, 01] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, EE, 02, 01] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92D977 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, EC, 02, 01] {TEST AL, 0xec; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92DAA5 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile + 4 7C91DC62 6 Bytes [83, 71, 28, ED, 02, 01] {XOR DWORD [ECX+0x28], -0x13; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, EE, 02, 01] {SUB DH, CH; ADD AL, [ECX]} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, EF, 02, 01] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 572301F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 572303FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] WS2_32.dll!WSALookupServiceBeginW 01B835EF 6 Bytes JMP 7166000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] WS2_32.dll!connect 01B84A07 6 Bytes JMP 716F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] WS2_32.dll!listen 01B88CD3 6 Bytes JMP 7169000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[3988] WS2_32.dll!WSAConnect 01B90C81 6 Bytes JMP 716C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + 4 7C91D0B2 6 Bytes [89, 71, 28, B4, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [8C, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, B7, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile 7C91D59E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + 4 7C91D5A2 6 Bytes [86, 71, 68, B4, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + 4 7C91D602 6 Bytes [80, 71, A8, B5, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B9225CE .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, B6, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, B5, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, B6, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92263F .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, B4, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92276D .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetContextThread 7C91DBAE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetContextThread + 4 7C91DBB2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + 4 7C91DC62 6 Bytes [83, 71, 28, B5, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, B6, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [8F, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSuspendThread 7C91DE3E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSuspendThread + 4 7C91DE42 2 Bytes [77, 71] {JA 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtTerminateThread 7C91DE7E 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtTerminateThread + 4 7C91DE82 2 Bytes [7A, 71] {JP 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, B7, 4F, 00] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 6A9E01F8 .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 6A9E03FC .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001 .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7172000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] KERNEL32.dll!CreateProcessInternalW 7C8185EC 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] KERNEL32.dll!CreateProcessInternalW + 4 7C8185F0 2 Bytes [74, 71] {JZ 0x73} .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!CreateServiceA 77FA7211 6 Bytes JMP 7196000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] ADVAPI32.dll!CreateServiceW 77FA73A9 6 Bytes JMP 7193000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 7199000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 719F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 719C000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [A4, 71] .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 71A2000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 71AB000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 71A8000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] WS2_32.dll!WSALookupServiceBeginW 011435EF 6 Bytes JMP 7166000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] WS2_32.dll!connect 01144A07 6 Bytes JMP 716F000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] WS2_32.dll!listen 01148CD3 6 Bytes JMP 7169000A .text C:\Programmi\Google\Chrome\Application\chrome.exe[4056] WS2_32.dll!WSAConnect 01150C81 6 Bytes JMP 716C000A ---- Devices - GMER 2.2 ---- Device \Driver\08170256 \Device\KLMDKVRT08082014_04000001 04353099.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys ---- EOF - GMER 2.2 ---- |
|
|
|
|
18-05-2016, 13:57
|
#5 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
hijackthis
|
|
|
|
|
18-05-2016, 13:59
|
#6 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
malwarebytes
|
|
|
|
|
18-05-2016, 14:04
|
#7 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
non riesco ad allegare il log di cure it, wikisend non funziona, spero che quelli allegati siano sufficienti per un aiuto, grazie
|
|
|
|
|
19-05-2016, 15:15
|
#8 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
mi aiutate per favore? grazie
|
|
|
|
|
27-05-2016, 14:11
|
#9 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
purtroppo continuano ad apparirmi pop up pubblicitari indesiderati, per ora ho messo comodo firewall in sostituzione di quello di xp, non so però come fare per liberarmi da questi guai...mi consigliate qualcosa per favore? grazie vi prego sono disperato
|
|
|
|
|
28-05-2016, 09:13
|
#10 |
|
Senior Member
Iscritto dal: Oct 2008
Messaggi: 6510
|
se hai dei popup forse hai qualche adware
fai scansioni con vari tool http://www.hwupgrade.it/forum/showpo...37&postcount=2 meglio se avvii il sistema in modalità provvisoria con rete |
|
|
|
|
28-05-2016, 17:25
|
#11 |
|
Senior Member
Iscritto dal: Jan 2010
Messaggi: 37089
|
Potresti anche fare una scansione col vecchio e ormai quasi dimenticato, ma sempre valido HijackThis, poi posta qui il log dei risultati della scansione.
|
|
|
|
|
29-05-2016, 06:41
|
#12 | |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
Quote:
|
|
|
|
|
|
30-05-2016, 13:25
|
#13 |
|
Member
Iscritto dal: Sep 2015
Messaggi: 50
|
segnalo che dovrei aver risolto grazie a questa guida:
https://malwaretips.com/blogs/remove...edirect-virus/ ovviamente anche grazie al vostro aiuto e alla guida del forum, siete molto gentili. vorrei capire come poter riattivare il firewall di xp e togliere quindi Comodo, che è un po' pesantuccio, grazie
|
|
|
|
|
30-05-2016, 17:36
|
#14 | |
|
Senior Member
Iscritto dal: Oct 2008
Messaggi: 6510
|
Quote:
però non so se prima devi disinstallare comodo, in effetti comodo è pesante per una macchina magari non recente se non risolvi puoi provare private firewall |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 02:20.
