|
|
|
|
Strumenti |
24-09-2008, 17:40 | #161 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
@Taxon
Questo C:\WINDOWS\TEMP\mc21.tmp sinceramente mi convince poco io un controllino lo farei http://www.hwupgrade.it/forum/showthread.php?t=1599737
__________________
Try again and you will be luckier.
|
05-10-2008, 10:24 | #162 | |
Senior Member
Iscritto dal: Feb 2004
Città: ♪ ♫ un giorno all'improvviso... ♪ ♫
Messaggi: 5716
|
Quote:
La voce che tu menzioni non e' stata rilevata da nessun software (sia Antivirus che antispyeware/malware ecc.ecc. ed anche seguendo la mitica guida di xcdegasp ). L'unico programma che lo rivelava, RegOrganizer, me lo visualizzava come percorso "non valido" e cancellato di riflesso. Adesso posto il nuovo log di GMER, sperando che non ci siano sorprese negative Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-04 18:30:59 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwAssignProcessToJobObject [0xF77192C0] SSDT spyt.sys ZwCreateKey [0xF74D70E0] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwCreateThread [0xF77192F0] SSDT spyt.sys ZwEnumerateKey [0xF74F5CA2] SSDT spyt.sys ZwEnumerateValueKey [0xF74F6030] SSDT spyt.sys ZwOpenKey [0xF74D70C0] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwOpenProcess [0xF7719540] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwOpenThread [0xF7719400] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwProtectVirtualMemory [0xF7719340] SSDT spyt.sys ZwQueryKey [0xF74F6108] SSDT spyt.sys ZwQueryValueKey [0xF74F5F88] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwSetContextThread [0xF7719290] SSDT spyt.sys ZwSetValueKey [0xF74F619A] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwTerminateProcess [0xF7719670] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwTerminateThread [0xF7719380] SSDT \??\K:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB76476D0] SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwWriteVirtualMemory [0xF77193B0] INT 0x63 ? 89B65E80 INT 0x73 ? 89C10BF8 INT 0x73 ? 89C13BF8 INT 0x73 ? 89B65E80 INT 0x73 ? 89C10BF8 INT 0x83 ? 89B65E80 INT 0x94 ? 89B65E80 INT 0xB4 ? 89B65E80 INT 0xB4 ? 89B65E80 INT 0xB4 ? 89B65E80 INT 0xB4 ? 89B65E80 ---- Kernel code sections - GMER 1.0.14 ---- ? spyt.sys Impossibile trovare il file specificato. ! .text USBPORT.SYS!DllUnload BA7578AC 5 Bytes JMP 89B65460 ? System32\Drivers\aeo2re3r.SYS Impossibile trovare il percorso specificato. ! ? K:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. ! ---- User code sections - GMER 1.0.14 ---- .text K:\WINDOWS\system32\SearchIndexer.exe[1928] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C K:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89C132D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spyt.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spyt.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spyt.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spyt.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spyt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spyt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spyt.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B65560 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spyt.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 89B9E1F8 AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) Device \FileSystem\Fastfat \FatCdrom 875771F8 Device \Driver\PCI_PNP7958 \Device\00000043 spyt.sys Device \Driver\PCI_PNP7958 \Device\00000043 spyt.sys Device \Driver\usbuhci \Device\USBPDO-0 89B6E500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C111F8 Device \Driver\dmio \Device\DmControl\DmConfig 89C111F8 Device \Driver\dmio \Device\DmControl\DmPnP 89C111F8 Device \Driver\dmio \Device\DmControl\DmInfo 89C111F8 Device \Driver\usbuhci \Device\USBPDO-1 89B6E500 Device \Driver\usbuhci \Device\USBPDO-2 89B6E500 Device \Driver\NetBT \Device\NetBT_Tcpip_{8625C0AA-CD6B-492E-95F4-43B206D6E447} 88602500 Device \Driver\usbehci \Device\USBPDO-3 890111F8 Device \Driver\usbuhci \Device\USBPDO-4 89B6E500 Device \Driver\usbuhci \Device\USBPDO-5 89B6E500 Device \Driver\usbuhci \Device\USBPDO-6 89B6E500 Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8 Device \Driver\usbehci \Device\USBPDO-7 890111F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8 Device \Driver\Cdrom \Device\CdRom0 890051F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89BA11F8 Device \Driver\Cdrom \Device\CdRom1 890051F8 Device \Driver\usbstor \Device\00000073 887321F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89BA11F8 Device \Driver\usbstor \Device\00000074 887321F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 89BA11F8 Device \Driver\usbstor \Device\00000075 887321F8 Device \Driver\usbstor \Device\00000076 887321F8 Device \Driver\usbstor \Device\00000077 887321F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 88602500 Device \Driver\usbuhci \Device\USBFDO-0 89B6E500 Device \Driver\usbuhci \Device\USBFDO-1 89B6E500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88759500 Device \Driver\usbuhci \Device\USBFDO-2 89B6E500 Device \Driver\sptd \Device\1491781708 spyt.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector 88759500 Device \Driver\usbehci \Device\USBFDO-3 890111F8 Device \Driver\usbuhci \Device\USBFDO-4 89B6E500 Device \Driver\Ftdisk \Device\FtControl 89BA11F8 Device \Driver\usbuhci \Device\USBFDO-5 89B6E500 Device \Driver\usbuhci \Device\USBFDO-6 89B6E500 Device \Driver\usbehci \Device\USBFDO-7 890111F8 Device \Driver\aeo2re3r \Device\Scsi\aeo2re3r1 88FD61F8 Device \Driver\JRAID \Device\Scsi\JRAID1Port1Path0Target1Lun0 89B9F1F8 Device \Driver\JRAID \Device\Scsi\JRAID1 89B9F1F8 Device \Driver\aeo2re3r \Device\Scsi\aeo2re3r1Port2Path0Target0Lun0 88FD61F8 Device \Driver\JRAID \Device\Scsi\JRAID1Port1Path0Target0Lun0 89B9F1F8 Device \FileSystem\Fastfat \Fat 875771F8 AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset ) Device \FileSystem\Cdfs \Cdfs 866F41F8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 K:\Programmi\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0x59 0x42 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2B 0xBC 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x8C 0x09 0x3E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 K:\Programmi\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0x59 0x42 0x86 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2B 0xBC 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x8C 0x09 0x3E ... ---- EOF - GMER 1.0.14 ---- |
|
05-10-2008, 14:11 | #163 | ||
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Quote:
__________________
Try again and you will be luckier.
|
||
08-10-2008, 23:33 | #164 |
Senior Member
Iscritto dal: Jan 2006
Messaggi: 529
|
Ciao a tutti,
ieri dopo esser stato infettato da un bagle, ho seguito alla lettera le procedure di disinfezione. Non finirò di ringraziarvi per il supporto! Ora sembra tutto ok... Un'ultima cosa. Posto qui il log di gmer. Voci in rosso non me ne ha date. Mi date un'occhiata anche voi? ancora grazie Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-09 00:25:22 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB6EB3B4A] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwClose [0xB6F4D606] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB6EB614E] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB6F4D05A] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB6F4CD3C] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB6EAB646] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB6EAC15E] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB6F4E652] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB6E9C682] SSDT F7AA44BC ZwCreateThread SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB6E9AF26] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB6F4CE46] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB6F4CF30] SSDT spzp.sys ZwEnumerateKey [0xF74F5CA2] SSDT spzp.sys ZwEnumerateValueKey [0xF74F6030] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB6F4D8CC] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB6E9BD86] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB6F4D362] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB6E9E154] SSDT F7AA44A8 ZwOpenProcess SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB6E8AD5E] SSDT F7AA44AD ZwOpenThread SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB6EB5342] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB6E94C8D] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB6E9FB82] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB6EA065E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB6EB2D92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB6EA569E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB6EA2216] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB6EB8636] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB6EB8C1A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB6EA4B6A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB6EA36CA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB6EA4112] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB6EB6E36] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB6EB21B6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB6E96BDE] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB6EA79C2] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB6F4CBBA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB6EB0EE6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB6EB180E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB6EB981A] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB6F4D814] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB6EB0386] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB6EA923E] SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB6F4D494] SSDT F7AA44B2 ZwWriteVirtualMemory INT 0x63 ? 898D3BF8 INT 0x63 ? 898D3BF8 INT 0x63 ? 898D3BF8 INT 0x63 ? 898D3BF8 INT 0x83 ? 89B9ABF8 INT 0x83 ? 89B9ABF8 INT 0x83 ? 898D3BF8 INT 0x83 ? 89B9ABF8 INT 0x84 ? 898D3BF8 INT 0x94 ? 898D3BF8 INT 0xA4 ? 89B9ABF8 INT 0xA4 ? 89B9ABF8 INT 0xA4 ? 89B9ABF8 INT 0xA4 ? 89B9ABF8 INT 0xA4 ? 89B9ABF8 ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [ E6, 0E, EB, B6, 0E, 18, EB, ... ] ? spzp.sys Impossibile trovare il file specificato. ! .text USBPORT.SYS!DllUnload B95DF62C 5 Bytes JMP 898D31D8 .text albkfluk.SYS B9548386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ] .text albkfluk.SYS B95483AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text albkfluk.SYS B95483C4 3 Bytes [ 00, 70, 02 ] .text albkfluk.SYS B95483C9 1 Byte [ 2E ] .text albkfluk.SYS B95483CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ] .text ... ---- User code sections - GMER 1.0.14 ---- .text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43791667 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915E8 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379162C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43791574 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915AE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916A2 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\windows\Explorer.EXE[716] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\Explorer.EXE[716] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\Explorer.EXE[716] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\Explorer.EXE[716] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\Explorer.EXE[716] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\winlogon.exe[776] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\winlogon.exe[776] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\winlogon.exe[776] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\winlogon.exe[776] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\winlogon.exe[776] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\services.exe[824] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\services.exe[824] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\services.exe[824] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\services.exe[824] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\services.exe[824] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\spoolsv.exe[1308] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\spoolsv.exe[1308] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\spoolsv.exe[1308] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\spoolsv.exe[1308] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\spoolsv.exe[1308] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 0089B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 0089B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 0089B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 0089B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 0089B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 0088B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 0088B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 0088B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 0088B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 0088B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 007CB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 007CB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 007CB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 007CB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 007CB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 007DB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 007DB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 007DB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 007DB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 007DB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00ACB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00ACB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00ACB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00ACB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00ACB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00C3B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00C3B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00C3B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00C3B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00C3B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00EDB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00EDB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00EDB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00EDB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00EDB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00ADB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00ADB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00ADB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00ADB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00ADB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] kernel32.dll!LoadResource 7C809FB5 5 Bytes JMP 0056D260 C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 00567184 C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] user32.dll!EnableWindow 7E39BE71 5 Bytes JMP 01751C24 C:\Programmi\Agnitum\Outpost Firewall Pro\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.) .text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 005671DC C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 005671B0 C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 02B8B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 02B8B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 02B8B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 02B8B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 02B8B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\ctfmon.exe[2836] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\ctfmon.exe[2836] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\ctfmon.exe[2836] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\ctfmon.exe[2836] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\windows\system32\ctfmon.exe[2836] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B9D2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spzp.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spzp.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spzp.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spzp.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spzp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spzp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spzp.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898D32D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spzp.sys IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!swprintf] 478B0000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeSetEvent] 50016A40 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IofCallDriver] E8520000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!sprintf] 18C48300 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwClose] 001CBB96 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoCallDriver] 968801B0 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwOpenKey] 03087408 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoStartPacket] 8900001C IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_allmul] 00C73445 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_except_handler3] 830C458B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_aulldiv] 8B000000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!strstr] 56C35DE5 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_strupr] 8D08758B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!memmove] 5B08438D IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\albkfluk.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B6EA76B0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B6E8E292] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 89B991F8 Device \FileSystem\Fastfat \FatCdrom 88F4A1F8 Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\NetBT \Device\NetBT_Tcpip_{F713EE8C-4CD8-4A8D-9198-B894CA689E51} 89485500 Device \Driver\usbuhci \Device\USBPDO-0 898D21F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C111F8 Device \Driver\dmio \Device\DmControl\DmConfig 89C111F8 Device \Driver\dmio \Device\DmControl\DmPnP 89C111F8 Device \Driver\dmio \Device\DmControl\DmInfo 89C111F8 Device \Driver\usbuhci \Device\USBPDO-1 898D21F8 Device \Driver\usbuhci \Device\USBPDO-2 898D21F8 Device \Driver\usbehci \Device\USBPDO-3 898AF1F8 Device \Driver\PCI_PNP1458 \Device\00000054 spzp.sys Device \Driver\PCI_PNP1458 \Device\00000054 spzp.sys Device \Driver\usbuhci \Device\USBPDO-4 898D21F8 Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\usbuhci \Device\USBPDO-5 898D21F8 Device \Driver\usbuhci \Device\USBPDO-6 898D21F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89B9B1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\usbehci \Device\USBPDO-7 898AF1F8 Device \Driver\Cdrom \Device\CdRom0 898A31F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89B9B1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\Cdrom \Device\CdRom1 898A31F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89B9B1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89B9A1F8 Device \Driver\atapi \Device\Ide\IdePort0 89B9A1F8 Device \Driver\atapi \Device\Ide\IdePort1 89B9A1F8 Device \Driver\atapi \Device\Ide\IdePort2 89B9A1F8 Device \Driver\atapi \Device\Ide\IdePort3 89B9A1F8 Device \Driver\atapi \Device\Ide\IdePort4 89B9A1F8 Device \Driver\atapi \Device\Ide\IdePort5 89B9A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1c 89B9A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 89B9A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-24 89B9A1F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89B9B1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\NetBT \Device\NetBt_Wins_Export 89485500 Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\sptd \Device\3584147708 spzp.sys Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\usbuhci \Device\USBFDO-0 898D21F8 Device \Driver\usbuhci \Device\USBFDO-1 898D21F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89469500 Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\usbuhci \Device\USBFDO-2 898D21F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89469500 Device \Driver\usbehci \Device\USBFDO-3 898AF1F8 Device \Driver\usbuhci \Device\USBFDO-4 898D21F8 Device \Driver\Ftdisk \Device\FtControl 89B9B1F8 Device \Driver\usbuhci \Device\USBFDO-5 898D21F8 Device \Driver\usbuhci \Device\USBFDO-6 898D21F8 Device \Driver\usbehci \Device\USBFDO-7 898AF1F8 Device \Driver\albkfluk \Device\Scsi\albkfluk1Port6Path0Target0Lun0 8984F500 Device \Driver\albkfluk \Device\Scsi\albkfluk1 8984F500 Device \FileSystem\Fastfat \Fat 88F4A1F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 895DB500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x57 0x15 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0x16 0xD8 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0x54 0xF9 0x14 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x57 0x15 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0x16 0xD8 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0x54 0xF9 0x14 ... ---- EOF - GMER 1.0.14 ---- |
09-10-2008, 08:39 | #165 |
Senior Member
Iscritto dal: Feb 2004
Città: ♪ ♫ un giorno all'improvviso... ♪ ♫
Messaggi: 5716
|
|
09-10-2008, 09:53 | #166 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
__________________
Try again and you will be luckier.
|
20-10-2008, 13:26 | #167 |
Member
Iscritto dal: Feb 2007
Messaggi: 43
|
|
28-10-2008, 13:41 | #168 |
Senior Member
Iscritto dal: Apr 2006
Messaggi: 424
|
chi mi legge il log ?
Chi e’ cosi gentile di darmi un occhio su questo report di GMER
Del mio pc di casa: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-23 12:59:40 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xF4317606] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xF431705A] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xF4316D3C] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xF4318652] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xF4316E46] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xF4316F30] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF424C0AC] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xF43178CC] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xF4317362] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF424C5AE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF424BFEC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF424C050] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF424C6CE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF424C68E] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xF4316BBA] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xF4317814] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB98626D0] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xF4317494] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. ! ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\system32\services.exe[1060] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002 IAT C:\WINDOWS\system32\services.exe[1060] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG) ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR---- EOF - GMER 1.0.14 ---- per questo ultimo in particolare usando MBR.EXE: MBR.exe -f in modealita'provvisoria: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 62 ! MBR.exe in modalita' normale: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 62 ! |
28-10-2008, 21:06 | #169 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
tinto101
Ciao segui questa Guida http://www.hwupgrade.it/forum/showthread.php?t=1715546 presta attenzione alla modalità indicata per allegare i log.
__________________
Try again and you will be luckier.
|
29-10-2008, 09:39 | #170 |
Senior Member
Iscritto dal: Apr 2006
Messaggi: 424
|
log gmer
ecco....
log mio pc http://www.fileqube.com/file/elEINBR141163 log altro pc http://www.fileqube.com/file/qEqayWLWJ141164 ecco grazie... |
29-10-2008, 13:50 | #171 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
05-11-2008, 05:45 | #172 |
Senior Member
Iscritto dal: Dec 2007
Città: addio mia dolce compagna,amica fedele da 18 anni..mi spiace che tu sia morta in un modo cosi doloroso
Messaggi: 1396
|
ciao. ho provato a fare girare gmer su vista 64 ma mi rimanda una serie di errori prima di partire con il controllo. quando poi parte le sigle da libraries a sistem risultano disabilitate. che ne dite ???
__________________
Un vero uomo non è colui che non cade mai ma colui che sa rialzarsi dopo ogni caduta!!!!!!! essere vivo richiede uno sforzo maggiore del semplice respirare(Pablo Neruda). |
17-12-2008, 19:04 | #173 |
Senior Member
Iscritto dal: Dec 2008
Messaggi: 3796
|
Scusate ma non funziona il link x scaricare gmer?
|
22-12-2008, 17:32 | #174 |
Member
Iscritto dal: Jun 2006
Città: Bolzano
Messaggi: 198
|
giusto per curiosità volevo postare il mio log, non c'è alcuna fretta.....
Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-22 18:27:45 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xACD54B4A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xACD34C16] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xACD5714E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xACD2CDA2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xACD3DD92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xACD4C646] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xACD4D15E] SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xA9E9CFE0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xACD3D682] SSDT BA73C1BC ZwCreateThread SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xACD3BF26] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xACD3FD4E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xACD477A2] SSDT sptd.sys ZwEnumerateKey [0xB9ED9C22] SSDT sptd.sys ZwEnumerateValueKey [0xB9ED9F9A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xACD49666] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xACD3CD86] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xACD330CF] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xACD3F154] SSDT BA73C1A8 ZwOpenProcess SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xACD2BD5E] SSDT BA73C1AD ZwOpenThread SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xACD56342] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xACD35C8D] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xACD40B82] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xACD4165E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xACD53D92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xACD4669E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xACD43216] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xACD59636] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xACD59C1A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xACD45B6A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xACD446CA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xACD45112] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xACD57E36] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xACD531B6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xACD37BDE] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xACD489C2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xACD421BA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xACD51EE6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xACD5280E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xACD5A81A] SSDT BA73C1B7 ZwTerminateProcess SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xACD51386] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xACD4A23E] SSDT BA73C1B2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ E6, 1E, D5, AC, 0E, 28, D5, ... ] ? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo. ? C:\WINDOWS\System32\Drivers\SPTD4925.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo. .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B92274F0 16 Bytes [ 79, D8, B6, 5E, 0F, B2, 92, ... ] .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B9227501 6 Bytes [ 60, 22, B9, 67, 6D, 1B ] .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 18 B9227508 24 Bytes [ 98, 47, 6D, 8A, DD, CA, 47, ... ] ? C:\WINDOWS\System32\Drivers\dtscsi.sys Impossibile accedere al file. Il file è utilizzato da un altro processo. ---- User code sections - GMER 1.0.14 ---- .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009EB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009EB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009EB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009EB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 009EB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009DB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009DB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009DB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009DB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 009DB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 0056D260 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00567184 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] user32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 005671DC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] user32.dll!EnableWindow 7E3A9849 5 Bytes JMP 01661C24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] user32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 005671B0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ADVAPI32.dll!CryptDeriveKey 77F59FDD 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004090 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28005AC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280060C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003820 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005980 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 280062B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28005CB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004970 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 2800A5A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!send 71A34C27 2 Bytes JMP 2800A180 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!send + 3 71A34C2A 2 Bytes [ 5D, B6 ] .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 28009F60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!recv 71A3676F 5 Bytes JMP 28009DC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 2800A360 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] SHELL32.dll!Shell_NotifyIconW 7CA3A52F 5 Bytes JMP 28002FE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002100 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 28008F20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 28008BE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 28008D70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 28008E50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00C2B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00C2B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00C2B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00C2B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00C2B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[1604] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[1604] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[1604] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[1604] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[1604] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[2060] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00B4B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00B4B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00B4B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00B4B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00B4B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED5AD2] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED5C0E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED5B96] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED676C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED6642] sptd.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EF8056] sptd.sys IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A6F80E8 Device \FileSystem\Fastfat \FatCdrom 87293EB0 Device \FileSystem\Udfs \UdfsCdRom 89659850 Device \FileSystem\Udfs \UdfsDisk 89659850 Device \Driver\NetBT \Device\NetBT_Tcpip_{5E86F0D2-52F6-4883-93B2-A08101C65BD0} 897423F0 Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\00000036 \Device\00000051 sptd.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6F9B78 Device \Driver\dmio \Device\DmControl\DmConfig 8A6F9B78 Device \Driver\dmio \Device\DmControl\DmPnP 8A6F9B78 Device \Driver\dmio \Device\DmControl\DmInfo 8A6F9B78 Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6F9E30 Device \Driver\Cdrom \Device\CdRom0 8955C0E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6F9E30 Device \FileSystem\Rdbss \Device\FsWrap 88F10970 Device \Driver\Cdrom \Device\CdRom1 8955C0E8 Device \Driver\Cdrom \Device\CdRom2 8955C0E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 897423F0 Device \Driver\NetBT \Device\NetbiosSmb 897423F0 Device \Driver\NetBT \Device\NetBT_Tcpip_{805B1997-E149-4478-85F3-C94D86F7DAA8} 897423F0 Device \Driver\NetBT \Device\NetBT_Tcpip_{491D2954-9DE4-485C-A128-2DB2DC69481D} 897423F0 Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Disk \Device\Harddisk0\DR0 8A6F9350 Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\NetBT \Device\NetBT_Tcpip_{337E8050-286C-419A-BF4A-67B0ED2AABAF} 897423F0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88C79B30 Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \FileSystem\MRxSmb \Device\LanmanRedirector 88C79B30 Device \FileSystem\Npfs \Device\NamedPipe 896DC9F8 Device \Driver\Ftdisk \Device\FtControl 8A6F9E30 Device \FileSystem\Msfs \Device\Mailslot 896C9440 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 89876D40 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8A6F9608 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target1Lun0 8A6F9608 Device \Driver\mv61xx \Device\Scsi\mv61xx1 8A6F9608 Device \Driver\dtscsi \Device\Scsi\dtscsi1 89876D40 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0 8A6F9608 Device \FileSystem\Fastfat \Fat 87293EB0 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 895C8E88 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1243202922 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 10768119 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1899468281 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x55 0x5C 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xB3 0x5C 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB6 0x3C 0xA6 0x3A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x55 0x5C 0x04 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xB3 0x5C 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB6 0x3C 0xA6 0x3A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x55 0x5C 0x04 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xB3 0x5C 0xED ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x21 0x4E 0x0A 0x96 ... Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x64 0x3F 0x61 0x86 ... Reg HKLM\SOFTWARE\Classes\CLSID\{f11af5ac-db7a-44a3-8810-101e01269ef1}@Model 352 Reg HKLM\SOFTWARE\Classes\CLSID\{f11af5ac-db7a-44a3-8810-101e01269ef1}@Therad 8 ---- EOF - GMER 1.0.14 ----
__________________
Win Xp sp3, Avira, Online Armor 3.1.0.26 free, A-squared, Malwarebytes 1.34 |
17-01-2009, 16:38 | #175 |
Member
Iscritto dal: Jan 2009
Città: provinvicia di Pisa
Messaggi: 152
|
Salve a tutti e sono nuovo... sto guardando la guida fai da te per sistemare i vari problemi che affliggono il mio portatile e seguendo questi consigli alla ricerca di rootkit ho effettuato quanto esposto da voi all'inizio del post...
Con gmer ho fatto le scansioni e non ho trovato nessuno voce rossa, comunque vi posto lo stesso il log Codice:
GMER 1.0.14.14536 - http://www.gmer.net Autostart scan 2009-01-17 17:31:26 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> AtiExtEvent@DLLName = Ati2evxx.dll igfxcui@DLLName = igfxdev.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> a2free@ = "C:\Programmi\a-squared Free\a2service.exe" AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe" AntiVirService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe" Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe Autodesk Licensing Service@ = "C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe" Bonjour Service@ = C:\Programmi\Bonjour\mDNSResponder.exe DCPFLICS@ = C:\Programmi\DCPFLICS\dcpflics.exe JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf" mi-raysat_3dsMax2008_32@ = "C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" OAcat@ = "C:\Programmi\Tall Emu\Online Armor\oacat.exe" sp_rssrv@ = "C:\Programmi\Spyware Terminator\sp_rsser.exe" SvcOnlineArmor@ = C:\Programmi\Tall Emu\Online Armor\oasrv.exe TAPPSRV@ = "C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe" VRLService@ = C:\Programmi\Chaos Group\V-Ray\3dsmax R9 for x86\startvrlserver.exe WinDefend@ = "C:\Programmi\Windows Defender\MsMpEng.exe" WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe @RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE @AlcmtrALCMTR.EXE = ALCMTR.EXE @THotkeyC:\Programmi\Toshiba\Toshiba Applet\thotkey.exe = C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe @TPSMainTPSMain.exe = TPSMain.exe @TvsC:\Programmi\TOSHIBA\Tvs\TvsTray.exe = C:\Programmi\TOSHIBA\Tvs\TvsTray.exe @TDispVolTDispVol.exe = TDispVol.exe @ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" = "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" @avgnt"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min @@OnlineArmor GUI"C:\Programmi\Tall Emu\Online Armor\oaui.exe" = "C:\Programmi\Tall Emu\Online Armor\oaui.exe" @SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" @AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe @Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide @SmoothViewC:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe = C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe @SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe" @QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime @Adobe Reader Speed Launcher"C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @TOSCDSPDC:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe = C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>> @{56F9679E-7826-4C84-81F3-532071A8BCC5}C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll = C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll @{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll @{4F07DA45-8170-4859-9B5F-037EF2970034}C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) = @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll @{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll @{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) = @{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll @{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Programmi\Windows Desktop Search\deskbar.dll = C:\Programmi\Windows Desktop Search\deskbar.dll @{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Programmi\Windows Desktop Search\msnlExt.dll = C:\Programmi\Windows Desktop Search\msnlExt.dll @{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL @{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL @{8A0BC933-7552-42E2-A228-3BE055777227} /*Gestore colonne DWG AutoCAD*/C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll @{5800AD5B-72C1-477B-9A08-CA112DF06D97} /*Gestore descrizioni comandi e informazioni DWG AutoCAD*/C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll @{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll @{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Anteprima disegni Autodesk*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll @{ADC46291-D8A1-4486-A24C-86FFB392AEFA} /*Anteprima file DGN Autodesk*/C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM17.dll = C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM17.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll @{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Programmi\Windows Live\Mail\mailcomm.dll = C:\Programmi\Windows Live\Mail\mailcomm.dll @{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) = @{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll @{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) = @{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) = @{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) = @{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll @{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll @{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll @{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll @{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Shell Extension*/C:\Programmi\a-squared Free\a2freecontmenu.dll = C:\Programmi\a-squared Free\a2freecontmenu.dll @{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" @{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" @{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" @{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" @{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll @{C81DCBCA-8AE2-41FC-9C39-78B160393210} /*RhinoShExt*/C:\Programmi\Rhinoceros 4.0\System\RhinoShExt.dll = C:\Programmi\Rhinoceros 4.0\System\RhinoShExt.dll @{4F07DA46-8170-4859-9B5F-037EF2970034} /*Indigo*/C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> AcShellExtension.AcContextMenuHandler@{2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Programmi\File comuni\Autodesk Shared\DWF Common\DWFShellExtension.dll OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll RhinoShExt@{C81DCBCA-8AE2-41FC-9C39-78B160393210} = C:\Programmi\Rhinoceros 4.0\System\RhinoShExt.dll Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> a-squared Free Shell Extension@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\Programmi\a-squared Free\a2freecontmenu.dll MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre6\bin\ssv.dll = C:\Programmi\Java\jre6\bin\ssv.dll @{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll @{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll @{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157 @Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157 @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagewww.google.com = www.google.com @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\system32\itss.dll livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll wlmailhtml@CLSID = C:\Programmi\Windows Live\Mail\mailcomm.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Programmi\Bonjour\mdnsNSP.dll ---- EOF - GMER 1.0.14 ---- Thanks a tutti voi siete dei grandi Ultima modifica di ~Jaco~ : 17-01-2009 alle 16:52. |
18-01-2009, 13:46 | #176 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
http://www.hwupgrade.it/forum/showth...7#post25899717
__________________
Try again and you will be luckier.
|
|
19-01-2009, 10:41 | #177 |
Member
Iscritto dal: Jan 2009
Città: provinvicia di Pisa
Messaggi: 152
|
Ok allora ricontrollo... mi pareva di avere fatto nella maniera che era indicata per copiare il log... non so in cosa avere sbagliato...
|
20-01-2009, 19:44 | #178 |
Member
Iscritto dal: Jan 2009
Messaggi: 287
|
Qualcuno mi può aiutare con il mio log?
Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-20 20:25:08 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT BA687E8C ZwCreateThread SSDT BA687E78 ZwOpenProcess SSDT BA687E7D ZwOpenThread SSDT BA687E87 ZwTerminateProcess SSDT BA687E82 ZwWriteVirtualMemory ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.14 ---- |
23-01-2009, 11:02 | #179 |
Member
Iscritto dal: Aug 2007
Città: caserta
Messaggi: 78
|
ragazzi non so se ho fatto bene.... vi posto il log... mi dite cosa ne pensate????? grazie
Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-23 11:56:25 Windows 5.1.2600 Service Pack 2 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.14 ---- |
07-03-2009, 12:53 | #180 | |
Bannato
Iscritto dal: Nov 2008
Messaggi: 446
|
Gmer 1.0.15
E' uscita la nuova versione di Gmer, dopo più di 1 anno:
http://www.wilderssecurity.com/showthread.php?t=235325 http://www.gmer.net/files.php Quote:
|
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:08.