|
|||||||
|
|
|
 |
|
|
Strumenti |
24-09-2008, 17:40
|
#161 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
@Taxon
Questo C:\WINDOWS\TEMP\mc21.tmp sinceramente mi convince poco io un controllino lo farei http://www.hwupgrade.it/forum/showthread.php?t=1599737
__________________
Try again and you will be luckier.
|
|
|
|
05-10-2008, 10:24
|
#162 | |
|
Senior Member
Iscritto dal: Feb 2004
Città: ♪ ♫ un giorno all'improvviso... ♪ ♫
Messaggi: 5716
|
Quote:
La voce che tu menzioni non e' stata rilevata da nessun software (sia Antivirus che antispyeware/malware ecc.ecc. ed anche seguendo la mitica guida di xcdegasp  ).L'unico programma che lo rivelava, RegOrganizer, me lo visualizzava come percorso "non valido" e cancellato di riflesso. Adesso posto il nuovo log di GMER, sperando che non ci siano sorprese negative  Codice:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-04 18:30:59
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwAssignProcessToJobObject [0xF77192C0]
SSDT spyt.sys ZwCreateKey [0xF74D70E0]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwCreateThread [0xF77192F0]
SSDT spyt.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spyt.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spyt.sys ZwOpenKey [0xF74D70C0]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwOpenProcess [0xF7719540]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwOpenThread [0xF7719400]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwProtectVirtualMemory [0xF7719340]
SSDT spyt.sys ZwQueryKey [0xF74F6108]
SSDT spyt.sys ZwQueryValueKey [0xF74F5F88]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwSetContextThread [0xF7719290]
SSDT spyt.sys ZwSetValueKey [0xF74F619A]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwTerminateProcess [0xF7719670]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwTerminateThread [0xF7719380]
SSDT \??\K:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB76476D0]
SSDT pxark.sys (Prevx CSI Rootkit Detection and Removal Engine/Prevx) ZwWriteVirtualMemory [0xF77193B0]
INT 0x63 ? 89B65E80
INT 0x73 ? 89C10BF8
INT 0x73 ? 89C13BF8
INT 0x73 ? 89B65E80
INT 0x73 ? 89C10BF8
INT 0x83 ? 89B65E80
INT 0x94 ? 89B65E80
INT 0xB4 ? 89B65E80
INT 0xB4 ? 89B65E80
INT 0xB4 ? 89B65E80
INT 0xB4 ? 89B65E80
---- Kernel code sections - GMER 1.0.14 ----
? spyt.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload BA7578AC 5 Bytes JMP 89B65460
? System32\Drivers\aeo2re3r.SYS Impossibile trovare il percorso specificato. !
? K:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. !
---- User code sections - GMER 1.0.14 ----
.text K:\WINDOWS\system32\SearchIndexer.exe[1928] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C K:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89C132D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spyt.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spyt.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spyt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spyt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spyt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spyt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spyt.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B65560
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spyt.sys
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 89B9E1F8
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
Device \FileSystem\Fastfat \FatCdrom 875771F8
Device \Driver\PCI_PNP7958 \Device\00000043 spyt.sys
Device \Driver\PCI_PNP7958 \Device\00000043 spyt.sys
Device \Driver\usbuhci \Device\USBPDO-0 89B6E500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C111F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C111F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C111F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C111F8
Device \Driver\usbuhci \Device\USBPDO-1 89B6E500
Device \Driver\usbuhci \Device\USBPDO-2 89B6E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{8625C0AA-CD6B-492E-95F4-43B206D6E447} 88602500
Device \Driver\usbehci \Device\USBPDO-3 890111F8
Device \Driver\usbuhci \Device\USBPDO-4 89B6E500
Device \Driver\usbuhci \Device\USBPDO-5 89B6E500
Device \Driver\usbuhci \Device\USBPDO-6 89B6E500
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8
Device \Driver\usbehci \Device\USBPDO-7 890111F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8
Device \Driver\Cdrom \Device\CdRom0 890051F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89BA11F8
Device \Driver\Cdrom \Device\CdRom1 890051F8
Device \Driver\usbstor \Device\00000073 887321F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 89BA11F8
Device \Driver\usbstor \Device\00000074 887321F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 89BA11F8
Device \Driver\usbstor \Device\00000075 887321F8
Device \Driver\usbstor \Device\00000076 887321F8
Device \Driver\usbstor \Device\00000077 887321F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88602500
Device \Driver\usbuhci \Device\USBFDO-0 89B6E500
Device \Driver\usbuhci \Device\USBFDO-1 89B6E500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88759500
Device \Driver\usbuhci \Device\USBFDO-2 89B6E500
Device \Driver\sptd \Device\1491781708 spyt.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88759500
Device \Driver\usbehci \Device\USBFDO-3 890111F8
Device \Driver\usbuhci \Device\USBFDO-4 89B6E500
Device \Driver\Ftdisk \Device\FtControl 89BA11F8
Device \Driver\usbuhci \Device\USBFDO-5 89B6E500
Device \Driver\usbuhci \Device\USBFDO-6 89B6E500
Device \Driver\usbehci \Device\USBFDO-7 890111F8
Device \Driver\aeo2re3r \Device\Scsi\aeo2re3r1 88FD61F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port1Path0Target1Lun0 89B9F1F8
Device \Driver\JRAID \Device\Scsi\JRAID1 89B9F1F8
Device \Driver\aeo2re3r \Device\Scsi\aeo2re3r1Port2Path0Target0Lun0 88FD61F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port1Path0Target0Lun0 89B9F1F8
Device \FileSystem\Fastfat \Fat 875771F8
AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
Device \FileSystem\Cdfs \Cdfs 866F41F8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 K:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0x59 0x42 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2B 0xBC 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x8C 0x09 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 K:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0x59 0x42 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2B 0xBC 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x8C 0x09 0x3E ...
---- EOF - GMER 1.0.14 ----
|
|
|
|
|
|
05-10-2008, 14:11
|
#163 | ||
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Quote:
__________________
Try again and you will be luckier.
|
||
|
|
|
|
08-10-2008, 23:33
|
#164 |
|
Senior Member
Iscritto dal: Jan 2006
Messaggi: 529
|
Ciao a tutti,
ieri dopo esser stato infettato da un bagle, ho seguito alla lettera le procedure di disinfezione. Non finirò di ringraziarvi per il supporto! Ora sembra tutto ok... Un'ultima cosa. Posto qui il log di gmer. Voci in rosso non me ne ha date. Mi date un'occhiata anche voi? ancora grazie Codice:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-09 00:25:22
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB6EB3B4A]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwClose [0xB6F4D606]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB6EB614E]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB6F4D05A]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB6F4CD3C]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB6EAB646]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB6EAC15E]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB6F4E652]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB6E9C682]
SSDT F7AA44BC ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB6E9AF26]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB6F4CE46]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB6F4CF30]
SSDT spzp.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spzp.sys ZwEnumerateValueKey [0xF74F6030]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB6F4D8CC]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB6E9BD86]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB6F4D362]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB6E9E154]
SSDT F7AA44A8 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB6E8AD5E]
SSDT F7AA44AD ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB6EB5342]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB6E94C8D]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB6E9FB82]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB6EA065E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB6EB2D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB6EA569E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB6EA2216]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB6EB8636]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB6EB8C1A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB6EA4B6A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB6EA36CA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB6EA4112]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB6EB6E36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB6EB21B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB6E96BDE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB6EA79C2]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB6F4CBBA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB6EB0EE6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB6EB180E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB6EB981A]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB6F4D814]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB6EB0386]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB6EA923E]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB6F4D494]
SSDT F7AA44B2 ZwWriteVirtualMemory
INT 0x63 ? 898D3BF8
INT 0x63 ? 898D3BF8
INT 0x63 ? 898D3BF8
INT 0x63 ? 898D3BF8
INT 0x83 ? 89B9ABF8
INT 0x83 ? 89B9ABF8
INT 0x83 ? 898D3BF8
INT 0x83 ? 89B9ABF8
INT 0x84 ? 898D3BF8
INT 0x94 ? 898D3BF8
INT 0xA4 ? 89B9ABF8
INT 0xA4 ? 89B9ABF8
INT 0xA4 ? 89B9ABF8
INT 0xA4 ? 89B9ABF8
INT 0xA4 ? 89B9ABF8
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [ E6, 0E, EB, B6, 0E, 18, EB, ... ]
? spzp.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload B95DF62C 5 Bytes JMP 898D31D8
.text albkfluk.SYS B9548386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text albkfluk.SYS B95483AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text albkfluk.SYS B95483C4 3 Bytes [ 00, 70, 02 ]
.text albkfluk.SYS B95483C9 1 Byte [ 2E ]
.text albkfluk.SYS B95483CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[364] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43791667 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915E8 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379162C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43791574 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915AE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916A2 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Explorer\iexplore.exe[380] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\windows\Explorer.EXE[716] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\Explorer.EXE[716] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\Explorer.EXE[716] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\Explorer.EXE[716] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\Explorer.EXE[716] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe[744] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\winlogon.exe[776] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\winlogon.exe[776] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\winlogon.exe[776] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\winlogon.exe[776] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\winlogon.exe[776] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\services.exe[824] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\services.exe[824] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\services.exe[824] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\services.exe[824] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\services.exe[824] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1208] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\spoolsv.exe[1308] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\spoolsv.exe[1308] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\spoolsv.exe[1308] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\spoolsv.exe[1308] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\spoolsv.exe[1308] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1356] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[1408] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe[1468] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[1540] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 0089B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 0089B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 0089B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 0089B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[1552] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 0089B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 0088B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 0088B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 0088B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 0088B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe[1572] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 0088B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\nvsvc32.exe[1672] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 007CB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 007CB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 007CB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 007CB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Raxco\PerfectDisk\PD91Agent.exe[1720] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 007CB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrA.exe[1824] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\sp_rsser.exe[1876] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 007DB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 007DB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 007DB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 007DB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe[1952] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 007DB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1968] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Canon\CAL\CALMAIN.exe[2072] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\HiperAsus\Desktop\gmer.exe[2188] USER32.DLL!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00ACB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00ACB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00ACB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00ACB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[2304] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00ACB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00C3B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00C3B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00C3B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00C3B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe[2544] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00C3B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00EDB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00EDB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00EDB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00EDB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe[2552] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00EDB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe[2564] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 00ADB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 00ADB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 00ADB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 00ADB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[2576] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 00ADB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\RUNDLL32.EXE[2628] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe[2652] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] kernel32.dll!LoadResource 7C809FB5 5 Bytes JMP 0056D260 C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 00567184 C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] user32.dll!EnableWindow 7E39BE71 5 Bytes JMP 01751C24 C:\Programmi\Agnitum\Outpost Firewall Pro\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 005671DC C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe[2716] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 005671B0 C:\Programmi\Agnitum\Outpost Firewall Pro\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 02B8B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 02B8B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 02B8B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 02B8B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe[2764] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 02B8B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\ctfmon.exe[2836] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\ctfmon.exe[2836] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\ctfmon.exe[2836] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\ctfmon.exe[2836] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\windows\system32\ctfmon.exe[2836] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!SetWindowPos 7E39C01B 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!SetForegroundWindow 7E3A3D4D 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!ChangeDisplaySettingsExA 7E3A8AE5 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!ChangeDisplaySettingsExW 7E3D938D 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PrevxCSI\prevxcsi.exe[3028] USER32.dll!EndTask 7E3D9E75 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B9D2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spzp.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spzp.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spzp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spzp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spzp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spzp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spzp.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898D32D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spzp.sys
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\albkfluk.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9519226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B6EA76B0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B6E8E292] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 89B991F8
Device \FileSystem\Fastfat \FatCdrom 88F4A1F8
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{F713EE8C-4CD8-4A8D-9198-B894CA689E51} 89485500
Device \Driver\usbuhci \Device\USBPDO-0 898D21F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C111F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C111F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C111F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C111F8
Device \Driver\usbuhci \Device\USBPDO-1 898D21F8
Device \Driver\usbuhci \Device\USBPDO-2 898D21F8
Device \Driver\usbehci \Device\USBPDO-3 898AF1F8
Device \Driver\PCI_PNP1458 \Device\00000054 spzp.sys
Device \Driver\PCI_PNP1458 \Device\00000054 spzp.sys
Device \Driver\usbuhci \Device\USBPDO-4 898D21F8
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\usbuhci \Device\USBPDO-5 898D21F8
Device \Driver\usbuhci \Device\USBPDO-6 898D21F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89B9B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
Device \Driver\usbehci \Device\USBPDO-7 898AF1F8
Device \Driver\Cdrom \Device\CdRom0 898A31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89B9B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
Device \Driver\Cdrom \Device\CdRom1 898A31F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89B9B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89B9A1F8
Device \Driver\atapi \Device\Ide\IdePort0 89B9A1F8
Device \Driver\atapi \Device\Ide\IdePort1 89B9A1F8
Device \Driver\atapi \Device\Ide\IdePort2 89B9A1F8
Device \Driver\atapi \Device\Ide\IdePort3 89B9A1F8
Device \Driver\atapi \Device\Ide\IdePort4 89B9A1F8
Device \Driver\atapi \Device\Ide\IdePort5 89B9A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1c 89B9A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 89B9A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-24 89B9A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 89B9B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
Device \Driver\NetBT \Device\NetBt_Wins_Export 89485500
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\sptd \Device\3584147708 spzp.sys
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\usbuhci \Device\USBFDO-0 898D21F8
Device \Driver\usbuhci \Device\USBFDO-1 898D21F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89469500
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\usbuhci \Device\USBFDO-2 898D21F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89469500
Device \Driver\usbehci \Device\USBFDO-3 898AF1F8
Device \Driver\usbuhci \Device\USBFDO-4 898D21F8
Device \Driver\Ftdisk \Device\FtControl 89B9B1F8
Device \Driver\usbuhci \Device\USBFDO-5 898D21F8
Device \Driver\usbuhci \Device\USBFDO-6 898D21F8
Device \Driver\usbehci \Device\USBFDO-7 898AF1F8
Device \Driver\albkfluk \Device\Scsi\albkfluk1Port6Path0Target0Lun0 8984F500
Device \Driver\albkfluk \Device\Scsi\albkfluk1 8984F500
Device \FileSystem\Fastfat \Fat 88F4A1F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 895DB500
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x57 0x15 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0x16 0xD8 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0x54 0xF9 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x57 0x15 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0x16 0xD8 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0x54 0xF9 0x14 ...
---- EOF - GMER 1.0.14 ----
|
|
|
|
|
09-10-2008, 08:39
|
#165 | |
|
Senior Member
Iscritto dal: Feb 2004
Città: ♪ ♫ un giorno all'improvviso... ♪ ♫
Messaggi: 5716
|
Quote:
|
|
|
|
|
|
09-10-2008, 09:53
|
#166 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
20-10-2008, 13:26
|
#167 |
|
Member
Iscritto dal: Feb 2007
Messaggi: 43
|
|
|
|
|
|
28-10-2008, 13:41
|
#168 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 424
|
chi mi legge il log ?
Chi e’ cosi gentile di darmi un occhio su questo report di GMER
Del mio pc di casa: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-23 12:59:40 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xF4317606] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xF431705A] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xF4316D3C] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xF4318652] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xF4316E46] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xF4316F30] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF424C0AC] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xF43178CC] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xF4317362] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF424C5AE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF424BFEC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF424C050] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF424C6CE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF424C68E] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xF4316BBA] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xF4317814] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB98626D0] SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xF4317494] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. ! ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\system32\services.exe[1060] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002 IAT C:\WINDOWS\system32\services.exe[1060] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG) ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR---- EOF - GMER 1.0.14 ---- per questo ultimo in particolare usando MBR.EXE: MBR.exe -f in modealita'provvisoria: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 62 ! MBR.exe in modalita' normale: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 62 ! |
|
|
|
|
28-10-2008, 21:06
|
#169 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
tinto101
Ciao segui questa Guida http://www.hwupgrade.it/forum/showthread.php?t=1715546 presta attenzione alla modalità indicata per allegare i log.
__________________
Try again and you will be luckier.
|
|
|
|
|
29-10-2008, 09:39
|
#170 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 424
|
log gmer
ecco....
log mio pc http://www.fileqube.com/file/elEINBR141163 log altro pc http://www.fileqube.com/file/qEqayWLWJ141164 ecco grazie... |
|
|
|
|
29-10-2008, 13:50
|
#171 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
05-11-2008, 05:45
|
#172 |
|
Senior Member
Iscritto dal: Dec 2007
Città: addio mia dolce compagna,amica fedele da 18 anni..mi spiace che tu sia morta in un modo cosi doloroso
Messaggi: 1396
|
ciao. ho provato a fare girare gmer su vista 64 ma mi rimanda una serie di errori prima di partire con il controllo. quando poi parte le sigle da libraries a sistem risultano disabilitate. che ne dite ???
__________________
Un vero uomo non è colui che non cade mai ma colui che sa rialzarsi dopo ogni caduta!!!!!!! essere vivo richiede uno sforzo maggiore del semplice respirare(Pablo Neruda). |
|
|
|
|
17-12-2008, 19:04
|
#173 |
|
Senior Member
Iscritto dal: Dec 2008
Messaggi: 3796
|
Scusate ma non funziona il link x scaricare gmer?
|
|
|
|
|
22-12-2008, 17:32
|
#174 |
|
Member
Iscritto dal: Jun 2006
Città: Bolzano
Messaggi: 198
|
giusto per curiosità volevo postare il mio log, non c'è alcuna fretta.....
Codice:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-22 18:27:45
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xACD54B4A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xACD34C16]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xACD5714E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xACD2CDA2]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xACD3DD92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xACD4C646]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xACD4D15E]
SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xA9E9CFE0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xACD3D682]
SSDT BA73C1BC ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xACD3BF26]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xACD3FD4E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xACD477A2]
SSDT sptd.sys ZwEnumerateKey [0xB9ED9C22]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED9F9A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xACD49666]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xACD3CD86]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xACD330CF]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xACD3F154]
SSDT BA73C1A8 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xACD2BD5E]
SSDT BA73C1AD ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xACD56342]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xACD35C8D]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xACD40B82]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xACD4165E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xACD53D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xACD4669E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xACD43216]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xACD59636]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xACD59C1A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xACD45B6A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xACD446CA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xACD45112]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xACD57E36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xACD531B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xACD37BDE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xACD489C2]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xACD421BA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xACD51EE6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xACD5280E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xACD5A81A]
SSDT BA73C1B7 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xACD51386]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xACD4A23E]
SSDT BA73C1B2 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ E6, 1E, D5, AC, 0E, 28, D5, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD4925.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B92274F0 16 Bytes [ 79, D8, B6, 5E, 0F, B2, 92, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B9227501 6 Bytes [ 60, 22, B9, 67, 6D, 1B ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 18 B9227508 24 Bytes [ 98, 47, 6D, 8A, DD, CA, 47, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
---- User code sections - GMER 1.0.14 ----
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009EB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009EB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009EB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009EB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[216] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 009EB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[256] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Analog Devices\SoundMAX\Smax4.exe[264] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ASUS\Six Engine\SixEngine.exe[272] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009DB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009DB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009DB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009DB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[276] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 009DB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jusched.exe[296] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\DAEMON Tools\daemon.exe[312] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 0056D260 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00567184 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] user32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 005671DC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] user32.dll!EnableWindow 7E3A9849 5 Bytes JMP 01661C24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[316] user32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 005671B0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe[368] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[508] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ADVAPI32.dll!CryptDeriveKey 77F59FDD 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ADVAPI32.dll!CryptDecrypt 77F5A109 7 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004090 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28005AC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280060C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003820 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005980 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 280062B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28005CB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004970 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 2800A5A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!send 71A34C27 2 Bytes JMP 2800A180 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!send + 3 71A34C2A 2 Bytes [ 5D, B6 ]
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 28009F60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!recv 71A3676F 5 Bytes JMP 28009DC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 2800A360 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] SHELL32.dll!Shell_NotifyIconW 7CA3A52F 5 Bytes JMP 28002FE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002100 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 28008F20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 28008BE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 28008D70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[516] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 28008E50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Vuze\Azureus.exe[548] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Messenger\msmsgs.exe[596] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00C2B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00C2B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00C2B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00C2B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe[604] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00C2B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\PeerGuardian2\pg2.exe[720] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[816] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Andrea\Documenti\HijackThis.exe[956] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[988] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe[1120] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1556] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1604] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1604] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1604] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1604] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1604] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1724] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[2060] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe[2084] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2116] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Java\jre6\bin\jqs.exe[2240] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe[2612] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PnkBstrB.exe[2648] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Mozilla Firefox\firefox.exe[3020] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Windows Live\Messenger\usnsvc.exe[3304] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe[3808] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IEMonitor.exe[3896] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Internet Download Manager\IDMan.exe[3980] user32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\cmd.exe[4300] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00B4B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00B4B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00B4B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00B4B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\VideoLAN\VLC\vlc.exe[6184] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00B4B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.718\gmer.exe[7608] USER32.DLL!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED6642] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EF8056] sptd.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [B91F7226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A6F80E8
Device \FileSystem\Fastfat \FatCdrom 87293EB0
Device \FileSystem\Udfs \UdfsCdRom 89659850
Device \FileSystem\Udfs \UdfsDisk 89659850
Device \Driver\NetBT \Device\NetBT_Tcpip_{5E86F0D2-52F6-4883-93B2-A08101C65BD0} 897423F0
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\00000036 \Device\00000051 sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6F9B78
Device \Driver\dmio \Device\DmControl\DmConfig 8A6F9B78
Device \Driver\dmio \Device\DmControl\DmPnP 8A6F9B78
Device \Driver\dmio \Device\DmControl\DmInfo 8A6F9B78
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6F9E30
Device \Driver\Cdrom \Device\CdRom0 8955C0E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6F9E30
Device \FileSystem\Rdbss \Device\FsWrap 88F10970
Device \Driver\Cdrom \Device\CdRom1 8955C0E8
Device \Driver\Cdrom \Device\CdRom2 8955C0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 897423F0
Device \Driver\NetBT \Device\NetbiosSmb 897423F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{805B1997-E149-4478-85F3-C94D86F7DAA8} 897423F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{491D2954-9DE4-485C-A128-2DB2DC69481D} 897423F0
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Disk \Device\Harddisk0\DR0 8A6F9350
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{337E8050-286C-419A-BF4A-67B0ED2AABAF} 897423F0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88C79B30
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88C79B30
Device \FileSystem\Npfs \Device\NamedPipe 896DC9F8
Device \Driver\Ftdisk \Device\FtControl 8A6F9E30
Device \FileSystem\Msfs \Device\Mailslot 896C9440
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 89876D40
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8A6F9608
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target1Lun0 8A6F9608
Device \Driver\mv61xx \Device\Scsi\mv61xx1 8A6F9608
Device \Driver\dtscsi \Device\Scsi\dtscsi1 89876D40
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0 8A6F9608
Device \FileSystem\Fastfat \Fat 87293EB0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 895C8E88
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1243202922
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 10768119
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1899468281
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x55 0x5C 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xB3 0x5C 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB6 0x3C 0xA6 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x55 0x5C 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xB3 0x5C 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB6 0x3C 0xA6 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x55 0x5C 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0xB3 0x5C 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x21 0x4E 0x0A 0x96 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x64 0x3F 0x61 0x86 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{f11af5ac-db7a-44a3-8810-101e01269ef1}@Model 352
Reg HKLM\SOFTWARE\Classes\CLSID\{f11af5ac-db7a-44a3-8810-101e01269ef1}@Therad 8
---- EOF - GMER 1.0.14 ----
__________________
Win Xp sp3, Avira, Online Armor 3.1.0.26 free, A-squared, Malwarebytes 1.34 |
|
|
|
|
17-01-2009, 16:38
|
#175 |
|
Member
Iscritto dal: Jan 2009
Città: provinvicia di Pisa
Messaggi: 152
|
Salve a tutti e sono nuovo... sto guardando la guida fai da te per sistemare i vari problemi che affliggono il mio portatile e seguendo questi consigli alla ricerca di rootkit ho effettuato quanto esposto da voi all'inizio del post...
Con gmer ho fatto le scansioni e non ho trovato nessuno voce rossa, comunque vi posto lo stesso il log Codice:
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-17 17:31:26
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
igfxcui@DLLName = igfxdev.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2free@ = "C:\Programmi\a-squared Free\a2service.exe"
AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
Autodesk Licensing Service@ = "C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"
Bonjour Service@ = C:\Programmi\Bonjour\mDNSResponder.exe
DCPFLICS@ = C:\Programmi\DCPFLICS\dcpflics.exe
JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"
mi-raysat_3dsMax2008_32@ = "C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe"
OAcat@ = "C:\Programmi\Tall Emu\Online Armor\oacat.exe"
sp_rssrv@ = "C:\Programmi\Spyware Terminator\sp_rsser.exe"
SvcOnlineArmor@ = C:\Programmi\Tall Emu\Online Armor\oasrv.exe
TAPPSRV@ = "C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe"
VRLService@ = C:\Programmi\Chaos Group\V-Ray\3dsmax R9 for x86\startvrlserver.exe
WinDefend@ = "C:\Programmi\Windows Defender\MsMpEng.exe"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@THotkeyC:\Programmi\Toshiba\Toshiba Applet\thotkey.exe = C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
@TPSMainTPSMain.exe = TPSMain.exe
@TvsC:\Programmi\TOSHIBA\Tvs\TvsTray.exe = C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
@TDispVolTDispVol.exe = TDispVol.exe
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" = "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
@avgnt"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
@@OnlineArmor GUI"C:\Programmi\Tall Emu\Online Armor\oaui.exe" = "C:\Programmi\Tall Emu\Online Armor\oaui.exe"
@SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
@SmoothViewC:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe = C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Adobe Reader Speed Launcher"C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@TOSCDSPDC:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe = C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{56F9679E-7826-4C84-81F3-532071A8BCC5}C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll = C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
@{4F07DA45-8170-4859-9B5F-037EF2970034}C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Programmi\Windows Desktop Search\deskbar.dll = C:\Programmi\Windows Desktop Search\deskbar.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Programmi\Windows Desktop Search\msnlExt.dll = C:\Programmi\Windows Desktop Search\msnlExt.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{8A0BC933-7552-42E2-A228-3BE055777227} /*Gestore colonne DWG AutoCAD*/C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{5800AD5B-72C1-477B-9A08-CA112DF06D97} /*Gestore descrizioni comandi e informazioni DWG AutoCAD*/C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Anteprima disegni Autodesk*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{ADC46291-D8A1-4486-A24C-86FFB392AEFA} /*Anteprima file DGN Autodesk*/C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM17.dll = C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM17.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Programmi\Windows Live\Mail\mailcomm.dll = C:\Programmi\Windows Live\Mail\mailcomm.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Shell Extension*/C:\Programmi\a-squared Free\a2freecontmenu.dll = C:\Programmi\a-squared Free\a2freecontmenu.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{C81DCBCA-8AE2-41FC-9C39-78B160393210} /*RhinoShExt*/C:\Programmi\Rhinoceros 4.0\System\RhinoShExt.dll = C:\Programmi\Rhinoceros 4.0\System\RhinoShExt.dll
@{4F07DA46-8170-4859-9B5F-037EF2970034} /*Indigo*/C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AcShellExtension.AcContextMenuHandler@{2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Programmi\File comuni\Autodesk Shared\DWF Common\DWFShellExtension.dll
OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll
RhinoShExt@{C81DCBCA-8AE2-41FC-9C39-78B160393210} = C:\Programmi\Rhinoceros 4.0\System\RhinoShExt.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a-squared Free Shell Extension@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\Programmi\a-squared Free\a2freecontmenu.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre6\bin\ssv.dll = C:\Programmi\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagewww.google.com = www.google.com
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
wlmailhtml@CLSID = C:\Programmi\Windows Live\Mail\mailcomm.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Programmi\Bonjour\mdnsNSP.dll
---- EOF - GMER 1.0.14 ----
Thanks a tutti voi siete dei grandi
Ultima modifica di ~Jaco~ : 17-01-2009 alle 16:52. |
|
|
|
|
18-01-2009, 13:46
|
#176 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
http://www.hwupgrade.it/forum/showth...7#post25899717
__________________
Try again and you will be luckier.
|
|
|
|
|
|
19-01-2009, 10:41
|
#177 |
|
Member
Iscritto dal: Jan 2009
Città: provinvicia di Pisa
Messaggi: 152
|
Ok allora ricontrollo... mi pareva di avere fatto nella maniera che era indicata per copiare il log... non so in cosa avere sbagliato...
|
|
|
|
|
20-01-2009, 19:44
|
#178 |
|
Member
Iscritto dal: Jan 2009
Messaggi: 287
|
Qualcuno mi può aiutare con il mio log?
Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-20 20:25:08 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT BA687E8C ZwCreateThread SSDT BA687E78 ZwOpenProcess SSDT BA687E7D ZwOpenThread SSDT BA687E87 ZwTerminateProcess SSDT BA687E82 ZwWriteVirtualMemory ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.14 ---- |
|
|
|
|
23-01-2009, 11:02
|
#179 |
|
Member
Iscritto dal: Aug 2007
Città: caserta
Messaggi: 78
|
ragazzi non so se ho fatto bene.... vi posto il log... mi dite cosa ne pensate????? grazie
Codice:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-23 11:56:25 Windows 5.1.2600 Service Pack 2 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.14 ---- |
|
|
|
|
07-03-2009, 12:53
|
#180 | |
|
Bannato
Iscritto dal: Nov 2008
Messaggi: 446
|
Gmer 1.0.15
E' uscita la nuova versione di Gmer, dopo più di 1 anno:
http://www.wilderssecurity.com/showthread.php?t=235325 http://www.gmer.net/files.php Quote:
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:08.
