www.MegaLab.it

da **padrino** » ven feb 01, 2008 7:15 pm

circa una settimana fa' ho lottato con dailer e grazie a voi sono riuscito ad eliminarli..
non per molto pero',
credo siano ritornati..
posto qui il mio log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.15.23, on 22/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Users\ciro\AppData\Local\zeuzhx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [zeuzhx] c:\users\ciro\appdata\local\zeuzhx.exe zeuzhx
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Avvio Veloce di WinZip.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/components/wmvhdrating.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 13596 bytes

ho gia scansionato con SUPERAntiSpyware Free Edition che precedentemente aveva rsolto il problema.. 0 infetti..

scansionato anche on find..

Find AWF report by noahdfear ©2006

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

...il link insistente che mi si apre quando sono in rete è..

http://em.pc-on-internet.com/eas?cu=267 ... =N01BITHCZ

cosa altro posso fare?
grazie

da **ste_95** » ven feb 01, 2008 7:20 pm

Seleziona queste voci e premi fix checked:

O4 - HKCU\..\Run: [zeuzhx] c:\users\ciro\appdata\local\zeuzhx.exe zeuzhx

Elimina manualmente il file c:\users\ciro\appdata\local\zeuzhx.exe zeuzhx

da **padrino** » ven feb 01, 2008 7:28 pm

io quelle voci poprio nn le trovo nel log di hijackthis..
ho notato che la copia salvata non e esatamente uguale a quella scansionata
come puo essere?

da **ste_95** » ven feb 01, 2008 7:31 pm

Rifai il log.

da **padrino** » ven feb 01, 2008 7:35 pm

lo rifatto ed e uguale.. nella copia che salvo ce quella voce..
ma nel pagina di hijackthis che tra l'altro lo lasciata aperta la voce nn ce...

da **ste_95** » ven feb 01, 2008 7:37 pm

Verifica l'esistenza del file.

da **padrino** » sab feb 02, 2008 3:57 pm

ho verificato con "cerca" ma nn ho trovato nulla...

da **ste_95** » sab feb 02, 2008 4:01 pm

Portandoti nel percorso esatto del file, visualizzando file e cartelle nascoste e di sistema, esiste il file?

da **padrino** » dom feb 03, 2008 10:29 am

ho verificato il percorso con prompt dei comandi...
quel file non lo trovato

da **ste_95** » dom feb 03, 2008 10:32 am

Posta un nuovo log di hijackthis.

da **padrino** » dom feb 03, 2008 10:37 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.15.23, on 22/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Users\ciro\AppData\Local\zeuzhx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [zeuzhx] c:\users\ciro\appdata\local\zeuzhx.exe zeuzhx
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Avvio Veloce di WinZip.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/components/wmvhdrating.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 13596 bytes

nn riesco a capire perche' nella copia ce e nell'log no...

da **ste_95** » dom feb 03, 2008 10:39 am

E' impossibile... Controlla nel task manager, dovresti avere un processo nominato zeuzhx

da **padrino** » dom feb 03, 2008 10:54 am

ci ho gurdato e riguardato.. volevo mandarti una copia dell orginale ma nn riesco...

da **ste_95** » dom feb 03, 2008 10:54 am

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

da **padrino** » dom feb 03, 2008 11:24 am

1° passaggio

GMER 1.0.14.14116 - http://www.gmer.net
Autostart scan 2008-02-03 11:01:03
Windows 6.0.6000

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\Windows\system32\userinit.exe, = C:\Windows\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
igfxcui@DLLName = igfxdev.dll /*file not found*/

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Acer HomeMedia Connect Service@ = "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
AcerMemUsageCheckService@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
AeLookupSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
AlertService@ = "C:\Program Files\Intel\IntelDH\CCU\AlertService.exe"
AntiVirScheduler@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
aswUpdSv@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
AudioEndpointBuilder@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Audiosrv@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
BFE@ = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
BITS@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CLTNetCnService@ = "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DcomLaunch@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DPS@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
DQLWinService@ = "C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"
eDataSecurity Service@ = "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
ehstart@ = %windir%\system32\svchost.exe -k LocalServiceNoNetwork
EMDMgmt@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
eRecoveryService@ = C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
Eventlog@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
EventSystem@ = %SystemRoot%\system32\svchost.exe -k LocalService
FDResPub@ = %SystemRoot%\system32\svchost.exe -k LocalService
gpsvc@ = %systemroot%\system32\svchost.exe -k netsvcs
gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
hidserv@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
hpqddsvc@ = %SystemRoot%\system32\svchost.exe -k hpdevmgmt
IAANTMON@ = C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
IKEEXT@ = %systemroot%\system32\svchost.exe -k netsvcs
iphlpsvc@ = %SystemRoot%\System32\svchost.exe -k NetSvcs
KtmRm@ = %SystemRoot%\System32\svchost.exe -k NetworkService
LanmanServer@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LanmanWorkstation@ = %SystemRoot%\System32\svchost.exe -k LocalService
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
lmhosts@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
MMCSS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
MpsSvc@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
MSiSCSI@ = %systemroot%\system32\svchost.exe -k netsvcs
Net Driver HPZ12@ = %SystemRoot%\System32\svchost.exe -k HPZ12
netprofm@ = %SystemRoot%\System32\svchost.exe -k LocalService
NlaSvc@ = %SystemRoot%\System32\svchost.exe -k NetworkService
nsi@ = %systemroot%\system32\svchost.exe -k LocalService
PcaSvc@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
PlugPlay@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Pml Driver HPZ12@ = %SystemRoot%\System32\svchost.exe -k HPZ12
PolicyAgent@ = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
ProfSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
RichVideo@ = "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" 1 - 5 - 2 1 - 3 6 8 1 0 9 8 5 1 2 - 2 8 3 6 8 5 7 2 - 3
RpcSs@ = %SystemRoot%\system32\svchost.exe -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %systemroot%\system32\svchost.exe -k netsvcs
SDhelper@ = C:\Program Files\Spyware Doctor\sdhelp.exe
seclogon@ = %windir%\system32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
slsvc@ = %SystemRoot%\system32\SLsvc.exe
Spooler@ = %SystemRoot%\System32\spoolsv.exe
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
SysMain@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
TabletInputService@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
TermService@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
upnphost@ = %SystemRoot%\system32\svchost.exe -k LocalService
UxSms@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
W32Time@ = %SystemRoot%\system32\svchost.exe -k LocalService
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
WerSvc@ = %SystemRoot%\System32\svchost.exe -k WerSvcGroup
WinDefend@ = %SystemRoot%\System32\svchost.exe -k secsvcs
Winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
WPDBusEnum@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
wscsvc@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
wudfsvc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@IAAnotif"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
@NMSSupport"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup = "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
@WarReg_PopUpC:\Acer\WR_PopUp\WarReg_PopUp.exe = C:\Acer\WR_PopUp\WarReg_PopUp.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@NvSvcRUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
@NvCplDaemonRUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@SDTray"C:\Program Files\Spyware Doctor\SDTrayApp.exe" = "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@avgnt"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@Spyware Doctor"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@SUPERAntiSpywareC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
@dblsqplc:\users\ciro\appdata\local\dblsqpl.exe dblsqpl = c:\users\ciro\appdata\local\dblsqpl.exe dblsqpl

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck = C:\Windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@{8C7461EF-2B13-11d2-BE35-3078302C2030} = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\Windows\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/%CommonProgramFiles%\System\Ole DB\oledb32.dll /*file not found*/ = %CommonProgramFiles%\System\Ole DB\oledb32.dll /*file not found*/
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{E7DE9B1A-7533-4556-9484-B26FB486475E} /**/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\system32\mmcshext.dll = %SystemRoot%\system32\mmcshext.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\Windows\system32\webcheck.dll = C:\Windows\system32\webcheck.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/%SystemRoot%\System32\netshell.dll = %SystemRoot%\System32\netshell.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/%SystemRoot%\System32\netshell.dll = %SystemRoot%\System32\netshell.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\Windows\system32\mshtml.dll = C:\Windows\system32\mshtml.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\Windows\system32\mshtml.dll = C:\Windows\system32\mshtml.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Mail Service*/%SystemRoot%\System32\sendmail.dll = %SystemRoot%\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Desktop Shortcut*/%SystemRoot%\System32\sendmail.dll = %SystemRoot%\System32\sendmail.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%systemroot%\system32\dsuiext.dll = %systemroot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%systemroot%\system32\dsuiext.dll = %systemroot%\system32\dsuiext.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/%systemroot%\system32\printui.dll = %systemroot%\system32\printui.dll
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /*Windows Update*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{7b81be6a-ce2b-4676-a29e-eb907a5126c5} /*Programs and Features*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{15eae92e-f17a-4431-9f28-805e482dafd4} /*Install New Programs*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd} /*Installed Updates*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{ceefea1b-3e29-4ef1-b34c-fec79c4f70af} /*New Shortcut Wizard*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0BFCF7B7-E7B6-433a-B205-2904FCF040DD} /*New Shortcut Wizard Modal*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyFolder Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{44f3dab6-4392-4186-bb7b-6282ccb7a9f6} /*MyDocuments menu and properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0} /*Start Menu OEM Command*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3080F90D-D7AD-11D9-BD98-0000947B0257} /*Show Desktop*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3080F90E-D7AD-11D9-BD98-0000947B0257} /*Window Switcher*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{eb124705-128b-40d4-8dd8-d93ed12589a4} /*WPL property store*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3c2654c6-7372-4f6b-b310-55d6128f49d2} /*Alphabetical Categorizer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{708e1662-b832-42a8-bbe1-0a77121e3908} /*Tree property value folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{71f96385-ddd6-48d3-a0c1-ae06e8b055fb} /*Explorer Browser*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{b2952b16-0e07-4e5a-b993-58c52cb94cae} /*Search Folders*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{437ff9c0-a07f-4fa0-af80-84b6c6440a16} /*Command Folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{90f8c90b-04e0-4e92-a186-e6e9c125d664} /*Property Labels*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{b155bdf8-02f0-451e-9a26-ae317cfd7779} /*nethood delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{DFFACDC5-679F-4156-8947-C5C76BC0B67F} /*users files delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{ed50fc29-b964-48a9-afb3-15ebb9b97f36} /*printhood delegate folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{328B0346-7EAF-4BBE-A479-7CB88A095F5B} /*Layout Folder*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{4336a54d-038b-4685-ab02-99bb52d3fb8b} /*Public Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{00021401-0000-0000-C000-000000000046} /*Shortcut*/shell32.dll = shell32.dll
@{C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9} /*Search Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0AFCCBA6-BF90-4A4E-8482-0AC960981F5B} /*.fon, .otf, .ttc or .ttf files*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{66742402-F9B9-11D1-A202-0000F81FEDEE} /*.cpl, .dll, .exe, .ocx, .rll or .sys files*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{D34A6CA6-62C2-4C34-8A7C-14709C1AD938} /*Common Places Folder*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{865e5e76-ad83-4dca-a109-50dc2113ce9a} /*Programs Folder and Fast Items*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{21ec2020-3aea-1069-a2dd-08002b30309d} /*Control Panel*/shell32.dll = shell32.dll
@{25585dc7-4da0-438d-ad04-e42c8d2d64b9} /*Client application shell extension*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3} /*Microsoft Windows RTF Preview Handler*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{1531d583-8375-4d3f-b5fb-d23bbd169f22} /*Window TXT Preview Handler*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\Windows\system32\occache.dll = C:\Windows\system32\occache.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{056440FD-8568-48e7-A632-72157243B55B} /*Explorer Navigation Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} /*Explorer Travel Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} /*Explorer Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{a542e116-8088-4146-a352-b0d06e7f6af6} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{596742A5-1393-4e13-8765-AE1DF71ACAFB} /*Microsoft Breadcrumb Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} /*Search Control*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{4d5c8c2a-d075-11d0-b416-00c04fb90376} /*Microsoft CommBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/%ProgramFiles%\Windows Mail\wabfind.dll /*file not found*/ = %ProgramFiles%\Windows Mail\wabfind.dll /*file not found*/
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/%SystemRoot%\system32\cryptext.dll = %SystemRoot%\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/%SystemRoot%\system32\cryptext.dll = %SystemRoot%\system32\cryptext.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/%SystemRoot%\system32\remotepg.dll = %SystemRoot%\system32\remotepg.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{D555645E-D4F8-4c29-A827-D93C859C4F2A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\Windows\system32\wshext.dll = C:\Windows\system32\wshext.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{8E908FC9-BECC-40f6-915B-F4CA0E70D03D} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/%SystemRoot%\MSAgent\agentpsh.dll = %SystemRoot%\MSAgent\agentpsh.dll
@{025A5937-A6BE-4686-A844-36FE4BEC8B6D} /*Microsoft Power Options*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{BB06C0E4-D293-4f75-8A90-CB05B6477EEE} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{ED834ED6-4B5A-4bfe-8F11-A626DCB6A921} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{17cd9488-1228-4b2f-88ce-4298e93e0966} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{60632754-c523-4b62-b45c-4172da012619} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9C60DE1E-E5FC-40f4-A487-460851A8D915} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Microsoft Windows Font Folder*/%SystemRoot%\system32\fontext.dll = %SystemRoot%\system32\fontext.dll
@{2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E} /*Microsoft Windows Font File Icon Handler*/fontext.dll = fontext.dll
@{1a184871-359e-4f67-aad9-5b9905d62232} /*Microsoft Windows Font File Context Menu Handler*/fontext.dll = fontext.dll
@{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01} /*Microsoft Windows Font Previewer*/fontext.dll = fontext.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/%SystemRoot%\system32\msieftp.dll = %SystemRoot%\system32\msieftp.dll
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} /*Compressed (zipped) Folder Context Menu*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{ed9d80b9-d157-457b-9192-0e7280313bf0} /*Compressed (zipped) Folder Drop Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell.DfsShell Property Sheet*/DfsShlEx.dll = DfsShlEx.dll
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E95A4861-D57A-4be1-AD0F-35267E261739} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*DropTarget Object for Photo Printing Wizard*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{335a31dd-f04b-4d76-a925-d6b47cf360df} /**/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{7D4734E6-047E-41e2-AEAA-E763B4739DC4} /*Windows Media Player Play as Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{96AE8D84-A250-4520-95A5-A47A7E3C548B} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{58E3C745-D971-4081-9034-86E34B30836A} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{78F3955E-3B90-4184-BD14-5397C15F1EFC} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{8A734961-C4AA-4741-AC1E-791ACEBF5B39} /*Windows Media Player Shop Music Context Menu Handler*/%SystemRoot%\system32\wmpshell.dll = %SystemRoot%\system32\wmpshell.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/(null) =
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/(null) =
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Drop handler*/(null) =
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius DnD Extract handler*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Windows\system32\eDSshellExt.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{CA8ACAFA-5FBB-467B-B348-90DD488DE003}C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EDSshellExt@{29FF7AB0-BE34-4992-A30B-53A9D86EE239} = C:\Windows\system32\eDSshellExt.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar3.dll = c:\program files\google\googletoolbar3.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\Windows Live Toolbar\msntb.dll = C:\Program Files\Windows Live Toolbar\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.google.com = http://www.google.com
@Start Pagehttp://www.google.com = http://www.google.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://it.msn.com/ = http://it.msn.com/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
deflate@CLSID = C:\Windows\system32\urlmon.dll
gzip@CLSID = C:\Windows\system32\urlmon.dll
text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\Windows\system32\mshtml.dll
cdl@CLSID = C:\Windows\system32\urlmon.dll
dvd@CLSID = C:\Windows\System32\msvidctl.dll
file@CLSID = C:\Windows\system32\urlmon.dll
ftp@CLSID = C:\Windows\system32\urlmon.dll
http@CLSID = C:\Windows\system32\urlmon.dll
https@CLSID = C:\Windows\system32\urlmon.dll
its@CLSID = %SystemRoot%\System32\itss.dll
javascript@CLSID = C:\Windows\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
local@CLSID = C:\Windows\system32\urlmon.dll
mailto@CLSID = C:\Windows\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\Windows\system32\urlmon.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
res@CLSID = C:\Windows\system32\mshtml.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
vbscript@CLSID = C:\Windows\system32\mshtml.dll
wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{800D1077-BCFA-422D-952A-3507927F4F14} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress =
@NameServer =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000003@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000004@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000005@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000006@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000007@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
Avvio Veloce di WinZip.lnk = Avvio Veloce di WinZip.lnk
Empowering Technology Launcher.lnk = Empowering Technology Launcher.lnk
Google Updater.lnk = Google Updater.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Logo Calibration Loader.lnk = Logo Calibration Loader.lnk
ProfileReminder.lnk = ProfileReminder.lnk

---- EOF - GMER 1.0.14 ----

2° passaggio

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-03 11:19:47
Windows 6.0.6000

---- System - GMER 1.0.14 ----

SSDT 98656A0C ZwCreateThread
SSDT 986569F8 ZwOpenProcess
SSDT 986569FD ZwOpenThread
SSDT 98656A07 ZwTerminateProcess
SSDT 98656A02 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\Windows\TEMP\mc28DF7.tmp Impossibile trovare il file specificato. !

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0033200E
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00331DAF
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00331CF2
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0033191B
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW

da **ste_95** » dom feb 03, 2008 11:26 am

Il secondo log è tagliato.

@dblsqplc:\users\ciro\appdata\local\dblsqpl.exe dblsqpl = c:\users\ciro\appdata\local\dblsqpl.exe dblsqpl

Verifica l'esistenza del file dblsqpl.exe

da **padrino** » dom feb 03, 2008 1:26 pm

o scusa..

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-03 11:19:47
Windows 6.0.6000

---- System - GMER 1.0.14 ----

SSDT 98656A0C ZwCreateThread
SSDT 986569F8 ZwOpenProcess
SSDT 986569FD ZwOpenThread
SSDT 98656A07 ZwTerminateProcess
SSDT 98656A02 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\Windows\TEMP\mc28DF7.tmp Impossibile trovare il file specificato. !

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0033200E
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00331DAF
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00331CF2
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0033191B
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1212] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1212] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1212] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1372] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1372] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1372] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1472] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1472] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1472] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1580] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1580] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1580] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1616] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1616] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1616] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 00D3200E
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00D31DAF
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00D31CF2
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 00D3191B
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2100] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2100] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2100] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2188] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2188] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2188] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2236] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2236] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2236] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2316] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2316] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2316] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 015F200E
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 015F1DAF
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 015F1CF2
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 015F191B
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] kernel32.dll!CreateThread + 1A 77033809 4 Bytes [ AB, 60, 41, 89 ]
.text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 002F200E
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 002F1DAF
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 002F1CF2
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 002F191B
.text C:\Windows\System32\rundll32.exe[2528] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[2528] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[2528] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 00CF200E
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00CF1DAF
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00CF1CF2
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 00CF191B
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 046D200E
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 046D1DAF
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 046D1CF2
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 046D191B
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\ehome\ehtray.exe[2584] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2584] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2584] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!SetUnhandledExceptionFilter 7701D187 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 025F200E
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 025F1DAF
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 025F1CF2
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 025F191B
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] USER32.dll!DispatchMessageA 75AD3C7B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2736] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2736] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2736] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0223200E
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 02231DAF
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 02231CF2
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0223191B
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3148] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3148] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3148] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3240] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3240] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3240] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3264] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3264] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3264] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[3452] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[3452] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3452] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamW 75AD14EA 5 Bytes JMP 6D3D166F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExA 75AE570D 5 Bytes JMP 6D3D15B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxParamA 75AE65BF 5 Bytes JMP 6D3D1634 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectW 75AEF1B3 5 Bytes JMP 6D261676 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxParamW 75AF129F 5 Bytes JMP 6D23F2C1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamA 75B129C9 3 Bytes JMP 6D3D16AA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamA + 4 75B129CD 1 Byte [ F7 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectA 75B1FACF 3 Bytes JMP 6D3D15F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectA + 4 75B1FAD3 1 Byte [ F7 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExW 75B1FBC9 3 Bytes JMP 6D3D157C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExW + 4 75B1FBCD 1 Byte [ F7 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 106 75F1C770 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 10E 75F1C778 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 1F2 75F1C85C 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 1FA 75F1C864 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 222 75F1C88C 4 Bytes [ 01, 0C, 2D, 6A ]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!DAD_ShowDragImage + CC 75F2E948 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!DAD_ShowDragImage + D4 75F2E950 8 Bytes [ 0F, 0B, 2D, 6A, 8F, 32, 2C, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 4F8 75F2EF98 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 500 75F2EFA0 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 768 75F2F208 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 770 75F2F210 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 980 75F2F420 4 Bytes [ 01, 0C, 2D, 6A ]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!SHParseDisplayName + C81 75F33768 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!SHParseDisplayName + C89 75F33770 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0141200E
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01411DAF
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 01411CF2
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0141191B
.text C:\Windows\system32\taskeng.exe[3768] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[3768] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3768] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0151200E
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01511DAF
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 01511CF2
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0151191B
.text C:\Windows\system32\Dwm.exe[3776] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[3776] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[3776] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\Explorer.EXE[3828] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[3828] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[3828] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\RtHDVCpl.exe[4012] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\RtHDVCpl.exe[4012] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[4012] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 003E200E
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 003E1DAF
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 003E1CF2
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 003E191B
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\ehome\ehmsas.exe[4044] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[4044] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[4044] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 01C4200E
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01C41DAF
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 01C41CF2
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 01C4191B
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4100] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4100] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4100] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4672] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0102200E
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4672] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01021DAF
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4672] ntdll.dll!Nt

da **padrino** » dom feb 03, 2008 1:56 pm

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-03 11:19:47
Windows 6.0.6000

---- System - GMER 1.0.14 ----

SSDT 98656A0C ZwCreateThread
SSDT 986569F8 ZwOpenProcess
SSDT 986569FD ZwOpenThread
SSDT 98656A07 ZwTerminateProcess
SSDT 98656A02 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\Windows\TEMP\mc28DF7.tmp Impossibile trovare il file specificato. !

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0033200E
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00331DAF
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00331CF2
.text C:\Windows\System32\rundll32.exe[660] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0033191B
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[660] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[680] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[820] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1212] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1212] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1212] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1232] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1372] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1372] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1372] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1472] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1472] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1472] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1580] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1580] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1580] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1616] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1616] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1616] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 00D3200E
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00D31DAF
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00D31CF2
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 00D3191B
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Updater\GoogleUpdater.exe[1796] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\spoolsv.exe[1888] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2100] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2100] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2100] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2152] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2188] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2188] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2188] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2236] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2236] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2236] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2288] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2288] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2316] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2316] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2316] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 015F200E
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 015F1DAF
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 015F1CF2
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 015F191B
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2364] kernel32.dll!CreateThread + 1A 77033809 4 Bytes [ AB, 60, 41, 89 ]
.text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2452] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 002F200E
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 002F1DAF
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 002F1CF2
.text C:\Windows\System32\rundll32.exe[2528] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 002F191B
.text C:\Windows\System32\rundll32.exe[2528] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[2528] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[2528] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2536] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 00CF200E
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 00CF1DAF
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 00CF1CF2
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 00CF191B
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2560] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 046D200E
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 046D1DAF
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 046D1CF2
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 046D191B
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2576] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\ehome\ehtray.exe[2584] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\ehome\ehtray.exe[2584] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2584] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2584] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2604] kernel32.dll!SetUnhandledExceptionFilter 7701D187 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 025F200E
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 025F1DAF
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 025F1CF2
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 025F191B
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2636] USER32.dll!DispatchMessageA 75AD3C7B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2656] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2736] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2736] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2736] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0223200E
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 02231DAF
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 02231CF2
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0223191B
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2808] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Users\ciro\AppData\Local\dblsqpl.exe[2980] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[3068] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3124] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3148] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3148] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3148] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3240] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3240] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3240] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3264] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3264] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3264] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3372] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[3452] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[3452] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3452] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamW 75AD14EA 5 Bytes JMP 6D3D166F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExA 75AE570D 5 Bytes JMP 6D3D15B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxParamA 75AE65BF 5 Bytes JMP 6D3D1634 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectW 75AEF1B3 5 Bytes JMP 6D261676 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxParamW 75AF129F 5 Bytes JMP 6D23F2C1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamA 75B129C9 3 Bytes JMP 6D3D16AA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamA + 4 75B129CD 1 Byte [ F7 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectA 75B1FACF 3 Bytes JMP 6D3D15F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectA + 4 75B1FAD3 1 Byte [ F7 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExW 75B1FBC9 3 Bytes JMP 6D3D157C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExW + 4 75B1FBCD 1 Byte [ F7 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 106 75F1C770 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 10E 75F1C778 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 1F2 75F1C85C 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 1FA 75F1C864 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILIsEqual + 222 75F1C88C 4 Bytes [ 01, 0C, 2D, 6A ]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!DAD_ShowDragImage + CC 75F2E948 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!DAD_ShowDragImage + D4 75F2E950 8 Bytes [ 0F, 0B, 2D, 6A, 8F, 32, 2C, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 4F8 75F2EF98 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 500 75F2EFA0 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 768 75F2F208 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 770 75F2F210 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!ILFree + 980 75F2F420 4 Bytes [ 01, 0C, 2D, 6A ]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!SHParseDisplayName + C81 75F33768 4 Bytes [ 01, 0C, 2D, 6A ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] SHELL32.dll!SHParseDisplayName + C89 75F33770 4 Bytes [ 0F, 0B, 2D, 6A ]
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0141200E
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01411DAF
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 01411CF2
.text C:\Windows\system32\taskeng.exe[3768] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0141191B
.text C:\Windows\system32\taskeng.exe[3768] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[3768] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3768] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0151200E
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01511DAF
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 01511CF2
.text C:\Windows\system32\Dwm.exe[3776] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 0151191B
.text C:\Windows\system32\Dwm.exe[3776] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[3776] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[3776] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\Explorer.EXE[3828] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\Explorer.EXE[3828] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[3828] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[3828] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\RtHDVCpl.exe[4012] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\RtHDVCpl.exe[4012] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\RtHDVCpl.exe[4012] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[4012] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 003E200E
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 003E1DAF
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 003E1CF2
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 003E191B
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[4028] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Windows\ehome\ehmsas.exe[4044] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Windows\ehome\ehmsas.exe[4044] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[4044] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[4044] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 01C4200E
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01C41DAF
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 01C41CF2
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 01C4191B
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe[4052] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[4076] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4100] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4100] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4100] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] KERNEL32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] KERNEL32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4388] KERNEL32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 1000200E
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 10001DAF
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtQueryDirectoryFile 771DFDF4 5 Bytes JMP 10001CF2
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] ntdll.dll!NtQuerySystemInformation 771DFFD4 5 Bytes JMP 1000191B
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] kernel32.dll!CreateProcessW 76FF1D27 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] kernel32.dll!CreateProcessA 76FF1D5C 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4488] kernel32.dll!LoadLibraryExW 770195AF 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4672] ntdll.dll!NtEnumerateKey 771DF8A4 5 Bytes JMP 0102200E
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4672] ntdll.dll!NtEnumerateValueKey 771DF8D4 5 Bytes JMP 01021DAF
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4672] ntdll.dll!NtQueryDirector

da **ste_95** » dom feb 03, 2008 2:54 pm

Uploada il secondo file su www.freefilehosting.net

Hai verificato l'esistenza del file che ti ho segnalato?

da **padrino** » dom feb 03, 2008 7:38 pm

ho verificato l'esistenza del file e non ho trovato nulla..

www.MegaLab.it

dailer persistenti

dailer persistenti

Chi c’è in linea