Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Schermo blu,riavvio pc:virus?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Schermo blu,riavvio pc:virus?

Messaggioda Ransie » dom feb 04, 2007 5:46 pm

Salve ragazzi!

nuovamente io, questa volta tornata in italia!
In pratica da alcuni giorni ho notato che il pc qualche volta si riavvia da solo: all'improvviso si spegne, appare una schermata blu con scritte per un secondo (nn riesco mai a leggere) e si riavvia!

Ho fatto scansione con AVG ma nn trova nulla.

In realtà ho notato che ogni qual volta si riavvia, nella finestra Zone Alarm dei programmi che hanno accesso ad internet ne compare uno (ovviamente data indefinita, senza origine) con una stringa di caratteri anomala: ?ÿÿÿCEôHR@.exe
Ovviamente nn mi compare la classica finestra in cui mi chiede se consentire l'accesso o meno.
Credo potrebbe essere questo il mio problema. Ma ho provato ad individuare il files ma nn ho idea del percorso, nn so cosa sia, dove sia.

In ogni caso per ora ne ho bloccato l'accesso ad internet.. si cosa si tratta?
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda crazy.cat » dom feb 04, 2007 6:09 pm

Intanto blocchiamo il rivvio del pc in modo che tu possa leggere il codice a quale file fa riferimento
http://www.MegaLab.it/2315

Poi posta il log della scansione di hijackthis che già dovresti ben conoscere.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Ransie » mar feb 06, 2007 11:44 am

Grazie crazycat!
Ho fatto come hai detto ma fino ad ora il problema nn si è nuovamente verificato quindi nn ho ancora letto l'errore.
In ogni caso ho bloccato ed eliminato dal Firewall l'accesso ad internet del file.exe sospetto.
Ti posto il log di Hijackthis fatto stamattina.

Logfile of HijackThis v1.99.1
Scan saved at 10.26.35, on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Nancy\IMPOST~1\Temp\Rar$EX00.765\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar\01.01.1601.0\it\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ransie-nancy.spaces.msn.com//Pho ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9405309546
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5788482-735C-46EB-BA7C-F9780B56FB15}: NameServer = 141.30.230.3,141.30.66.135
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top
Top

Messaggioda Ransie » gio feb 08, 2007 11:35 am

c'è qualcosa che nn va nel mio log o è ok?:-(
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda Amantide » gio feb 08, 2007 1:04 pm

Il log di Hijackthis è pulito, però non è detto che lo sia anche il tuo pc, potrebbe trattarsi di qualche rootkit.
Scarica Gmer, vai su tab Rootkit, spunta la vose Show all e clicca su Scan. A scansione terminata clicca su Copy ed incolla il risultato sul blocco note o direttamente qui. Ripeti l'operazione anche per Autostart.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Messaggioda Ransie » gio feb 08, 2007 4:17 pm

Questo è il risultato dell'operazione in Autostart:

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-08 15:15:14
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
igfxcui@DLLName = igfxsrvc.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Alerter /*Avvisi*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
ASUSKeyboardService /*ASUS Keyboard Service*/@ = c:\WINDOWS\ASUSKBService.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CiSvc /*Servizio di indicizzazione*/@ = %SystemRoot%\system32\cisvc.exe
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Irmon /*Monitor infrarossi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
KodakCCS /*Kodak Camera Connection Software*/@ = %SystemRoot%\system32\drivers\KodakCCS.exe
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
McAfeeFramework /*McAfee Framework Service*/@ = C:\Programmi\Network Associates\Common Framework\FrameworkService.exe /ServiceStart /*file not found*/
McShield /*Network Associates McShield*/@ = "C:\Programmi\Network Associates\VirusScan\Mcshield.exe"
McTaskManager /*Network Associates Task Manager*/@ = "C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe"
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZONELABS\vsmon.exe -service
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@Power_GearC:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/ = C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@ShStatEXE"C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE = "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
@McAfeeUpdaterUI"C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey = "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
@Network Associates Error Reporting Service"C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe" = "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
RunOnceEx@ = /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@VoipStunt"C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized = "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Unbind*/C:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL = C:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\System32\mscoree.dll = C:\WINDOWS\System32\mscoree.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{acb4a560-3606-11d3-aef4-00104bd0f92d} /*KodakShellExtension*/C:\Programmi\File comuni\KODAK\IFSCore\kodakshx.dll = C:\Programmi\File comuni\KODAK\IFSCore\kodakshx.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} =
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Programmi\Network Associates\VirusScan\shext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} =
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Programmi\Network Associates\VirusScan\shext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Programmi\Network Associates\VirusScan\shext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.asus.com.tw = http://www.asus.com.tw
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\System32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cetihpz@CLSID = C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B5788482-735C-46EB-BA7C-F9780B56FB15} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress141.30.220.98 = 141.30.220.98
@NameServer141.30.230.3,141.30.66.135 = 141.30.230.3,141.30.66.135
@DefaultGateway141.30.220.97 = 141.30.220.97
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
ASUS ChkMail.lnk = ASUS ChkMail.lnk
ZoneAlarm.lnk = ZoneAlarm.lnk
Kodak software updater.lnk = Kodak software updater.lnk

---- EOF - GMER 1.0.12 ----
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda Ransie » gio feb 08, 2007 4:50 pm

Questo è quello che leggo in rootkit appena apro Gmer:
GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-08 15:46:01
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SYSENTER \??\C:\WINDOWS\System32\lzx32.sys EFF5EBF4

Code \??\C:\WINDOWS\System32\lzx32.sys pIofCallDriver

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EF8E9160] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EF8E9160] vsdatant.sys

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\System32\lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----

Ho provato a fare una scansione completa, arriva fino ad un certo punto (e mi segnala in rosso questa voce Service C:\WINDOWS\System32\lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!) poi mentre la scansione continua all'improvviso sschermata blu, e si riavvia.
Ho provato due volte e due volte è successa sempre la stessa cosa.
Ho cercato questa voce nella cartella System32..ma nn l'ho trovata..
Cosa significa?
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda Amantide » gio feb 08, 2007 5:02 pm

Come avevo sospettato, si tratta di Rustock.

Leggi queste 2 guide su come eliminarlo:
http://www.MegaLab.it/2654
http://www.pcalsicuro.com/main/2007/01/ ... tdialcall/
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Messaggioda Ransie » ven feb 09, 2007 2:53 pm

Ho letto l'articolo di MegaLab e utilizzato il primo remove tool seguendo le istruzioni.
Apro gmer e la segnalazione in rosso del rootkit non mi compare più. Inoltre ho completato (olè)una scansione completa.Posto il risultato:

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-09 13:49:00
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\System32\vsdatant.sys ZwConnectPort
SSDT 81924109 ZwCreateThread
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[108] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[632] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[644] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[792] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[912] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1068] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 27001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 27001050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, AF, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003760 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003270 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004AB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WS2_32.dll!send 71A3428A 5 Bytes JMP 270095A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 27009390 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WS2_32.dll!recv 71A3615A 5 Bytes JMP 27009200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 27009720 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 27009930 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002BA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 27001D30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 27001E30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WININET.dll!HttpOpenRequestA 771936AD 5 Bytes JMP 27008180 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 27008460 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 270083B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1344] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 270082E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1672] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[1712] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2012] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [EF732980] vsdatant.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [EF732980] vsdatant.sys
Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [EF732980] vsdatant.sys
Device \Driver\AFD \Device\Afd FastIoDeviceControl [EF732360] vsdatant.sys

---- EOF - GMER 1.0.12 ----

Spero sia ok.
comunque grazie per l'aiuto e le "lezioni" che mi fornite ogni volta. Dico lezioni perché non so quante cose sto imparando da quando sono utente di questo forum!!!
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda Amantide » ven feb 09, 2007 3:14 pm

Direi che hai risolto [^]

Per sicurezza fai anche la scansione con A-squared.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Messaggioda Ransie » sab feb 10, 2007 4:35 pm

Anche A-squared non rileva nulla, tutto ok.

Però mentre navigavo mi è comparso il messaggio di VirusScan che aveva trovato e cancellato il file C:\WINDOWS\System32\lzx32.sys

Ma il remove tool non lo aveva già eliminato?
Boh!
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda Amantide » sab feb 10, 2007 4:40 pm

Ransie ha scritto:Però mentre navigavo mi è comparso il messaggio di VirusScan che aveva trovato e cancellato il file C:\WINDOWS\System32\lzx32.sys

Ma il remove tool non lo aveva già eliminato?
Boh!

Avrebbe dovuto farlo [boh]
Se vuoi, per sicurezza, mi puoi postare il nuovo log Rootkit di Gmer, cosi vediamo se è stato eliminato veramente.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Messaggioda Ransie » sab feb 10, 2007 8:25 pm

Ok!Grazie!

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-10 19:22:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\System32\vsdatant.sys ZwConnectPort
SSDT 8186B109 ZwCreateThread
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[164] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[624] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[636] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[780] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[844] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[896] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\Explorer.EXE[1548] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\Network Associates\Common Framework\FrameworkService.exe[1708] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!ReadFile 7C80180E 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!WriteFile 7C810D87 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!WinExec 7C86136D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!select 71A32DC0 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!socket 71A33B91 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!bind 71A33E00 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!send 71A3428A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!recv 71A3615A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetOpenA 771958BA 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetReadFile 771980F4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 27001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 27001050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, AF, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003760 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003270 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004AB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WS2_32.dll!send 71A3428A 5 Bytes JMP 270095A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 27009390 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WS2_32.dll!recv 71A3615A 5 Bytes JMP 27009200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 27009720 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 27009930 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002BA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 27001D30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 27001E30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WININET.dll!HttpOpenRequestA 771936AD 5 Bytes JMP 27008180 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 27008460 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 270083B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3312] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 270082E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [EF734160] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [EF734160] vsdatant.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [EF732980] vsdatant.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [EF732980] vsdatant.sys
Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [EF732980] vsdatant.sys
Device \Driver\AFD \Device\Afd FastIoDeviceControl [EF732360] vsdatant.sys

---- EOF - GMER 1.0.12 ----
Avatar utente
Ransie
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: gio dic 21, 2006 1:31 pm
Località: Napoli
Top

Messaggioda Amantide » sab feb 10, 2007 8:46 pm

E' pulito [;)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising