scansione del sistema: GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-15 11:30:48
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT FA0F3B2E ZwCreateKey
SSDT FA0F3B24 ZwCreateThread
SSDT FA0F3B33 ZwDeleteKey
SSDT FA0F3B3D ZwDeleteValueKey
SSDT FA0F3B42 ZwLoadKey
SSDT FA0F3B10 ZwOpenProcess
SSDT FA0F3B15 ZwOpenThread
SSDT FA0F3B4C ZwReplaceKey
SSDT FA0F3B47 ZwRestoreKey
SSDT FA0F3B38 ZwSetValueKey
SSDT FA0F3B1F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ObfDereferenceObject 804D9050 7 Bytes [B8, 44, 28, CB, F9, FF, E0] {MOV EAX, 0xf9cb2844; JMP EAX}
PAGE ntoskrnl.exe!ObInsertObject 8056503A 7 Bytes [B8, E4, 26, CB, F9, FF, E0] {MOV EAX, 0xf9cb26e4; JMP EAX}
PAGE ntoskrnl.exe!ObCreateObject 80565566 7 Bytes [B8, 12, 22, CB, F9, FF, E0] {MOV EAX, 0xf9cb2212; JMP EAX}
PAGE ntoskrnl.exe!MmMapViewOfSection 80573A5E 7 Bytes [B8, D0, 22, CB, F9, FF, E0] {MOV EAX, 0xf9cb22d0; JMP EAX}
---- User code sections - GMER 1.0.15 ----
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4420F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 443A178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 443A1710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 443A1754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 443A169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 443A16D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 443A17CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 442316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ADVAPI32.dll!CryptDeriveKey 77F59FFD 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ADVAPI32.dll!CryptDecrypt 77F5A129 7 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28006B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280046C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005EA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28006120 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 28006770 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003CF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005FE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28006960 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006310 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004FA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 2800BB90 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!send 71A34C27 5 Bytes JMP 2800B770 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 2800B550 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!recv 71A3676F 5 Bytes JMP 2800B3B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 2800B950 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 5 Bytes JMP 28003440 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 28002600 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!InternetCloseHandle 4330DA71 5 Bytes JMP 2800A560 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!HttpOpenRequestA 43314339 5 Bytes JMP 2800A220 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!InternetReadFile 4331ABCC 5 Bytes JMP 2800A3B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!HttpSendRequestA 4331CD50 5 Bytes JMP 2800A490 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4420F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 443A178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 443A1710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 443A1754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 443A169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 443A16D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 443A17CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 442316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011E2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011E2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011E2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011E2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B809E17-1B4A-E636-9ABD-3F084AF4F706}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B809E17-1B4A-E636-9ABD-3F084AF4F706}@abafihfboocjhmnigmndhbeldhbililhfo 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B809E17-1B4A-E636-9ABD-3F084AF4F706}@bbafihfboocjhmnigmkdecpelipdmmejinep 0x61 0x61 0x00 0x00
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-07-15 11:30:48
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT FA0F3B2E ZwCreateKey
SSDT FA0F3B24 ZwCreateThread
SSDT FA0F3B33 ZwDeleteKey
SSDT FA0F3B3D ZwDeleteValueKey
SSDT FA0F3B42 ZwLoadKey
SSDT FA0F3B10 ZwOpenProcess
SSDT FA0F3B15 ZwOpenThread
SSDT FA0F3B4C ZwReplaceKey
SSDT FA0F3B47 ZwRestoreKey
SSDT FA0F3B38 ZwSetValueKey
SSDT FA0F3B1F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ObfDereferenceObject 804D9050 7 Bytes [B8, 44, 28, CB, F9, FF, E0] {MOV EAX, 0xf9cb2844; JMP EAX}
PAGE ntoskrnl.exe!ObInsertObject 8056503A 7 Bytes [B8, E4, 26, CB, F9, FF, E0] {MOV EAX, 0xf9cb26e4; JMP EAX}
PAGE ntoskrnl.exe!ObCreateObject 80565566 7 Bytes [B8, 12, 22, CB, F9, FF, E0] {MOV EAX, 0xf9cb2212; JMP EAX}
PAGE ntoskrnl.exe!MmMapViewOfSection 80573A5E 7 Bytes [B8, D0, 22, CB, F9, FF, E0] {MOV EAX, 0xf9cb22d0; JMP EAX}
---- User code sections - GMER 1.0.15 ----
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4420F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 443A178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 443A1710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 443A1754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 443A169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 443A16D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 443A17CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[1984] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 442316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ADVAPI32.dll!CryptDeriveKey 77F59FFD 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ADVAPI32.dll!CryptDecrypt 77F5A129 7 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28006B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280046C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005EA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28006120 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 28006770 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003CF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005FE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28006960 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006310 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004FA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 2800BB90 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!send 71A34C27 5 Bytes JMP 2800B770 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 2800B550 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!recv 71A3676F 5 Bytes JMP 2800B3B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 2800B950 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 5 Bytes JMP 28003440 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 28002600 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!InternetCloseHandle 4330DA71 5 Bytes JMP 2800A560 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!HttpOpenRequestA 43314339 5 Bytes JMP 2800A220 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!InternetReadFile 4331ABCC 5 Bytes JMP 2800A3B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] WININET.dll!HttpSendRequestA 4331CD50 5 Bytes JMP 2800A490 C:\Programmi\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4420F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 443A178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 443A1710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 443A1754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 443A169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 443A16D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 443A17CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 442316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011E2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011E2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011E2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programmi\Windows Live\Messenger\msnmsgr.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011E2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B809E17-1B4A-E636-9ABD-3F084AF4F706}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B809E17-1B4A-E636-9ABD-3F084AF4F706}@abafihfboocjhmnigmndhbeldhbililhfo 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B809E17-1B4A-E636-9ABD-3F084AF4F706}@bbafihfboocjhmnigmkdecpelipdmmejinep 0x61 0x61 0x00 0x00
---- EOF - GMER 1.0.15 ----
ho loggato questa scansione con gmer qualcuno potrebbe dare un occhiata? ve ne sarei molto grato.