GMER 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2007-02-03 18:33:51
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT pxfsf.sys ZwCreateProcess
SSDT pxfsf.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT pxfsf.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, 88, 31, F7, 83, 88, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ B5, 88, 31, F7, BF, 88, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 12 Bytes [ DD, 88, 31, F7, E7, 88, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23F4 805010F8 24 Bytes [ FB, 88, 31, F7, 05, 89, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 37, 89, 31, F7, 41, 89, 31, ... ]
.text ...
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[212] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SRVEIDEG.EXE[228] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\EXPLORER.EXE[416] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[416] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\ACER\EMANAGER\ANBMSERV.EXE[652] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[824] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[864] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[940] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1132] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1316] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\xp\Desktop\gmer\gmer.exe[1368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE[1424] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1468] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\LTMOH\LTMOH.EXE[1520] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1564] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE[1568] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE[1584] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE[1608] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE[1632] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1700] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE[1768] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE[1824] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE[2052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2084] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE[2096] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE[2280] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\POWERKEY.EXE[2396] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE[2452] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2480] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\VTTRAYP.EXE[2536] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE[2560] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\WINAMP\WINAMPA.EXE[2632] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2656] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Prevx1\PXConsole.exe[2704] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Prevx1\PXConsole.exe[2704] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\AGRSMMSG.EXE[2748] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2764] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Prevx1\PXAgent.exe[2780] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\NOKIA\NOKIA PC SUITE 6\PCSYNC2.EXE[2808] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRAMMI\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE[3000] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[3424] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 -
http://www.gmer.net
Autostart scan 2007-02-03 18:35:51
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\Userinit.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
WgaLogon@DLLName = WgaLogon.dll
WRNotifier@DLLName = WRLogonNTF.dll /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
anbmService /*Notebook Manager Service*/@ = C:\Acer\eManager\anbmServ.exe
AntiVirScheduler /*AntiVir Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WinDefend /*Windows Defender*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@CtrlVol"C:\Program Files\Launch Manager\CtrlVol.exe" = "C:\Program Files\Launch Manager\CtrlVol.exe"
@LaunchAp"C:\Program Files\Launch Manager\LaunchAp.exe" = "C:\Program Files\Launch Manager\LaunchAp.exe"
@LManager"C:\Program Files\Launch Manager\HotkeyApp.exe" = "C:\Program Files\Launch Manager\HotkeyApp.exe"
@LMgrOSD"C:\Program Files\Launch Manager\OSDCtrl.exe" = "C:\Program Files\Launch Manager\OSDCtrl.exe"
@LtMohC:\Programmi\ltmoh\Ltmoh.exe = C:\Programmi\ltmoh\Ltmoh.exe
@Motive SmartBridgeC:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
@NvCplDaemon"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
@PCSuiteTrayApplication"C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup = "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
@PowerKey"C:\Program Files\Launch Manager\PowerKey.exe" = "C:\Program Files\Launch Manager\PowerKey.exe"
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@VTTraypVTtrayp.exe = VTtrayp.exe
@Wbutton"C:\Program Files\Launch Manager\Wbutton.exe" = "C:\Program Files\Launch Manager\Wbutton.exe"
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@PrevxOne"C:\Programmi\Prevx1\PXConsole.exe" = "C:\Programmi\Prevx1\PXConsole.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@PcSync"C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog = "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll /*file not found*/ = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll /*file not found*/
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zip.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = blank /*file not found*/
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Programmi\7-Zip\7-zip.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = blank /*file not found*/
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll = C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157
@Start
Pagehttp://www.tiscali.it/ =
http://www.tiscali.it/
HKCU\Software\Microsoft\Internet Explorer\Main@Start Page =
http://www.tiscali.it/
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk
---- EOF - GMER 1.0.12 ----