Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina strano servizio LogGuw che non si disabilita e CPU 100%

Roborock Qrevo Curv 2 Flow: ora lava con un rullo
Roborock Qrevo Curv 2 Flow: ora lava con un rullo
Qrevo Curv 2 Flow è l'ultima novità di casa Roborock per la pulizia di casa: un robot completo, forte di un sistema di lavaggio dei pavimenti basato su rullo che si estende a seguire il profilo delle pareti abbinato ad un potente motore di aspirazione con doppia spazzola laterale
Alpine A290 alla prova: un'auto bella che ti fa innamorare, con qualche limite
Alpine A290 alla prova: un'auto bella che ti fa innamorare, con qualche limite
Abbiamo guidato per diversi giorni la Alpine A290, la prima elettrica del nuovo corso della marca. Non è solo una Renault 5 sotto steroidi, ha una sua identità e vuole farsi guidare
Recensione HONOR Magic 8 Lite: lo smartphone indistruttibile e instancabile
Recensione HONOR Magic 8 Lite: lo smartphone indistruttibile e instancabile
Abbiamo provato a fondo il nuovo Magic 8 Lite di HONOR, e per farlo siamo volati fino a Marrakech , dove abbiamo testato la resistenza di questo smartphone in ogni condizione possibile ed immaginabile. Il risultato? Uno smartphone praticamente indistruttibile e con un'autonomia davvero ottima. Ma c'è molto altro da sapere su Magic 8 Lite, ve lo raccontiamo in questa recensione completa.
Il paradosso dell'IA: aumenta la produttività del 4%, ma il 90% dei CEO non se ne accorge
Oltre 2 TB di dati su un foglio A4: è record mondiale per il QR code più piccolo al mondo
Turboden realizza la più grande pompa di calore per vapore al mondo: è tutta made in Italy
SEGA pronta al debutto del misterioso 'Super Game': un progetto AAA globale che potrebbe cambiare il futuro dell'azienda
Microsoft ce l'ha fatta: adesso il 100% dei consumi energetici globali proviene da rinnovabili
Cuffie Hi-Res eleganti, con ANC e 100 ore di batteria a soli 75€: le CMF Headphone Pro tornano in offerta
Processo a Meta, Zuckerberg difende Instagram dalle accuse: non vogliamo creare dipendenza nei minori
Password in pericolo: scoperte gravi lacune di sicurezza su Bitwarden, LastPass e Dashlane
Pentagono e Anthropic ai ferri corti: in bilico il contratto da 200 milioni per l'uso militare di Claude
eBay acquisisce Depop da Etsy per 1,2 miliardi di dollari e punta sulla moda di seconda mano
The Elder Scrolls VI userà motore grafico Creation Engine 3 e segnerà il ritorno allo stile classico di Bethesda
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 2 1 2 >
Rispondi
 
Strumenti
Old 21-11-2006, 11:09   #1
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
strano servizio LogGuw che non si disabilita e CPU 100%
ciao a tutti.
ho installati S&Destroy, avast, kerio firewall
Mi capita ogni tanto di trovarmi la CPU al 100%, occupata da services.exe, avendo nel task manager un file con nomi diversi (ad esempio teut.exe, o ceo.exe, o gnpn.exe, con maiuscole e minuscole varie) che risponde ad un certo utente JfTkp. Entrambi i processi non si lasciano terminare.
Eseguo varie scansioni, anche online (le ultime seguendo il vostro accurato protocollo di "aiuto sono infetto cosa faccio?" ), trovo qualche schifezza secondaria, in file temp o zip non ancora usati, ripulisco, ma il problema si ripresenta (non ancora dopo il giro di stanotte di ewido ecc., che peraltro mi ha fatto fixare bugdoctor, e che ho dovuto scaricare con IE, perchè firefox non mi attivava il tasto di download e non ho capito come fare).
Quando riavvio con la CPU intasata, mentre si chiude tutto compare la finestra del firewall che dice che teut.exe o chi per lui tentava di eseguire generic host processes (penso che sia la fonte dell'intasamento).
Ho provato a eliminare JfTkp da profilo utenti, ma mi dà errore, eliminazione non completa.
Se eseguo services.msc trovo un servizio LogGuw, con descrizione enable windows user mode drivers, connessione .\JfTkp, che si esegue in automatico.
Ho provato a disattivarlo, mi dà accesso negato. Percorso del suo file eseguibile: C\programmi\file comuni\system\jpg.exe. Aprendo, ho trovato una pletora di file in verde, incancellabili, tra cui jpg.exe.
dopo varie scansioni pulizie e riavvii, ora la cartella è vuota (ma non ho i processi nel task).
risulta anche un servizio NetEsr, descr. gestisce la protezione IP e avvia ISAKMP/Oakley (IKE) e il driver di protezione IP, con eseguibile c\windows\temp\4B.tmp, utente non cancellabile ma l'ho disabilitato.
negli utenti administrator ha una croce rossa sopra.
le mie ricerche su google non mi hanno fornito risposte nè suggerimenti
la verifica del log di hijack è regolare.
sarei mmmolto lieto di consigli e aiuto
grazie
Ultima modifica di nyctalus : 21-11-2006 alle 11:52. Motivo: chiarire oggetto
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 21-11-2006, 15:03   #2
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da nyctalus
ciao a tutti.
ho installati S&Destroy, avast, kerio firewall
Mi capita ogni tanto di trovarmi la CPU al 100%, occupata da services.exe, avendo nel task manager un file con nomi diversi (ad esempio teut.exe, o ceo.exe, o gnpn.exe, con maiuscole e minuscole varie) che risponde ad un certo utente JfTkp. Entrambi i processi non si lasciano terminare.
Eseguo varie scansioni, anche online (le ultime seguendo il vostro accurato protocollo di "aiuto sono infetto cosa faccio?" ), trovo qualche schifezza secondaria, in file temp o zip non ancora usati, ripulisco, ma il problema si ripresenta (non ancora dopo il giro di stanotte di ewido ecc., che peraltro mi ha fatto fixare bugdoctor, e che ho dovuto scaricare con IE, perchè firefox non mi attivava il tasto di download e non ho capito come fare).
Quando riavvio con la CPU intasata, mentre si chiude tutto compare la finestra del firewall che dice che teut.exe o chi per lui tentava di eseguire generic host processes (penso che sia la fonte dell'intasamento).
Ho provato a eliminare JfTkp da profilo utenti, ma mi dà errore, eliminazione non completa.
Se eseguo services.msc trovo un servizio LogGuw, con descrizione enable windows user mode drivers, connessione .\JfTkp, che si esegue in automatico.
Ho provato a disattivarlo, mi dà accesso negato. Percorso del suo file eseguibile: C\programmi\file comuni\system\jpg.exe. Aprendo, ho trovato una pletora di file in verde, incancellabili, tra cui jpg.exe.
dopo varie scansioni pulizie e riavvii, ora la cartella è vuota (ma non ho i processi nel task).
risulta anche un servizio NetEsr, descr. gestisce la protezione IP e avvia ISAKMP/Oakley (IKE) e il driver di protezione IP, con eseguibile c\windows\temp\4B.tmp, utente non cancellabile ma l'ho disabilitato.
negli utenti administrator ha una croce rossa sopra.
le mie ricerche su google non mi hanno fornito risposte nè suggerimenti
la verifica del log di hijack è regolare.
sarei mmmolto lieto di consigli e aiuto
grazie
Intanto togli di mezzo tutti quei servizi così:

start -> esegui -> services.msc

nella lista dei servizi, guarda se nella colonna connessione compare qualche voce con caratteri casuali diversa da tutte le altre. Se così fosse guarda le proprietà (tasto dx -> proprietà) del servizio/i che presenta questa voce e prendi nota del nome del file. Scarica questo: http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP e utilizzalo per eliminare il/i file di cui sopra.

Di solito c'è sempre qualcos'altro oltre a quei servizi, se non trovi niente prova a fare i log autostart e rootkit con gmer e se vuoi postali qua.

ps la prima parte del msg l'ho ricopiata da un mio vecchio msg, per questo ci sono anche alcune indicazioni per individuare i servizi che invece tu hai già trovato.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 22-11-2006, 15:39   #3
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
intanto grazie, non ti ho risposto prima perchè ho fatto girare la scansione di avast in modalità provvisoria (e ho trovato un trojan, win 32 small bts su prn.exe messo in file comuni/system. non riparabile, ho cancellato. la stampante ora non risulta installata - ma forse è colpa di altri servizi che ho disabilitato...)
cosa significa "fare i log autostart e rootkit con gmer"? grazie di tutto

ora ho trovato gmer
provo a fare
Ultima modifica di nyctalus : 22-11-2006 alle 16:41. Motivo: evoluzione in atto
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 22-11-2006, 16:18   #4
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
. Scarica questo: http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

ho scaricato ma il file zip non si apre (dice che è corrupt)

ok l'ho preso direttamente dal sito
Ultima modifica di nyctalus : 22-11-2006 alle 16:27. Motivo: nuova situazione
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 22-11-2006, 16:38   #5
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
sono sempre io. ora l'utente jftkp non risulta nel task manager (in services msc invece sì, come connessione del processo intoccabile logguw), e non si vede il file c\programmi\file comuni\system\jpg.exe che risulta essere il percorso del suo file eseguibile. quindi, ora che ho avgpfix, non ho niente da cancellare.
sigh
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 22-11-2006, 17:11   #6
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
GMER 1.0.12.11889 - http://www.gmer.net
Autostart scan 2006-11-22 17:11:03
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcrSch2Svc /*Acronis Scheduler2 Service*/@ = "C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe"
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
avast! Mail Scanner /*avast! Mail Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service
avast! Web Scanner /*avast! Web Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service
bdss /*BitDefender Scan Server*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
KPF4 /*Kerio Personal Firewall 4*/@ = "C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe"
LogGuw /*LogGuw*/@ = "C:\Programmi\File comuni\System\jpg.exe" /*file not found*/
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
XCOMM /*BitDefender Communicator*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Acronis?True?Image Monitor(null) =
@Acronis Scheduler2 Service"C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" = "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_02\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@CamMonitorC:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe = C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
@Share-to-Web Namespace DaemonC:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe = C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
@TomcatStartupC:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe = C:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@ANIWZCS2ServiceC:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@D-Link AirPlus GC:\Programmi\D-Link\AirPlus G\AirGCFG.exe = C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
@RivaTuner"C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T = "C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T
@BDMCon"C:\Programmi\Softwin\BitDefender8\bdmcon.exe" = "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
@BDNewsAgent"c:\programmi\softwin\bitdefender8\bdnagent.exe" = "c:\programmi\softwin\bitdefender8\bdnagent.exe"
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{A4DF5659-0801-4A60-9607-1C48695EFDA9} /*Cartella di caricamento Share-to-Web*/C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL = C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{92085AD4-F48A-450D-BD93-B28CC7DF67CE} /*eBay Toolbar*/(null) =
@{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} /*Notepad++ Shell Extension*/C:\Programmi\Notepad++\nppshellext.dll = C:\Programmi\Notepad++\nppshellext.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/C:\Programmi\Softwin\BitDefender8\bdshelxt.dll = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
NppShellExt@{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} = C:\Programmi\Notepad++\nppshellext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
NppShellExt@{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} = C:\Programmi\Notepad++\nppshellext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\ssmypics.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.asianews.it/ = http://www.asianews.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{374AF124-1146-4C11-8A8B-D685F0EFA525} /*Connessione rete senza fili 6*/ >>>
@IPAddress192.168.1.125 = 192.168.1.125
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{510C4E0B-CA12-4CB0-B8C6-09274FE08AC1} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.100 = 192.168.1.100
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
PC Alert 4.lnk = PC Alert 4.lnk

---- EOF - GMER 1.0.12 ----
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 22-11-2006, 19:39   #7
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
GMER 1.0.12.11889 - http://www.gmer.net
Autostart scan 2006-11-22 19:39:25
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcrSch2Svc /*Acronis Scheduler2 Service*/@ = "C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe"
Alerter /*Avvisi*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
avast! Mail Scanner /*avast! Mail Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service
avast! Web Scanner /*avast! Web Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service
bdss /*BitDefender Scan Server*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BthServ /*Bluetooth Support Service*/@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HTTPFilter /*SSL HTTP*/@ = %SystemRoot%\System32\svchost.exe -k HTTPFilter
KPF4 /*Kerio Personal Firewall 4*/@ = "C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe"
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
LogGuw /*LogGuw*/@ = "C:\Programmi\File comuni\System\jpg.exe" /*file not found*/
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
upnphost /*Host di periferiche Plug and Play universali*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
XCOMM /*BitDefender Communicator*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Acronis?True?Image Monitor(null) =
@Acronis Scheduler2 Service"C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" = "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_02\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@CamMonitorC:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe = C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
@Share-to-Web Namespace DaemonC:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe = C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
@TomcatStartupC:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe = C:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@ANIWZCS2ServiceC:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@D-Link AirPlus GC:\Programmi\D-Link\AirPlus G\AirGCFG.exe = C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
@RivaTuner"C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T = "C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T
@BDMCon"C:\Programmi\Softwin\BitDefender8\bdmcon.exe" = "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
@BDNewsAgent"C:\Programmi\Softwin\BitDefender8\bdnagent.exe" = "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{A4DF5659-0801-4A60-9607-1C48695EFDA9} /*Cartella di caricamento Share-to-Web*/C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL = C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{92085AD4-F48A-450D-BD93-B28CC7DF67CE} /*eBay Toolbar*/(null) =
@{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} /*Notepad++ Shell Extension*/C:\Programmi\Notepad++\nppshellext.dll = C:\Programmi\Notepad++\nppshellext.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/C:\Programmi\Softwin\BitDefender8\bdshelxt.dll = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
NppShellExt@{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} = C:\Programmi\Notepad++\nppshellext.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
NppShellExt@{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} = C:\Programmi\Notepad++\nppshellext.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\ssmypics.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.asianews.it/ = http://www.asianews.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{374AF124-1146-4C11-8A8B-D685F0EFA525} /*Connessione rete senza fili 6*/ >>>
@IPAddress192.168.1.125 = 192.168.1.125
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{510C4E0B-CA12-4CB0-B8C6-09274FE08AC1} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.100 = 192.168.1.100
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
PC Alert 4.lnk = PC Alert 4.lnk

---- EOF - GMER 1.0.12 ----
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 23-11-2006, 10:09   #8
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
a che punto sei adesso? dal log non si vede niente di sospetto.. ci sono ancora servizi con connessione strana in services.msc? Altri sintomi? se c'è ancora qualcosa di strano, per completezza fai anche un log rootkit di gmer, per adesso hai fatto quello autorun. Mentre fai quella scansione assicurati che show all NON sia selezionata, lascia tutte le altre impostazioni di default, non utilizzare il pc e chiudi tutte le applicazioni che puoi.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 23-11-2006, 21:32   #9
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
che scemo! ho postato due volte autorun!
ok ora faccio.
il servizio logguw con connessione jfptk risulta sempre nei servizi, e non è cancellabile nè disattivabile - dà accesso negato -, ma si appoggia su di un eseguibile che ora non c'è (jpg.exe in file comuni/system), e non risulta jfptk nel task manager.
grazie e ciao
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 24-11-2006, 12:05   #10
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
strano non riesco a inviare. forse ho esagerato a ridurre servizi...
provo con questo senza log
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:34   #11
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-26 01:16:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F8365A5F 6 Bytes

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hpzipm12.exe[216] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hpzipm12.exe[216] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\hpzipm12.exe[216] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\hpzipm12.exe[216] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\hpzipm12.exe[216] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hpzipm12.exe[216] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:35   #12
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[292] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[292] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[292] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00070720
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe[496] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[532] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe[736] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[772] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[772] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[800] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:36   #13
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[1020] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[1020] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[1020] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[1144] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[1144] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[1144] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetConnectA 771944DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetOpenA 77196D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetOpenUrlA 77196FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetConnectW 771A5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetOpenW 771A6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetOpenUrlW 771A7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Alwil Software\Avast4\ashWebSv.exe[1344] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[1388] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[1388] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[1388] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[1388] WININET.dll!InternetConnectA 771944DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[1388] WININET.dll!InternetOpenA 77196D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[1388] WININET.dll!InternetOpenUrlA 77196FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[1388] WININET.dll!InternetConnectW 771A5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[1388] WININET.dll!InternetOpenW 771A6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[1388] WININET.dll!InternetOpenUrlW 771A7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[1388] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[1388] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[1388] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1532] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1532] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1532] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1532] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1532] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1732] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe[1796] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:38   #14
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Alwil Software\Avast4\ashServ.exe[1844] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1944] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1944] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1944] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000308C4
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00030838
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00030950
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000307AC
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00030720
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WININET.dll!InternetConnectA 771944DB 5 Bytes JMP 00030F54
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WININET.dll!InternetOpenA 77196D2A 5 Bytes JMP 00030D24
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WININET.dll!InternetOpenUrlA 77196FDD 5 Bytes JMP 00030E3C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WININET.dll!InternetConnectW 771A5D4C 5 Bytes JMP 00030FE0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WININET.dll!InternetOpenW 771A6CF3 5 Bytes JMP 00030DB0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe[2012] WININET.dll!InternetOpenUrlW 771A7304 5 Bytes JMP 00030EC8
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe[2164] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2172] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\SOUNDMAN.EXE[2184] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\SOUNDMAN.EXE[2184] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\SOUNDMAN.EXE[2184] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[2208] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[2208] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[2208] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Mozilla Firefox\firefox.exe[2240] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:39   #15
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2308] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[2388] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[2388] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00070720
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] WININET.dll!InternetConnectA 771944DB 5 Bytes JMP 00130F54
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] WININET.dll!InternetOpenA 77196D2A 5 Bytes JMP 00130D24
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] WININET.dll!InternetOpenUrlA 77196FDD 5 Bytes JMP 00130E3C
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] WININET.dll!InternetConnectW 771A5D4C 5 Bytes JMP 00130FE0
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] WININET.dll!InternetOpenW 771A6CF3 5 Bytes JMP 00130DB0
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] WININET.dll!InternetOpenUrlW 771A7304 5 Bytes JMP 00130EC8
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe[2436] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\D-Tools\daemon.exe[2472] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\D-Tools\daemon.exe[2472] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\D-Tools\daemon.exe[2472] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe[2480] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe[2512] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[2744] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[2744] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[2744] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2768] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\D-Link\AirPlus G\AirGCFG.exe[2796] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000707AC
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00070720
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000708C4
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00070838
.text C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[2804] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00070950
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\RivaTuner v2.0 RC 15.8\RivaTuner.exe[2812] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[2848] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[2892] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[2892] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:40   #16
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
.text C:\WINDOWS\system32\ctfmon.exe[2892] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] user32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] user32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] WININET.dll!InternetConnectA 771944DB 5 Bytes JMP 00130F54
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] WININET.dll!InternetOpenA 77196D2A 5 Bytes JMP 00130D24
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] WININET.dll!InternetOpenUrlA 77196FDD 5 Bytes JMP 00130E3C
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] WININET.dll!InternetConnectW 771A5D4C 5 Bytes JMP 00130FE0
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] WININET.dll!InternetOpenW 771A6CF3 5 Bytes JMP 00130DB0
.text C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2924] WININET.dll!InternetOpenUrlW 771A7304 5 Bytes JMP 00130EC8
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\MSI\PC Alert 4\PCAlert4.exe[2988] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text E:\DOWNLOADS\virus e rumente varie\gmer\gmer.exe[3340] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\taskmgr.exe[3876] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\taskmgr.exe[3876] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\taskmgr.exe[3876] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\taskmgr.exe[3876] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\taskmgr.exe[3876] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\taskmgr.exe[3876] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WININET.dll!InternetConnectA 771944DB 5 Bytes JMP 00130F54
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WININET.dll!InternetOpenA 77196D2A 5 Bytes JMP 00130D24
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WININET.dll!InternetOpenUrlA 77196FDD 5 Bytes JMP 00130E3C
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WININET.dll!InternetConnectW 771A5D4C 5 Bytes JMP 00130FE0
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WININET.dll!InternetOpenW 771A6CF3 5 Bytes JMP 00130DB0
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WININET.dll!InternetOpenUrlW 771A7304 5 Bytes JMP 00130EC8
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Softwin\BitDefender8\bdmcon.exe[4016] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe[4048] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:41   #17
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82368288
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 820201D0
Device \Driver\fwdrv \Device\FWDRV IRP_MJ_READ 81F70B10
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 822404E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 822404E0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81F7BAB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 822404E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 822404E0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 821E0A68
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 821E0A68
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:42   #18
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 822404E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 822404E0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 816212C0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81EFD2B8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81EFD2B8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81FF1EA0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 820E6E68
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82018CB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82018CB0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 820201D0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 823B7178
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 823B7178
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 823B7178
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 823B7178
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 823B7178
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81CEBAA0
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 01:48   #19
nyctalus
Junior Member
 
Iscritto dal: Mar 2004
Messaggi: 19
mi spiace di aver mandato tanta roba, forse ho capito male cosa disattivare. e scusa per il ritardo all'invio, ma solo stasera ho pensato di spezzare il log (che volpino! )
grazie ancora per l'attenzione, non ho più notato sul task il fenomeno del 100% e dello strano utetne, ma la situazione descritta è stazionaria
nyctalus è offline   Rispondi citando il messaggio o parte di esso
Old 26-11-2006, 15:22   #20
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da nyctalus
mi spiace di aver mandato tanta roba, forse ho capito male cosa disattivare. e scusa per il ritardo all'invio, ma solo stasera ho pensato di spezzare il log (che volpino! )
grazie ancora per l'attenzione, non ho più notato sul task il fenomeno del 100% e dello strano utetne, ma la situazione descritta è stazionaria
non so se manca qualcosa dal log rootkit o se non ci sono voci in quelle sezioni, cmq prova a rifarlo con soltanto queste opzioni: Registry, Files, tutte le unità presenti nel riquadro sotto file, e ads poco più giù. E basta. Le altre deselezionale tutte.
Non usare il pc durante la scansione, chiudi tutte le applicazioni e vediamo il risultato.. ciao!
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 2 1 2 >
 Rispondi

« Discussione precedente | Discussione successiva »

Roborock Qrevo Curv 2 Flow: ora lava con un rullo Roborock Qrevo Curv 2 Flow: ora lava con un rull...
Alpine A290 alla prova: un'auto bella che ti fa innamorare, con qualche limite Alpine A290 alla prova: un'auto bella che ti fa ...
Recensione HONOR Magic 8 Lite: lo smartphone indistruttibile e instancabile Recensione HONOR Magic 8 Lite: lo smartphone ind...
Sony WF-1000X M6: le cuffie in-ear di riferimento migliorano ancora Sony WF-1000X M6: le cuffie in-ear di riferiment...
Snowflake porta l'IA dove sono i dati, anche grazie a un accordo con OpenAI Snowflake porta l'IA dove sono i dati, anche gra...
Il paradosso dell'IA: aumenta la produtt...
Oltre 2 TB di dati su un foglio A4: &egr...
Turboden realizza la più grande p...
SEGA pronta al debutto del misterioso 'S...
Microsoft ce l'ha fatta: adesso il 100% ...
Cuffie Hi-Res eleganti, con ANC e 100 or...
Processo a Meta, Zuckerberg difende Inst...
Password in pericolo: scoperte gravi lac...
Pentagono e Anthropic ai ferri corti: in...
eBay acquisisce Depop da Etsy per 1,2 mi...
The Elder Scrolls VI userà motore...
Action cam 8K al prezzo giusto: Insta360...
Stop improvviso per Blue Jay: la nuova s...
Lyria 3 sbarca su Gemini: adesso si può ...
Apple Watch SE 3 da 229€, con cassa da 4...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 13:29.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Served by www3v