Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Dialer labbra rosse

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Dialer labbra rosse

Postdi bobby2 » 03/02/07 17:32

Ho un dialer, che si manifesta solo quando apro il prog StartupManager, che mi segnala la sua partenza automatica,con un icona con due labbra rosse. Sembra sia un rootkit, quindi impossibile eliminarlo coi normali antivirus, anche gli anti rootkit fanno cilecca,la maggior parte non lo trova e quelli che lo vedono, si limitano a segnalarlo, senza riuscire a toglierlo.
Come devo fare per toglierlo?
Grazie.
bobby2
Utente Junior
 
Post: 58
Iscritto il: 29/12/04 14:50

Sponsor
 

Postdi Luke57 » 03/02/07 18:04

Ciao, scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, lascia le impostazioni di default, metti la spunta alla casella ADS, fai uno Scan completo. Chiudi, prima dello scan, tutti i programmi e le applicazioni aperti.
Al termine, premi il tasto Copy e incolla il report in un foglio di testo.
Sempre con Gmer ti sposti sul tab Autostart (non spuntare la casella show all), premi Scan. Al termine dello scan, premi Copy.
Incolli il report nel foglio precedentemente salvato e poi incolli i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi bobby2 » 03/02/07 18:37

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-03 18:33:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT pxfsf.sys ZwCreateProcess
SSDT pxfsf.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT pxfsf.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, 88, 31, F7, 83, 88, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ B5, 88, 31, F7, BF, 88, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 12 Bytes [ DD, 88, 31, F7, E7, 88, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23F4 805010F8 24 Bytes [ FB, 88, 31, F7, 05, 89, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 37, 89, 31, F7, 41, 89, 31, ... ]
.text ...

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\EXPLORER.EXE[416] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Prevx1\PXConsole.exe[2704] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

---- EOF - GMER 1.0.12 ----



GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-02-03 18:35:51
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\Userinit.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
WgaLogon@DLLName = WgaLogon.dll
WRNotifier@DLLName = WRLogonNTF.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
anbmService /*Notebook Manager Service*/@ = C:\Acer\eManager\anbmServ.exe
AntiVirScheduler /*AntiVir Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WinDefend /*Windows Defender*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@CtrlVol"C:\Program Files\Launch Manager\CtrlVol.exe" = "C:\Program Files\Launch Manager\CtrlVol.exe"
@LaunchAp"C:\Program Files\Launch Manager\LaunchAp.exe" = "C:\Program Files\Launch Manager\LaunchAp.exe"
@LManager"C:\Program Files\Launch Manager\HotkeyApp.exe" = "C:\Program Files\Launch Manager\HotkeyApp.exe"
@LMgrOSD"C:\Program Files\Launch Manager\OSDCtrl.exe" = "C:\Program Files\Launch Manager\OSDCtrl.exe"
@LtMohC:\Programmi\ltmoh\Ltmoh.exe = C:\Programmi\ltmoh\Ltmoh.exe
@Motive SmartBridgeC:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
@NvCplDaemon"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
@PCSuiteTrayApplication"C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup = "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
@PowerKey"C:\Program Files\Launch Manager\PowerKey.exe" = "C:\Program Files\Launch Manager\PowerKey.exe"
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@VTTraypVTtrayp.exe = VTtrayp.exe
@Wbutton"C:\Program Files\Launch Manager\Wbutton.exe" = "C:\Program Files\Launch Manager\Wbutton.exe"
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@PrevxOne"C:\Programmi\Prevx1\PXConsole.exe" = "C:\Programmi\Prevx1\PXConsole.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@PcSync"C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog = "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll /*file not found*/ = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll /*file not found*/

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zip.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = blank /*file not found*/

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zip.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = blank /*file not found*/

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll = C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.tiscali.it/ = http://www.tiscali.it/

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.tiscali.it/

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.12 ----
bobby2
Utente Junior
 
Post: 58
Iscritto il: 29/12/04 14:50

Postdi Luke57 » 03/02/07 18:50

Ciao, nel log non vedo niente.
Verifica in questa directory (C:\documents and settings\nomeutente\Impostazioni locali\temp\) se è presente il file it_0xxx.exe (dove xx sono numeri casuali). Se presente, eliminalo.
Inoltre controlla se in C:\Windows è presente il file svhost.dll
Se sì elimina anch'esso.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi bobby2 » 03/02/07 21:12

I due files non ci sono.
L'unico anti rootkit che mi segnala qualcosa, ma senza la possibiltà di eliminare, è Rootkit Revealer.
Questi sono i due file:
HKLM\SECURITY\Policy\Secrets\SAC* 14/09/2004 11.14 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 14/09/2004 11.14 0 bytes Key name contains embedded nulls (*)
Come interpretare questa segnalazione?
bobby2
Utente Junior
 
Post: 58
Iscritto il: 29/12/04 14:50


Torna a Sicurezza e Privacy


Topic correlati a "Dialer labbra rosse":

Dialer, virus vari
Autore: zena
Forum: Sicurezza e Privacy
Risposte: 4
Probabile dialer
Autore: prof2000
Forum: Sicurezza e Privacy
Risposte: 5

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti