attraverso regedit? solo attraverso regedit? :)

Si x qst è strano.....ma poi xkè mi è riuscito? in regedit nn trovo nulla!

HiJackThis http://www.zshare.net/download/114725000962ef05/
Prevx CSI http://www.zshare.net/download/11472531ab1bfd5b/
A-Squared http://www.zshare.net/download/114725486a05c0a3/
Gmer http://www.zshare.net/download/1147256502015178/

Ho eseguito la guida alla disinfezione
Vi prego aiutatemi

@ mikele87:
rifai la scansione con HiJackThis optando per "Scan Only", al termine il pulsante in basso a sinistra si chiamerà "Fix Checked", quindi seleziona le voci sugerite e premi tale tasto.


O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ASUS\IMPOST~1\Temp\DX9\SessionLauncher.exe (file missing)

fai esaminare C:\WINDOWS\system32\CTFMON.EXE su www.virustotal.com


log di prex:

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe InMem: 0 Det [B] MD5: E58A6C4C7EEE9263A8C5035B4324B410 PX5: B84AA90634BFBE5E31CA0033FFE0B400ACE6B199 Malware Group: Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe InMem: 0 Det [B] MD5: 2F741A0FC2EBD30170184C08719C1A58 PX5: B84AA90634BFBE5E31CA0033FFE0B4004E325E64 Malware Group: Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe InMem: 0 Det [B] MD5: EE49F6A4EEF8E05F7A7759AE4C2A8584 PX5: B84AA90634BFBE5E31CA0033FFE0B4005E2EFCCF Malware Group: Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe InMem: 0 Det [B] MD5: CAE9F0D99B2257CB6F516BD9DACE99EE PX5: B84AA90634BFBE5E31CA0033FFE0B400A9221682 Malware Group: Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe InMem: 0 Det [B] MD5: E9C8F0FEE2D3749498696FA0181BC64B PX5: B84AA90634BFBE5E31CA0033FFE0B400467E0D9E Malware Group: Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe InMem: 0 Det [B] MD5: 46F8B97828DE20DCD79DAAAE19694434 PX5: B84AA90634BFBE5E31CA0033FFE0B400226681CF Malware Group: Worm


Summary:

C:\Documents and Settings\ASUS\Desktop\runprevxcsi.exe - [G1] >> Hidden Process: 12148

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe - [B] >> Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe - [B] >> Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe - [B] >> Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe - [B] >> Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe - [B] >> Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe - [B] >> Worm

aggiorna a-squared-free e rifai la scansione con metodo DEEP Scan, metti tutto cio che trova in quarantena, poi esegui avenger e carica il seguente script:

Files to delete:
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe

Fatto!
Ora è tutto risolto?

scusa, nel frattempo aggiornavo il mio messaggio con quello che vedevo :)
riguarda il mio precedente messaggio

DI CTFMON.EXE ce ne sono 2 poi altri con dei numeri quali devo prendere??

quelli con i numeri tra loro sono uguali quindi ignorali... scansiona quei due e metti il link al risultato (basta che copi e incolli l'url del browser quando la scansione è finita)

Qst è il 1° http://www.virustotal.com/it/reanalisis.html?d0bba9959fa1eb08bce66df68c69c1bc

Qst il 2° http://www.virustotal.com/it/analisis/0d6b02738fe566f3c5add906a25ebb97

Ora continuo con le tue istruzioni?

allora devi avviare avenger e caricare questo script:
Files to move:
C:\WINDOWS\system32\CTFMON.EXE | C:\WINDOWS\system32\CTFMON.EXE_vir
C:\WINDOWS\system32\CTFMON_.EXE | C:\WINDOWS\system32\CTFMON.EXE

Files to delete:
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe

Quando clicco su Execute mi dice Invalid Scripts
Come li inserisco con copia e incolla? xkè facendo cosi mi esce solo la prima linea il resto no
Leggendo ho notato ke qst advanger dovrebbe avere 1 lente di ingrandimento ma a me esce una finestra normale con 1 spazio bianco dove si inserisce qst scripts

L'ho copiato si è riavviato il pc ed è uscito qst
http://www.zshare.net/download/11478333bbaa1e18/

xò quella connessione maledetta c'è ankora

ricontrolla in C:\WINDOWS\system32\ quanti ctfmon.exe esistano e poi

scarica ed esegui CCleaner (http://www.ccleaner.com/download/builds/downloading-portable) seguendo queste brevi indicazioni (non richiede installazione):
scompattare lo zip (possibilmente in una cartella creata solo per lui) e lanciare il file eseguibile ccleaner.exe, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
Avanzate e togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui;

ctfmon c'e ne sn 2 cn 2 icone diverse
poi ci sn i ctfmon con i numeri poi CTFMON.EXE_vir

fammi un immagine (in formato jpg o png) o riporta gli esatti nomi dei due file :)

http://img181.imageshack.us/img181/3973/iuiiouh3.jpg

fai "mostra come elenco" (pulsante estremo a destra mi sembra) ed espandi la colonna del nome se vedi che alcuni nomi non aparissero per intero :)
quindi rifai l'immagine, scusa ma come li visualizzavi non si capiva le differenze tra i due oggetti

skusa nn ho capito qst passaggio

Così?
http://img73.imageshack.us/img73/5200/iuiioae8.jpg

perfeto, solo che manca ancora una cosa... devi visualizzare le "estensioni conosciute" quindi devi andare in opzioni cartella e nell'elenco togliere il fleghettino (segno di spunta) da "nascondi estensioni conosciute" :)

poi rifai l'immagine.. scusa ancora ma è una cosa che ti manca e prima non si vedeva :(

Non preoccuparti

http://img181.imageshack.us/img181/9632/iuiiorm9.jpg

ok ora ci siamo!

carica questo script:
Files to move:
C:\WINDOWS\system32\CTFMON.EXE | C:\WINDOWS\system32\CTFMON.EXE_vir2
C:\WINDOWS\system32\CTFMON .EXE | C:\WINDOWS\system32\CTFMON.EXE

ma prima con HiJackThis fixa:

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

skusa la tremenda ignoranza
il primo scripts con Avenger?
il secondo con HiJackThis? cm si fà?

quale dei 2 devo fare prima?

prima hijackthis poi avenger

Fatto. qst è il log di avenger

http://www.zshare.net/download/114818135f982c4e/

mi sa che hai incollato il log sbagliato e comunque cambia hoster perchè con zshare bisogna attendere ogni volta 1 minuto per scaricare il file...

Quando ho riavviato il pc mi è uscito quello.
ma ora è tt risolto?

http://www.sendspace.com/file/6q4gnn

bene ora rifai un log con hijackthis e prevx :)
se puoi anche un log di findAWF

hijackthis http://www.sendspace.com/file/2b227
findAWF http://www.sendspace.com/file/4hmimp
prevx http://www.sendspace.com/file/xur61y

il log hijackthis sembra irrangiungibile, ad ogni modo ora sembri pulito :)

http://www.sendspace.com/file/z90xww

Grazie 1000 davvero!

http://www.sendspace.com/file/z90xww

Grazie 1000 davvero!

confermo sei pulito :)

NOOOOOOOOOOOOOOOOOOO
mi è riuscito!!!!:cry:

HijackThis http://www.sendspace.com/file/3r2d54

Qualke santo mi aiuti

Nn c'è nessuno????

posta un nuovo log di findawf

http://www.sendspace.com/file/pp47uu

Findawf è pulito, HjT segnala questo C:\WINDOWS\system32\ctfmon .exe
io seguirei qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

quindi devo ripetere le pocedure di disinfezione e ripostare i log qui?

se segui la guida ti fai anche un controllo generale che non guasta mai, altrimenti aspetta il parere di qualcun'altro

Fixa:

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmi\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

inoltre pensa seriamente a sostituire AcrobatReader con FoxitReader :)

Ciao...ho un problema...il mio modem 56k dopo un pò si stacca e cerca di connetrsi con un'altra connessione che si crea automaticamente ma che vedendo le proprietà non chiama nessun numero..che cos'è?..comunque mando il log di awf... spero possiate aiutarmi. Grazie

Ciao...ho un problema...il mio modem 56k dopo un pò si stacca e cerca di connetrsi con un'altra connessione che si crea automaticamente ma che vedendo le proprietà non chiama nessun numero..che cos'è?..comunque mando il log di awf... spero possiate aiutarmi. Grazie

eri stato infettato da questo dialer ma poi sei stato pulito.. controlla che il tuo antivirus sia settato correttamente se già lo fosse allora pensa ad un sostituto perchè hai fatto acqua ben due volte :)

segui questa semplice procedura pubblicando tutti i log:
http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

sorry

Se possibile mi dai un occhio anche al mio dump ho un dialer ma non riesco a capire quale? certo che si divertono sti produttori...

....

grazie.

Scusa, dovresti editare il messaggio.
I log non si copiano come hai fatto tu. In prima pagina è spiegato a caratteri cubitali come inserire i log nelle discussioni.

riedita il tuo post e CARICA CORRETTAMENTE I LOG SECONDO QUESTE REGOLE
Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comando Gestisci allegati nelle Opzioni aggiuntive
Clicca su Gestisci allegati -> Sfoglia -> Carica
Altrimenti caricali su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.

La tua versione di Hijackthis non è aggiornata....scarica da qui (http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip) l'ultima versione e mettila in una sua cartella dedicata, rifai la scansione e ricarica il nuovo log.

Poi anche il log di findawf

[QUOTE=milan63;22325864]Se possibile mi dai un occhio anche al mio dump ho un dialer ma non riesco a capire quale? certo che si divertono sti produttori...

se non conosci queste voci fixale
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O2 - BHO: Class - {1101FE95-4E22-9B80-518E-EF505501739C} - C:\WINDOWS\qfllg1.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [rtwfc] "C:\DOCUME~1\giuseppe\IMPOST~1\Temp\1026312.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping\four size.exe
O4 - HKCU\..\Run: [gmost.exe] C:\WINDOWS\system32\netdriver\service\gmost.exe
O4 - HKCU\..\Run: [Microsoft .Net Framework] C:\WINDOWS\system32\microsof\serv\servic.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

Grazie dopo provo e ti farò sapere.

Se possibile mi dai un occhio anche al mio dump ho un dialer ma non riesco a capire quale? certo che si divertono sti produttori...

Fixa anche:

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN

Ho fixato tutti quelli consigliati e sembra a posto speriamo e grazie.

Parlato troppo presto si è aperto ancora qualcosa chi sa dirmi cosa devo ancora eliminare grazie anticipatamente.

avevo perso un pezzo

allega il log di findawf come spiegato nella prima pagina

avevo perso un pezzo
cambi sto antivirus, non è possibile che non è possibile infettarsi ogni 3 secondi... :muro:
mettiti Avira Antivir Classic che è free ed è efficacissimo :)

Fixa:

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - Global Startup: MediaChecker.lnk = C:\Programmi\HOTALBUMMyBOX\MediaChecker.exe
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab


dopo vai al link http://secunia.com/software_inspector/ e scansiona online il tuo pc, ti mostrerà l'elenco dei rpogrammi altamente critici da aggiornare assolutamente.
Valuta la possibilità di disinstallare Acrobat 7.0 in favore del più potente, leggero, veloce e sopratutto più sicuro FoxitReader (http://www.foxitsoftware.com/pdf/rd_intro.php) :)

aiuto

aiuto

Questo è lo script che devi inserire in Avenger:

FIles to move:

C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\bak\bak\QTTask.exe | C:\Programmi\QuickTime\bak\QTTask.exe
C:\Programmi\QuickTime\bak\QTTask.exe | C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe | C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe | C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9HE.EXE | C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE



Al riavvio allega un nuovo log di findawf e il log di avenger.

ecco il .txt fatto dal programma findAWF

rispondete al più presto

ecco il .txt fatto dal programma findAWF

rispondete al più presto
è pulito quindi leggi qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

Ecco miei logs findawf and hijack.
Grazie mille per l'eventuale assistenza.

devi seguire la guida, ma comincia a postare il log di a-squared scansione deep ( che è comunque il primo scan da fare anche in guida)
ciao

ciao, mi è comparsa tra le connessioni una nuova che si chiama internet connection. potete aiuarmi? grazie mille

Leggi qui (http://www.hwupgrade.it/forum/showthread.php?t=1651594) e carica tutti i log richiesti secondo le modalità.

Modalità pubblicazione log
Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comando Gestisci allegati nelle Opzioni aggiuntive
Clicca su Gestisci allegati -> Sfoglia -> Carica
Altrimenti caricali su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.

Invio il mio log in allegato creato con FindAWF

devi seguire la guida, ma comincia a postare il log di a-squared scansione deep ( che è comunque il primo scan da fare anche in guida)
ciao

Non ho seguito la guida? Non ho visto che c'era da usare anche quest'altro programma. Ok prendo il log anche di questo.

HO IL DIALER INTERNET CONNECTION E FACENDO LA SCANSIONE CON FINDAWF NON MI TROVA NIENTE! HO SEGUITO LA GUIDA X CHI HA QST TIPO PROBLEMA MA NIENTE: FINDAWF MI DA' SEMPRE LO STESSO TIPO PROBLEMA OVVERO NON TROVA NIENTE!

AIUTATEMI

Invio il mio log in allegato creato con FindAWF

Hai le cartelle bak di una precedente infezione. Probabilmente hai il dialer Heuristic. Segui queste indicazioni:

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

HO IL DIALER INTERNET CONNECTION E FACENDO LA SCANSIONE CON FINDAWF NON MI TROVA NIENTE! HO SEGUITO LA GUIDA X CHI HA QST TIPO PROBLEMA MA NIENTE: FINDAWF MI DA' SEMPRE LO STESSO TIPO PROBLEMA OVVERO NON TROVA NIENTE!

AIUTATEMI

Scrivere in maiuscolo in un forum equivale ad urlare. Ti è stato già risposto qui:

http://www.hwupgrade.it/forum/showpost.php?p=22381286&postcount=2309

Devi eseguire questo:

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

questo è il mio log cosa devo fare?

questo è il mio log cosa devo fare?
segui anche tu qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

Maledetto dialer infame,m'ha appestato di nuovo mi sa! :doh:
Chiedo nuovamente la vostra gentilissima assistenza :help:

Maledetto dialer infame,m'ha appestato di nuovo mi sa! :doh:
Chiedo nuovamente la vostra gentilissima assistenza :help:

Segui questa Guida http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

ho detto che ho seguito quella guida alla disinfezione ma niente! quindi fami sapere

ho detto che ho seguito quella guida alla disinfezione ma niente! quindi fami sapere
ci servono i log per poter capire cos'hai....

ho detto che ho seguito quella guida alla disinfezione ma niente! quindi fami sapere

Si ma se non posti i risultati delle scansioni nessuno potrà aiutarti...;)

il log di findawf mi esce vuoto. ho eseguito la guida riguardo a qst problema ma niente il log esce vuoto.

AIUTO!

aver seguito la guida vuol dire fornirci questi log:

-log di A-squared scansione deep aggiornato ad oggi
-log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
-log di Dr.Web CureIT scaricato oggi
-log di ESET SysInspector
-log di HiJackThis
-log di Gmer
-log di PrevxCSI

teoricamente basterebbe la scansione deep di a-squared ma se questa non ha trovato nulla è un buon motivo per seguire tutta la guida ;)

il log di findawf mi esce vuoto. ho eseguito la guida riguardo a qst problema ma niente il log esce vuoto.

AIUTO!

Non riesco a capire cosa tu faccia, ma è impossibile che tutti i log delle scansioni di FindAWF e di quelle della Guida per Infetti ti escano completamente bianchi e privi di testo.

aver seguito la guida vuol dire fornirci questi log:

-log di A-squared scansione deep aggiornato ad oggi
-log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
-log di Dr.Web CureIT scaricato oggi
-log di ESET SysInspector
-log di HiJackThis
-log di Gmer
-log di PrevxCSI

teoricamente basterebbe la scansione deep di a-squared ma se questa non ha trovato nulla è un buon motivo per seguire tutta la guida ;)

;)

E mi sembra alquanto strano che i log escano totalmente "vuoti"...

Una cosa è dire che escano puliti, un'altra è dire che siano vuoti...

Salve..qualcuno può aiutarmi per favore? Mi riappare di continuo la connessione internet connection nonostante la rimuovo :-( Ho scaricato Findawf e questo è ciò che mi esce...................:-SSS
p.s. ci capisco ben poco

x fati
segui qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

Ciao!!

Ho allefato il log di FindAWF

Attendo script da copiare

Ciao!!

Ho allefato il log di FindAWF

Attendo script da copiare
questo è lo script
Files to move:
C:\Programmi\Grisoft\AVG7\bak\avgcc.exe | C:\Programmi\Grisoft\AVG7\avgcc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
poi log di avenger e nuovo di findawf
ciao

Ragazzi..ho sempre seguito i vostri consigli e sempre sono stati preziosissimi... purtroppo 'sto "internet connection" ora non va piu' via...sembro pulito ma ad ogni connessione il dialer maledetto ricompare...non so piu' che fare.

Ragazzi..ho sempre seguito i vostri consigli e sempre sono stati preziosissimi... purtroppo 'sto "internet connection" ora non va piu' via...sembro pulito ma ad ogni connessione il dialer maledetto ricompare...non so piu' che fare.

è pulito, procedi con il seguire la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

è pulito, procedi con il seguire la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

non c'e' niente da fare ricompare sempre....sono ormai rassegnato...mi toccca fare una formattazione?

non c'e' niente da fare ricompare sempre....sono ormai rassegnato...mi toccca fare una formattazione?

No, semplicemente devi attenerti a quanto ti ha detto xcdegasp:

è pulito, procedi con il seguire la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

Quindi pdevi eseguire tutte le scansioni della guida, e poi devi postare in questa discussione i risultati di ciascuna scansione, in modo che chi di competenza possa darti assistenza.

Se ti limit a dire che non c'è nulla da fare e non posti i log delle scansioni difficilmente qualcuno potrà aiutarti.;)

Ciao a tutti, sono nuovo di qui, vorrei sapere se potete aiutarmi a rimuovere dal pc questo fastidioso dialer che interrompe la mia connessione adsl.
Ho fatto la scansione con "FindAWF" come ho letto sul forum e allego il report che ne risulta, spero in un vostro aiuto perchè non so come fare.
Grazie a tutti e saluti.

Ciao a tutti, sono nuovo di qui, vorrei sapere se potete aiutarmi a rimuovere dal pc questo fastidioso dialer che interrompe la mia connessione adsl.
Ho fatto la scansione con "FindAWF" come ho letto sul forum e allego il report che ne risulta, spero in un vostro aiuto perchè non so come fare.
Grazie a tutti e saluti.

E' necessario che tu esegua la guida alla disinfezione. Segui quanto suggerito in questo link:

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

:)

awf.txt (http://wikisend.com/download/610738/awf.txt)

http://wikisend.com/download/610738/awf.txt

SAlve,
mi aiutate please?
aWF MI HA DATO un log vuoto e l'ho postato come avete scritto voi su wikisend...questi che ho scritto sopra sono i link (uno era download e uno forumlink) non so quale vi serva per aiutarmi e li scrivo entrambi.
Ora cosa dovrei fare?
Grazie. Ma questi dialer sono proprio rompi, perchè la gente si diverte a creare virus?????

awf.txt (http://wikisend.com/download/610738/awf.txt)

http://wikisend.com/download/610738/awf.txt

SAlve,
mi aiutate please?
aWF MI HA DATO un log vuoto e l'ho postato come avete scritto voi su wikisend...questi che ho scritto sopra sono i link (uno era download e uno forumlink) non so quale vi serva per aiutarmi e li scrivo entrambi.
Ora cosa dovrei fare?
Grazie. Ma questi dialer sono proprio rompi, perchè la gente si diverte a creare virus?????

log puliti, segui la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

awf.txt (http://wikisend.com/download/610738/awf.txt)

http://wikisend.com/download/610738/awf.txt

SAlve,
mi aiutate please?
aWF MI HA DATO un log vuoto e l'ho postato come avete scritto voi su wikisend...questi che ho scritto sopra sono i link (uno era download e uno forumlink) non so quale vi serva per aiutarmi e li scrivo entrambi.
Ora cosa dovrei fare?
Grazie. Ma questi dialer sono proprio rompi, perchè la gente si diverte a creare virus?????


Benvenuta.

Il log è pulito.

Clicca sul link che ti lascio sotto e segui le istruzioni.

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Mi raccomando di postare tutti i log delle scansioni che devi fare seguendo la guida per infetti.

Ciao il tuo log è pulito segui queste indicazioni http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Ciao ragazzi ho postato qualche tempo fa i log di awf, ho ottenuto risposta e ho fatto tutte le operazioni.. ma credo di essere stato di nuovo contagiato da questo dialer.. quindi vi riposto i log di awf..
Grazie 1000, ciao!

Ciao ragazzi ho postato qualche tempo fa i log di awf, ho ottenuto risposta e ho fatto tutte le operazioni.. ma credo di essere stato di nuovo contagiato da questo dialer.. quindi vi riposto i log di awf..
Grazie 1000, ciao!

Ciao.

Copia questo script in Avenger:



Files to move:

C:\Programmi\AntiVir PersonalEdition Classic\bak\avgnt.exe | C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Auto Power-on\bak\AutoPowerOn.exe | C:\Programmi\Auto Power-on\AutoPowerOn.exe
C:\Programmi\D-Tools\bak\daemon.exe | C:\Programmi\D-Tools\daemon.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\SB Drive Det\bak\SBDrvDet.exe | C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe
C:\Programmi\Creative\Shared Files\bak\CTSched.exe | C:\Programmi\Creative\Shared Files\CTSched.exe
C:\Programmi\Creative\Sync Manager Unicode\bak\CTSyncU.exe | C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe | C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\NVRTClk\bak\NVRTClk.exe | C:\WINDOWS\system32\NVRTClk\NVRTClk.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Creative\Creative ZEN\ZEN Media Explorer\bak\CTCheck.exe | C:\Programmi\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Programmi\Creative\MediaSource\Go\bak\CTCMSGo.exe | C:\Programmi\Creative\MediaSource\Go\CTCMSGo.exe
C:\Programmi\Creative\MediaSource\RemoteControl\bak\RcMan.exe | C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE | C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe | C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\Shared Files\Media Sniffer\bak\MtdAcq.EXE | C:\Programmi\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe



Dopo il riavvio del pc posta un nuovo log di FindAWF.

Ciao! Grazie 1000 per la risposta velocissima.. ho fatto quello che mi hai detto e ho riavviato, ecco i nuovi log.
ancora grazie tante

Ciao! Grazie 1000 per la risposta velocissima.. ho fatto quello che mi hai detto e ho riavviato, ecco i nuovi log.
ancora grazie tante

perfetto, ora le cartelle bak rimanenti le puoi eliminare manualmente :)

ciao ragazzi,
ho un' infezione del dialer internet connection, volevo mandare il txt con il report di AWF ma mi risultava vuoto (ma perchè poi mentre ad altri non succede?), quindi come mi è stato consigliato ho seguito la procedura per pc infetti che mi è stata suggerita qui da un utente che ringrazio, quindi pubblico i risultati dei vari controlli sperando che qualcuno ci capisca qualcosa e mi aiuti (non pubblico i controlli che non hanno dato riscontro), la prossima volta con tutti i virus che girano mi compro un MAC!
Grazie a tutti ragazzi.

ciao ragazzi,
ho un' infezione del dialer internet connection, volevo mandare il txt con il report di AWF ma mi risultava vuoto (ma perchè poi mentre ad altri non succede?), quindi come mi è stato consigliato ho seguito la procedura per pc infetti che mi è stata suggerita qui da un utente che ringrazio, quindi pubblico i risultati dei vari controlli sperando che qualcuno ci capisca qualcosa e mi aiuti (non pubblico i controlli che non hanno dato riscontro), la prossima volta con tutti i virus che girano mi compro un MAC!
Grazie a tutti ragazzi.

non devi unire i file! rifai i log e lasciali singoli, inviali su uno dei server consigliati e incolla il solo link al download con magari affianco il nome del file :)

ok grazie, ho separato i log, posto i link:

scansione con:
_ F-Secure http://wikisend.com/download/793676/F-Secure.txt
_ HiJackThis http://wikisend.com/download/608574/HiJackThis.txt
_ A-Squared http://wikisend.com/download/538128/A-Squared free.txt

manca dr.web, prevxCsi, SysInspector :)

ok grazie, ho separato i log, posto i link:

scansione con:
_ F-Secure http://wikisend.com/download/793676/F-Secure.txt
_ HiJackThis http://wikisend.com/download/608574/HiJackThis.txt
_ A-Squared http://wikisend.com/download/538128/A-Squared free.txt
F-secure:
Trojan.Win32.Pakes.cup (virus)
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\HPHMON05.EXE
C:\WINDOWS\SYSTEM32\NEROCHECK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\PROGRAMMI\THRUSTMASTER\FUNACCESS\PSPAP .EXE (Renamed & Submitted)
C:\PROGRAMMI\MULTIMEDIA CARD READER\SHWICON2K.EXE
C:\PROGRAMMI\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\HPHUPD05 .EXE
C:\PROGRAMMI\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\HPHUPD05.EXE
C:\PROGRAMMI\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAMMI\HP\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAMMI\HP\DIGITAL IMAGING\BIN\BACKUPNOTIFY.EXE
C:\PROGRAMMI\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAMMI\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\HP\KBD\KBD.EXE

il log di a-squared è stranamente vuoto quindi rifallo e poi rifai anche quello di HiJackThis :)

ragazzi, mi consigliate un antivirus free che sia davvero efficace secondo voi e che magari sia in italiano?
grazie!:D

ragazzi, mi consigliate un antivirus free che sia davvero efficace secondo voi e che magari sia in italiano?
grazie!:D

Avira Antivir Classic o chiedi nel thread specifico: Antivirus Free (http://www.hwupgrade.it/forum/showthread.php?t=1380769)

Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie

Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie

Allegami un log di questo tool, grazie.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Allegami un log di questo tool, grazie.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Intanto grazie a te...
allego qui perchè sono tre righe:


Ran on 19/05/2008 - 23.22.06,18

Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie
Fixa:

O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S87.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Luca\IMPOST~1\Temp\{BE88B6E5-6562-43FB-B2F7-0912086DF8EF}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0010"
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck .exe


:)

Fixa:

O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S87.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Luca\IMPOST~1\Temp\{BE88B6E5-6562-43FB-B2F7-0912086DF8EF}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0010"
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck .exe


:)

Fixata... riprovo.. speriamo...

Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie
sbaglio o a-squared non l'hai fatto in scansione deep....

Fixata... riprovo.. speriamo...

Allega un nuovo log c'è qualcosa che non mi convince

Ve lo avevo già mandato un file Awf, voi mi avete mandato lo script, però al momento di eseguirlo mi dice "invalid script".
Mi potete inviare lo script aggiornato ed eventualmente dirmi come posso fare ad eseguirlo.
Grazie!!!

Nel nuovo log di awf non ci sono duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

Se poi non bastasse la segui fino in fondo.

Allega un nuovo log c'è qualcosa che non mi convince

Nuovo log:

Nuovo log:

In riferimento a questo post, hai messo RenV in una cartella dedicata sul Desktop?
http://www.hwupgrade.it/forum/showpost.php?p=22524992&postcount=2357 inoltre i dici che ci sono tre righe ma io ne vedo una.

Ran on 19/05/2008 - 23.22.06,18

@ Chill-Out, no non ho creato una cartella dedicata sul desktop...
devo creare una cartella e chiamarla con qualsiasi nome oppure come.
Le righe sono 3 perchè ci sono anche i tag [**code] e [**/code]
in realtà è solo 1 come vedi nel post
Grazie

@ Chill-Out, no non ho creato una cartella dedicata sul desktop...
devo creare una cartella e chiamarla con qualsiasi nome oppure come.
Le righe sono 3 perchè ci sono anche i tag [**code] e [**/code]
in realtà è solo 1 come vedi nel post
Grazie

crea una directory e metticelo dentro :)

Creato la directory sul desktop
lanciato RenV.. allego il log che è come prima
allego anche il log della scansione deep di a-squared ma non ha trovato nulla
a parte VNC

Creato la directory sul desktop
lanciato RenV.. allego il log che è come prima
allego anche il log della scansione deep di a-squared ma non ha trovato nulla
a parte VNC

Di recente hai percaso avuto problemi col Trojan Vundo?

Di recente hai percaso avuto problemi col Trojan Vundo?

Il pc è di un amico, non so se ha avuto problemi con vundo, provo a chiederlo, anche se credo non sappia rispondermi

devi seguire la guida, ma comincia a postare il log di a-squared scansione deep ( che è comunque il primo scan da fare anche in guida)
ciao

ecco il log chiestomi, grazie, ciao.

ecco il log chiestomi, grazie, ciao.
non ha trovato nulla, a questo punto devi seguire tutta la guida.

Ricapitolando, dopo aver disabilitato il ripristino di sistema, fatto la pulizia dei file inutili e cancellato gli asd con ADS Scanner, vogliamo necessariamente in ordine (altrimenti dovrai comunque rifarli):

log di A-squared scansione deep aggiornato ad oggi già fatta
log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
log di Dr.Web CureIT scaricato oggi
log di ESET SysInspector
log di HiJackThis
log di Gmer
log di PrevxCSI

Forse l'ho preso anch'io e sto seguendo tutte le guide on-line e lanciando tutti i tool possibili e immaginabili ma senza successo al momento.

Non ho però trovato descrizioni dettagliate su questo malware (ammesso che questa sia la denominazione esatta). Dov'è descritto? Che numero tenta di chiamare?

Anche a me compare sempre "Internet Connection 000"

Forse l'ho preso anch'io e sto seguendo tutte le guide on-line e lanciando tutti i tool possibili e immaginabili ma senza successo al momento.

Non ho però trovato descrizioni dettagliate su questo malware (ammesso che questa sia la denominazione esatta). Dov'è descritto? Che numero tenta di chiamare?

Anche a me compare sempre "Internet Connection 000"
basta che segui il primo messaggio di questa discussione non serve altro :)

basta che segui il primo messaggio di questa discussione non serve altro :)

Ho provato, ma FindAWF non mi trova niente. Stavo provando altra roba perchè l'antivirus presente non trovava niente fino a un momento fa.

Poi mi è venuta una illuminazione :winner:

Ho appena aggiornato il mio antivirus Avast (prendendo il DB tramite un'altro computer connesso a internet) e mi sta finalmente trovando i due malware:


win32: Dialer-1378
win32: Dropper-AII

È di questi due che si sta trattando in questo thread?

vorremmo vedere il log ma se le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato a d oggi e poi alleghi il log

vorremmo vedere il log ma se le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato a d oggi e poi alleghi il log
Son tutte cose che avevo già fatto ma senza concludere niente (purtoppo i log non ce li ho più).
Comunque con Avast sembra essere andato tutto a posto. Nessuno sa niente di quei due menzionati sopra? Qual'è il nome del malware di cui si parla in questo thread?

Son tutte cose che avevo già fatto ma senza concludere niente (purtoppo i log non ce li ho più).
Comunque con Avast sembra essere andato tutto a posto. Nessuno sa niente di quei due menzionati sopra? Qual'è il nome del malware di cui si parla in questo thread?
quelli che hai te son tutt'altra cosa quindi segui la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nell'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

ciao a tutti sono nuova di questo forum..qualche giorno fa ho scritto su un'altro forum perchè mi ritrovo internet connection tra le connessioni..io ho alice adsl ..ora non mi crea fastidi ma qualche giorno fa mi cadeva la connessione in continuazine..cmq nell'altro forum mi hanno dato delle indicazioni per come toglierlo...in questo indirizzo ci sono i vari passaggi
http://www.p2pforum.it/forum/showthread.php?t=305744&page=2
dopo aver fatto tutto quello che mi è stato consigliato internet connection la trovo ancora tra le connessioni ... qualcuno mi può aiutare tenendo presente la mia scarsa conoscenza in pc?

da qualche giorno mi compare una internet connection
spero possiate aiutarmi a risolvere il problema e spero di aver postato bene i log

grazie


Dr.Web CureIT nessun virus rilevato

PrevxCSI rileva un virus ma non compare l'icone nella traybar e non riesco a spuntare l'opzione negli strumenti

a-squared Free - Version 3.5
Last update: N/A

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 20/05/2008 23.16.09

C:\Documents and Settings\Utente\Cookies\utente@190[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@atdmt[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@atdmt[3].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@bs.serving-sys[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@casalemedia[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@doubleclick[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@doubleclick[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@serving-sys[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@serving-sys[3].txt rilevati: Trace.TrackingCookie

Scansionati

Files: 1705
Tracce: 397918
Cookies: 114
Processi: 37

Rilevato

Files: 0
Tracce: 0
Cookies: 9
Processi: 0
Chiavi registro: 0

Fine scansione: 20/05/2008 23.22.40
Tempo scansione: 0:06:31



Scan
----
Scanned: 664
Detected: 0
Untreated: 0
Start time: 20/05/2008 23.46.42
Duration: 00.08.41
Finish time: 20/05/2008 23.55.23


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
20/05/2008 23.46.54 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe ok scanned
20/05/2008 23.46.54 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe ok scanned
20/05/2008 23.46.54 Running module: C:\WINDOWS\system32\ntdll.dll ok scanned
20/05/2008 23.46.54 File: C:\WINDOWS\system32\ntdll.dll ok scanned
20/05/2008 23.46.54 Running module: C:\WINDOWS\system32\kernel32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\kernel32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prremote.dll ok scanned
20/05/2008 23.46.55 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prremote.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\RPCRT4.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\ADVAPI32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\Secur32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\Secur32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\USER32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\USER32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\GDI32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\GDI32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll ok scanned
20/05/2008 23.46.56 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll ok scanned
20/05/2008 23.46.56 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll ok scanned
20/05/2008 23.46.56 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll ok scanned
20/05/2008 23.46.56 Running module: C:\WINDOWS\system32\msvcrt.dll ok scanned
20/05/2008 23.46.56 File: C:\WINDOWS\system32\msvcrt.dll ok scanned
20/05/2008 23.46.56 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\FSSync.dll ok scanned
20/05/2008 23.46.56 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\FSSync.dll ok scanned
20/05/2008 23.46.56 Running module: C:\WINDOWS\system32\SHELL32.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\SHELL32.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\SHLWAPI.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\ole32.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\ole32.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\IMM32.DLL ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\IMM32.DLL ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\uxtheme.dll ok scanned
20/05/2008 23.46.59 File: C:\WINDOWS\system32\uxtheme.dll ok scanned
20/05/2008 23.46.59 Running module: C:\WINDOWS\system32\MSCTF.dll ok scanned
20/05/2008 23.46.59 File: C:\WINDOWS\system32\MSCTF.dll ok scanned
20/05/2008 23.46.59 Running module: C:\WINDOWS\system32\msctfime.ime ok scanned
20/05/2008 23.46.59 File: C:\WINDOWS\system32\msctfime.ime ok scanned
20/05/2008 23.47.00 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\AVPGS.PPL ok scanned
20/05/2008 23.47.00 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\AVPGS.PPL ok scanned
20/05/2008 23.47.00 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prloader.dll ok scanned
20/05/2008 23.47.01 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prloader.dll ok scanned
20/05/2008 23.47.01 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prkernel.ppl ok scanned
20/05/2008 23.47.01 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prkernel.ppl ok scanned
20/05/2008 23.47.02 Running module: C:\WINDOWS\system32\userenv.dll ok scanned
20/05/2008 23.47.03 File: C:\WINDOWS\system32\userenv.dll ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\pxstub.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\pxstub.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\params.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\params.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\dtreg.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\dtreg.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\nfio.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\nfio.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\fsdrvplg.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\fsdrvplg.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\mkavio.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\mkavio.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\tempfile.ppl ok scanned
20/05/2008 23.47.04 File: c:\documents and settings\all users\desktop\kaspersky lab tool\tempfile.ppl ok scanned
20/05/2008 23.47.04 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\avpgui.ppl ok scanned
20/05/2008 23.47.04 File: c:\documents and settings\all users\desktop\kaspersky lab tool\avpgui.ppl ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\WININET.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch
20/05/2008 23.47.04 File: C:\WINDOWS\system32\WININET.dll//PE_Patch ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\WININET.dll ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\Normaliz.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\Normaliz.dll ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\iertutil.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\iertutil.dll ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\OLEAUT32.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned
20/05/2008 23.47.05 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\basegui.ppl ok scanned
20/05/2008 23.47.05 File: c:\documents and settings\all users\desktop\kaspersky lab tool\basegui.ppl ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\VERSION.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\VERSION.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\WS2_32.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\WS2_32.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\WS2HELP.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\COMRes.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\COMRes.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\xpsp2res.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned
20/05/2008 23.47.06 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\thpimpl.ppl ok scanned
20/05/2008 23.47.06 File: c:\documents and settings\all users\desktop\kaspersky lab tool\thpimpl.ppl ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\fltlib.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\fltlib.dll ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\wtsapi32.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\wtsapi32.dll ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\WINSTA.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\WINSTA.dll ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\NETAPI32.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned
20/05/2008 23.47.06 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\qb.ppl ok scanned
20/05/2008 23.47.06 File: c:\documents and settings\all users\desktop\kaspersky lab tool\qb.ppl ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\appHelp.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\appHelp.dll ok scanned
20/05/2008 23.47.07 Running module: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL ok scanned
20/05/2008 23.47.07 File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL ok scanned
20/05/2008 23.47.07 Running module: C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL ok scanned
20/05/2008 23.47.07 File: C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL ok scanned
20/05/2008 23.47.07 Running module: C:\WINDOWS\system32\CRYPT32.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\system32\MSASN1.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\MSASN1.dll ok scanned
20/05/2008 23.47.08 Running module: C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL ok scanned
20/05/2008 23.47.08 File: C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\system32\rsaenh.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\rsaenh.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\system32\MSImg32.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\MSImg32.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\System32\cscui.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\System32\cscui.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\System32\CSCDLL.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\System32\CSCDLL.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\SETUPAPI.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\winmm.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\winmm.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\wdmaud.drv ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\wdmaud.drv ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\WINTRUST.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\msacm32.drv ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\msacm32.drv ok scanned
20/05/2008 23.47.10 Running module: C:\WINDOWS\system32\MSACM32.dll ok scanned
20/05/2008 23.47.10 File: C:\WINDOWS\system32\MSACM32.dll ok scanned
20/05/2008 23.47.10 Running module: C:\WINDOWS\system32\midimap.dll ok scanned
20/05/2008 23.47.10 File: C:\WINDOWS\system32\midimap.dll ok scanned
20/05/2008 23.47.10 Running module: C:\Programmi\IncrediMail\bin\B4ImApp.dll ok scanned
20/05/2008 23.47.10 File: C:\Programmi\IncrediMail\bin\B4ImApp.dll ok scanned
20/05/2008 23.47.10 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\report.ppl ok scanned
20/05/2008 23.47.10 File: c:\documents and settings\all users\desktop\kaspersky lab tool\report.ppl ok scanned
20/05/2008 23.47.10 File: c:\windows\system32\mmdrv.dll ok scanned
20/05/2008 23.47.11 File: c:\windows\system\timer.drv ok scanned
20/05/2008 23.47.11 File: c:\windows\system32\mshta.exe ok scanned
20/05/2008 23.47.12 File: C:\WINDOWS\system32\notepad.exe ok scanned
20/05/2008 23.47.12 File: c:\windows\regedit.exe ok scanned
20/05/2008 23.47.14 File: c:\programmi\gretech\gomplayer\gom.exe ok scanned
20/05/2008 23.47.15 File: c:\programmi\microsoft office\office12\msaccess.exe ok scanned
20/05/2008 23.47.16 File: C:\WINDOWS\system32\accwiz.exe ok scanned
20/05/2008 23.47.16 File: c:\programmi\windows media player\wmplayer.exe ok scanned
20/05/2008 23.47.17 File: c:\windows\system32\rundll32.exe ok scanned
20/05/2008 23.47.17 File: c:\windows\system32\cryptext.dll ok scanned
20/05/2008 23.47.18 File: c:\programmi\outlook express\wab.exe ok scanned
20/05/2008 23.47.18 File: c:\windows\hh.exe ok scanned
20/05/2008 23.47.18 File: c:\windows\system32\clipbrd.exe ok scanned
20/05/2008 23.47.20 File: c:\progra~1\micros~2\office12\excel.exe ok scanned
20/05/2008 23.47.21 File: C:\WINDOWS\system32\rundll32.exe ok scanned
20/05/2008 23.47.21 File: c:\windows\system32\netshell.dll ok scanned
20/05/2008 23.47.21 File: c:\windows\system32\shimgvw.dll ok scanned
20/05/2008 23.47.21 File: c:\programmi\microsoft office\office12\excel.exe ok scanned
20/05/2008 23.47.22 File: C:\WINDOWS\explorer.exe ok scanned
20/05/2008 23.47.22 File: C:\WINDOWS\system32\fontview.exe ok scanned
20/05/2008 23.47.22 File: c:\programmi\internet explorer\iexplore.exe ok scanned
20/05/2008 23.47.24 File: c:\progra~1\micros~2\office12\groove.exe packed file PE_Patch
20/05/2008 23.47.24 File: c:\progra~1\micros~2\office12\groove.exe//PE_Patch ok scanned
20/05/2008 23.47.24 File: c:\progra~1\micros~2\office12\groove.exe ok scanned
20/05/2008 23.47.24 File: c:\windows\system32\msconf.dll ok scanned
20/05/2008 23.47.25 File: c:\windows\winhlp32.exe ok scanned
20/05/2008 23.47.25 File: C:\WINDOWS\system32\winhlp32.exe ok scanned
20/05/2008 23.47.25 File: c:\programmi\windows nt\hypertrm.exe ok scanned
20/05/2008 23.47.27 File: c:\programmi\java\jre1.6.0_05\bin\javaw.exe ok scanned
20/05/2008 23.47.27 File: c:\programmi\java\jre1.6.0_05\bin\javaws.exe ok scanned
20/05/2008 23.47.28 File: C:\WINDOWS\system32\wscript.exe ok scanned
20/05/2008 23.47.28 File: c:\programmi\microsoft office\office12\mstore.exe packed file PE_Patch
20/05/2008 23.47.28 File: c:\programmi\microsoft office\office12\mstore.exe//PE_Patch ok scanned
20/05/2008 23.47.29 File: c:\programmi\microsoft office\office12\mstore.exe ok scanned
20/05/2008 23.47.30 File: C:\WINDOWS\system32\ntbackup.exe ok scanned
20/05/2008 23.47.31 File: C:\WINDOWS\system32\mmc.exe ok scanned
20/05/2008 23.47.32 File: C:\WINDOWS\system32\shell32.dll ok scanned
20/05/2008 23.47.33 File: C:\WINDOWS\system32\desk.cpl ok scanned
20/05/2008 23.47.35 File: c:\progra~1\micros~2\office12\ois.exe packed file PE_Patch
20/05/2008 23.47.35 File: c:\progra~1\micros~2\office12\ois.exe//PE_Patch ok scanned
20/05/2008 23.47.35 File: c:\progra~1\micros~2\office12\ois.exe ok scanned
20/05/2008 23.47.36 File: C:\WINDOWS\system32\rasphone.exe ok scanned
20/05/2008 23.47.36 File: C:\WINDOWS\system32\perfmon.exe ok scanned
20/05/2008 23.47.38 File: c:\programmi\cyberlink\powerdvd\powerdvd.exe ok scanned
20/05/2008 23.47.38 File: c:\programmi\microsoft office\office12\powerpnt.exe ok scanned
20/05/2008 23.47.38 File: c:\windows\system32\msrating.dll ok scanned
20/05/2008 23.47.39 File: c:\programmi\windows nt\accessori\wordpad.exe ok scanned
20/05/2008 23.47.39 File: c:\windows\notepad.exe ok scanned
20/05/2008 23.47.39 File: c:\windows\explorer.exe ok scanned
20/05/2008 23.47.41 File: c:\programmi\cyberlink\common\updateipr.exe ok scanned
20/05/2008 23.47.42 File: C:\WINDOWS\system32\wpnpinst.exe ok scanned
20/05/2008 23.47.45 File: c:\programmi\microsoft office\office12\winword.exe ok scanned
20/05/2008 23.47.46 File: c:\windows\system32\shell32.dll ok scanned
20/05/2008 23.47.49 File: c:\windows\system32\drwtsn32.exe ok scanned
20/05/2008 23.47.49 File: c:\windows\system32\userinit.exe ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\crypt32.dll ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\cryptnet.dll ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\cscdll.dll ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\wlnotify.dll ok scanned
20/05/2008 23.47.51 File: c:\windows\system32\sclgntfy.dll ok scanned
20/05/2008 23.47.51 File: c:\windows\system32\wgalogon.dll ok scanned
20/05/2008 23.47.51 File: c:\programmi\microsoft office\office12\groovemonitor.exe packed file PE_Patch
20/05/2008 23.47.51 File: c:\programmi\microsoft office\office12\groovemonitor.exe//PE_Patch ok scanned
20/05/2008 23.47.51 File: c:\programmi\microsoft office\office12\groovemonitor.exe ok scanned
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe packed file PE_Patch.UPX
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe ok scanned
20/05/2008 23.47.52 File: c:\progra~1\grisoft\avg7\avgcc.exe ok scanned
20/05/2008 23.47.52 File: c:\programmi\quicktime\qttask.exe ok scanned
20/05/2008 23.47.53 File: c:\programmi\itunes\ituneshelper.exe ok scanned
20/05/2008 23.47.53 File: c:\windows\soundman.exe ok scanned
20/05/2008 23.47.53 File: c:\windows\system32\stmctrl.dll ok scanned
20/05/2008 23.47.53 File: c:\windows\system\cmicnfg.cpl ok scanned
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe packed file PE_Patch.UPX
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe ok scanned
20/05/2008 23.47.54 File: c:\programmi\java\jre1.6.0_05\bin\jusched.exe//# ok scanned
20/05/2008 23.47.54 File: c:\programmi\java\jre1.6.0_05\bin\jusched.exe ok scanned
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe packed file PE_Patch.UPX
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe ok scanned
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe packed file PE_Patch.UPX
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe ok scanned
20/05/2008 23.47.56 File: c:\documents and settings\all users\desktop\kaspersky lab tool\setup_7.0.0.180_18.05.2008_00-35.exe ok scanned
20/05/2008 23.47.57 File: c:\windows\system32\ctfmon.exe ok scanned
20/05/2008 23.47.58 File: c:\progra~1\grisoft\avg7\avgw.exe ok scanned
20/05/2008 23.47.58 File: c:\windows\system32\runonce.exe ok scanned
20/05/2008 23.48.00 File: c:\programmi\incredimail\bin\incmail.exe ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe packed file PE_Patch.PECompact
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact packed file PecBundle
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact//PecBundle packed file PECompact
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact//PecBundle//PECompact ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact//PecBundle ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe ok scanned
20/05/2008 23.48.03 File: C:\WINDOWS\system32\alrsvc.dll ok scanned
20/05/2008 23.48.03 File: C:\WINDOWS\system32\appmgmts.dll ok scanned
20/05/2008 23.48.03 File: C:\WINDOWS\system32\audiosrv.dll ok scanned
20/05/2008 23.48.04 File: c:\windows\system32\qmgr.dll ok scanned
20/05/2008 23.48.04 File: C:\WINDOWS\system32\browser.dll ok scanned
20/05/2008 23.48.05 File: C:\WINDOWS\system32\cryptsvc.dll ok scanned
20/05/2008 23.48.05 File: C:\WINDOWS\system32\rpcss.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\dhcpcsvc.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\dmserver.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\dnsrslvr.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\ersvc.dll ok scanned
20/05/2008 23.48.07 File: c:\windows\system32\es.dll ok scanned
20/05/2008 23.48.07 File: C:\WINDOWS\system32\shsvcs.dll ok scanned
20/05/2008 23.48.07 File: C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll ok scanned
20/05/2008 23.48.08 File: C:\WINDOWS\system32\hidserv.dll ok scanned
20/05/2008 23.48.08 File: C:\WINDOWS\system32\w3ssl.dll ok scanned
20/05/2008 23.48.08 File: C:\WINDOWS\system32\srvsvc.dll ok scanned
20/05/2008 23.48.09 File: C:\WINDOWS\system32\wkssvc.dll ok scanned
20/05/2008 23.48.09 File: C:\WINDOWS\system32\lmhsvc.dll ok scanned
20/05/2008 23.48.09 File: C:\WINDOWS\system32\msgsvc.dll ok scanned
20/05/2008 23.48.10 File: C:\WINDOWS\system32\netman.dll ok scanned
20/05/2008 23.48.11 File: C:\WINDOWS\system32\mswsock.dll ok scanned
20/05/2008 23.48.12 File: C:\WINDOWS\system32\ntmssvc.dll ok scanned
20/05/2008 23.48.13 File: C:\WINDOWS\system32\rasauto.dll ok scanned
20/05/2008 23.48.14 File: C:\WINDOWS\system32\rasmans.dll ok scanned
20/05/2008 23.48.14 File: C:\WINDOWS\system32\mprdim.dll ok scanned
20/05/2008 23.48.14 File: C:\WINDOWS\system32\regsvc.dll ok scanned
20/05/2008 23.48.15 File: C:\WINDOWS\system32\schedsvc.dll ok scanned
20/05/2008 23.48.15 File: C:\WINDOWS\system32\seclogon.dll ok scanned
20/05/2008 23.48.15 File: C:\WINDOWS\system32\sens.dll ok scanned
20/05/2008 23.48.16 File: C:\WINDOWS\system32\ipnathlp.dll ok scanned
20/05/2008 23.48.16 File: c:\windows\system32\srsvc.dll ok scanned
20/05/2008 23.48.17 File: C:\WINDOWS\system32\ssdpsrv.dll ok scanned
20/05/2008 23.48.17 File: C:\WINDOWS\system32\wiaservc.dll ok scanned
20/05/2008 23.48.18 File: C:\WINDOWS\system32\tapisrv.dll ok scanned
20/05/2008 23.48.19 File: C:\WINDOWS\system32\termsrv.dll ok scanned
20/05/2008 23.48.19 File: C:\WINDOWS\system32\trkwks.dll ok scanned
20/05/2008 23.48.19 File: C:\WINDOWS\system32\upnphost.dll ok scanned
20/05/2008 23.48.20 File: c:\windows\system32\w32time.dll ok scanned
20/05/2008 23.48.20 File: C:\WINDOWS\system32\webclnt.dll ok scanned
20/05/2008 23.48.21 File: C:\WINDOWS\system32\wbem\wmisvc.dll ok scanned
20/05/2008 23.48.21 File: c:\windows\system32\mspmsnsv.dll ok scanned
20/05/2008 23.48.22 File: C:\WINDOWS\system32\advapi32.dll ok scanned
20/05/2008 23.48.22 File: C:\WINDOWS\system32\wscsvc.dll ok scanned
20/05/2008 23.48.22 File: c:\windows\system32\wuauserv.dll ok scanned
20/05/2008 23.48.23 File: C:\WINDOWS\system32\wudfsvc.dll ok scanned
20/05/2008 23.48.23 File: C:\WINDOWS\system32\wzcsvc.dll ok scanned
20/05/2008 23.48.23 File: C:\WINDOWS\system32\xmlprov.dll ok scanned
20/05/2008 23.48.27 File: c:\windows\system32\drivers\61883.sys ok scanned
20/05/2008 23.48.28 File: c:\programmi\a-squared free\a2service.exe packed file PE_Patch.UPX
20/05/2008 23.48.29 File: c:\programmi\a-squared free\a2service.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.48.30 File: c:\programmi\a-squared free\a2service.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.48.32 File: c:\programmi\a-squared free\a2service.exe//PE_Patch.UPX ok scanned
20/05/2008 23.48.32 File: c:\programmi\a-squared free\a2service.exe ok scanned
20/05/2008 23.48.33 File: c:\windows\system32\drivers\acpi.sys ok scanned
20/05/2008 23.48.33 File: c:\windows\system32\drivers\aec.sys ok scanned
20/05/2008 23.48.33 File: C:\WINDOWS\system32\drivers\afd.sys ok scanned
20/05/2008 23.48.34 File: c:\windows\system32\drivers\alcxwdm.sys ok scanned
20/05/2008 23.48.35 File: C:\WINDOWS\system32\svchost.exe ok scanned
20/05/2008 23.48.36 File: C:\WINDOWS\system32\alg.exe ok scanned
20/05/2008 23.48.36 File: c:\windows\system32\drivers\arp1394.sys ok scanned
20/05/2008 23.48.37 File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe packed file PE_Patch
20/05/2008 23.48.37 File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe//PE_Patch ok scanned
20/05/2008 23.48.37 File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\asyncmac.sys ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\atapi.sys ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\atmarpc.sys ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\audstub.sys ok scanned
20/05/2008 23.48.39 File: c:\windows\system32\drivers\avc.sys ok scanned
20/05/2008 23.48.39 File: c:\progra~1\grisoft\avg7\avgamsvr.exe ok scanned
20/05/2008 23.48.39 File: C:\WINDOWS\system32\drivers\avg7core.sys ok scanned
20/05/2008 23.48.40 File: C:\WINDOWS\system32\drivers\avg7rsw.sys ok scanned
20/05/2008 23.48.40 File: C:\WINDOWS\system32\drivers\avg7rsxp.sys ok scanned
20/05/2008 23.48.40 File: c:\progra~1\grisoft\avg7\avgupsvc.exe ok scanned
20/05/2008 23.48.41 File: C:\WINDOWS\system32\drivers\avgclean.sys ok scanned
20/05/2008 23.48.41 File: c:\progra~1\grisoft\avg7\avgemc.exe ok scanned
20/05/2008 23.48.41 File: C:\WINDOWS\system32\drivers\avgtdi.sys ok scanned
20/05/2008 23.48.42 File: c:\windows\system32\drivers\ccdecode.sys ok scanned
20/05/2008 23.48.42 File: c:\windows\system32\drivers\cdrom.sys ok scanned
20/05/2008 23.48.42 File: C:\WINDOWS\system32\cisvc.exe ok scanned
20/05/2008 23.48.42 File: C:\WINDOWS\system32\clipsrv.exe ok scanned
20/05/2008 23.48.43 File: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe ok scanned
20/05/2008 23.48.44 File: c:\windows\system32\drivers\cmuda.sys ok scanned
20/05/2008 23.48.44 File: c:\windows\system32\dllhost.exe ok scanned
20/05/2008 23.48.45 File: c:\programmi\prevxcsi\prevxcsi.exe packed file UPX
20/05/2008 23.48.46 File: c:\programmi\prevxcsi\prevxcsi.exe//UPX ok scanned
20/05/2008 23.48.53 File: c:\programmi\prevxcsi\prevxcsi.exe ok scanned
20/05/2008 23.48.54 File: c:\windows\system32\drivers\disk.sys ok scanned
20/05/2008 23.48.55 File: C:\WINDOWS\system32\dmadmin.exe ok scanned
20/05/2008 23.48.55 File: c:\windows\system32\drivers\dmboot.sys packed file PE_Patch
20/05/2008 23.48.58 File: c:\windows\system32\drivers\dmboot.sys//PE_Patch ok scanned
20/05/2008 23.48.58 File: c:\windows\system32\drivers\dmboot.sys ok scanned
20/05/2008 23.48.58 File: c:\windows\system32\drivers\dmio.sys ok scanned
20/05/2008 23.48.59 File: c:\windows\system32\drivers\dmload.sys ok scanned
20/05/2008 23.49.00 File: c:\windows\system32\drivers\dmusic.sys ok scanned
20/05/2008 23.49.00 File: c:\windows\system32\drivers\drmkaud.sys ok scanned
20/05/2008 23.49.01 File: C:\WINDOWS\system32\services.exe ok scanned
20/05/2008 23.49.01 File: c:\windows\system32\svchost.exe ok scanned
20/05/2008 23.49.02 File: c:\windows\system32\drivers\fdc.sys ok scanned
20/05/2008 23.49.03 File: c:\windows\system32\drivers\flpydisk.sys ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\fltmgr.sys packed file PE_Patch
20/05/2008 23.49.04 File: c:\windows\system32\drivers\fltmgr.sys//PE_Patch ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\fltmgr.sys ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\ftdisk.sys ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\gameenum.sys ok scanned
20/05/2008 23.49.05 File: c:\windows\system32\drivers\gearaspiwdm.sys ok scanned
20/05/2008 23.49.05 File: c:\windows\system32\drivers\msgpc.sys ok scanned
20/05/2008 23.49.05 File: c:\windows\system32\drivers\hidusb.sys ok scanned
20/05/2008 23.49.06 File: c:\windows\system32\drivers\http.sys ok scanned
20/05/2008 23.49.06 File: c:\windows\system32\drivers\i8042prt.sys ok scanned
20/05/2008 23.49.07 File: c:\windows\system32\drivers\imapi.sys ok scanned
20/05/2008 23.49.08 File: c:\windows\system32\imapi.exe ok scanned
20/05/2008 23.49.09 File: c:\windows\system32\drivers\ip6fw.sys ok scanned
20/05/2008 23.49.10 File: c:\windows\system32\drivers\ipfltdrv.sys ok scanned
20/05/2008 23.49.10 File: c:\windows\system32\drivers\ipinip.sys ok scanned
20/05/2008 23.49.11 File: c:\windows\system32\drivers\ipnat.sys ok scanned
20/05/2008 23.49.14 File: c:\programmi\ipod\bin\ipodservice.exe ok scanned
20/05/2008 23.49.15 File: c:\windows\system32\drivers\ipsec.sys ok scanned
20/05/2008 23.49.15 File: c:\windows\system32\drivers\irenum.sys ok scanned
20/05/2008 23.49.16 File: c:\windows\system32\drivers\isapnp.sys ok scanned
20/05/2008 23.49.16 File: c:\windows\system32\drivers\kbdclass.sys ok scanned
20/05/2008 23.49.17 File: c:\windows\system32\drivers\kbdhid.sys ok scanned
20/05/2008 23.49.17 File: c:\windows\system32\drivers\klif.sys ok scanned
20/05/2008 23.49.18 File: c:\windows\system32\drivers\kmixer.sys ok scanned
20/05/2008 23.49.19 File: c:\programmi\file comuni\microsoft shared\vs7debug\mdm.exe ok scanned
20/05/2008 23.49.19 File: c:\programmi\microsoft office\office12\grooveauditservice.exe ok scanned
20/05/2008 23.49.19 File: c:\windows\system32\mnmsrvc.exe ok scanned
20/05/2008 23.49.19 File: c:\windows\system32\drivers\motmodem.sys ok scanned
20/05/2008 23.49.20 File: c:\windows\system32\drivers\mouclass.sys ok scanned
20/05/2008 23.49.20 File: c:\windows\system32\drivers\mouhid.sys ok scanned
20/05/2008 23.49.21 File: c:\windows\system32\drivers\mrxdav.sys packed file PE_Patch
20/05/2008 23.49.22 File: c:\windows\system32\drivers\mrxdav.sys//PE_Patch ok scanned
20/05/2008 23.49.23 File: c:\windows\system32\drivers\mrxdav.sys ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\drivers\mrxsmb.sys packed file PE_Patch
20/05/2008 23.49.24 File: c:\windows\system32\drivers\mrxsmb.sys//PE_Patch ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\drivers\mrxsmb.sys ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\msdtc.exe ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\drivers\msdv.sys ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\msiexec.exe ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\drivers\mskssrv.sys ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\drivers\mspclock.sys ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\drivers\mspqm.sys ok scanned
20/05/2008 23.49.26 File: c:\windows\system32\drivers\mssmbios.sys ok scanned
20/05/2008 23.49.26 File: c:\windows\system32\drivers\mstee.sys ok scanned
20/05/2008 23.49.26 File: c:\windows\system32\drivers\msmpu401.sys ok scanned
20/05/2008 23.49.27 File: c:\windows\system32\drivers\nabtsfec.sys ok scanned
20/05/2008 23.49.29 File: c:\programmi\nero\nero 7\nero backitup\nbservice.exe ok scanned
20/05/2008 23.49.29 File: c:\windows\system32\drivers\nchssvad.sys ok scanned
20/05/2008 23.49.29 File: c:\windows\system32\drivers\ndisip.sys ok scanned
20/05/2008 23.49.29 File: c:\windows\system32\drivers\ndistapi.sys ok scanned
20/05/2008 23.49.30 File: c:\windows\system32\drivers\ndisuio.sys ok scanned
20/05/2008 23.49.30 File: c:\windows\system32\drivers\ndiswan.sys ok scanned
20/05/2008 23.49.31 File: c:\windows\system32\drivers\netbios.sys ok scanned
20/05/2008 23.49.32 File: c:\windows\system32\drivers\netbt.sys ok scanned
20/05/2008 23.49.33 File: C:\WINDOWS\system32\netdde.exe ok scanned
20/05/2008 23.49.33 File: C:\WINDOWS\system32\lsass.exe ok scanned
20/05/2008 23.49.34 File: c:\windows\system32\drivers\nic1394.sys ok scanned
20/05/2008 23.49.34 File: c:\programmi\file comuni\ahead\lib\nmindexingservice.exe ok scanned
20/05/2008 23.49.35 File: c:\windows\system32\drivers\nwlnkflt.sys ok scanned
20/05/2008 23.49.35 File: c:\windows\system32\drivers\nwlnkfwd.sys ok scanned
20/05/2008 23.49.35 File: c:\programmi\file comuni\microsoft shared\office12\odserv.exe packed file PE_Patch
20/05/2008 23.49.36 File: c:\programmi\file comuni\microsoft shared\office12\odserv.exe//PE_Patch ok scanned
20/05/2008 23.49.36 File: c:\programmi\file comuni\microsoft shared\office12\odserv.exe ok scanned
20/05/2008 23.49.36 File: c:\windows\system32\drivers\ohci1394.sys ok scanned
20/05/2008 23.49.37 File: c:\programmi\file comuni\microsoft shared\source engine\ose.exe ok scanned
20/05/2008 23.49.37 File: c:\windows\system32\drivers\parport.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\pci.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\pciide.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\pcouffin.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\raspptp.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\processr.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\psched.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\ptilink.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\pxark.sys ok scanned
20/05/2008 23.49.40 File: c:\windows\system32\drivers\rasacd.sys ok scanned
20/05/2008 23.49.40 File: c:\windows\system32\drivers\rasl2tp.sys ok scanned
20/05/2008 23.49.40 File: c:\windows\system32\drivers\raspppoe.sys ok scanned
20/05/2008 23.49.41 File: c:\windows\system32\drivers\raspti.sys ok scanned
20/05/2008 23.49.41 File: c:\windows\system32\drivers\rdbss.sys ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\drivers\rdpcdd.sys ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\drivers\rdpdr.sys ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\sessmgr.exe ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\drivers\redbook.sys ok scanned
20/05/2008 23.49.43 File: C:\WINDOWS\system32\locator.exe ok scanned
20/05/2008 23.49.43 File: c:\windows\system32\rpcss.dll ok scanned
20/05/2008 23.49.43 File: C:\WINDOWS\system32\rsvp.exe ok scanned
20/05/2008 23.49.43 File: c:\windows\system32\drivers\s3mt3d.sys ok scanned
20/05/2008 23.49.43 File: C:\WINDOWS\system32\scardsvr.exe ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\secdrv.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\serenum.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\serial.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\sisagp.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\sisnic.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\slip.sys ok scanned
20/05/2008 23.49.45 File: c:\windows\system32\drivers\sonypvu1.sys ok scanned
20/05/2008 23.49.45 File: c:\windows\system32\drivers\splitter.sys ok scanned
20/05/2008 23.49.45 File: C:\WINDOWS\system32\spoolsv.exe ok scanned
20/05/2008 23.49.45 File: C:\WINDOWS\system32\drivers\sr.sys packed file PE_Patch
20/05/2008 23.49.45 File: C:\WINDOWS\system32\drivers\sr.sys//PE_Patch ok scanned
20/05/2008 23.49.45 File: C:\WINDOWS\system32\drivers\sr.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\srv.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\stmatm.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\streamip.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\swenum.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\swmidi.sys ok scanned
20/05/2008 23.49.47 File: c:\windows\system32\drivers\sysaudio.sys ok scanned
20/05/2008 23.49.47 File: C:\WINDOWS\system32\smlogsvc.exe ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\drivers\torususb.sys ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\drivers\tcpip.sys ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\drivers\termdd.sys ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\tlntsvr.exe ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\update.sys ok scanned
20/05/2008 23.49.49 File: C:\WINDOWS\system32\ups.exe ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\usbccgp.sys ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\usbehci.sys ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\usbhub.sys ok scanned
20/05/2008 23.49.50 File: c:\windows\system32\drivers\usbohci.sys ok scanned
20/05/2008 23.49.50 File: c:\windows\system32\drivers\usbscan.sys ok scanned
20/05/2008 23.49.50 File: c:\windows\system32\drivers\usbstor.sys ok scanned
20/05/2008 23.49.50 File: c:\programmi\windows live\messenger\usnsvc.exe ok scanned
20/05/2008 23.49.50 File: C:\WINDOWS\system32\drivers\vga.sys ok scanned
20/05/2008 23.49.51 File: C:\WINDOWS\system32\vssvc.exe ok scanned
20/05/2008 23.49.51 File: c:\windows\system32\drivers\wanarp.sys ok scanned
20/05/2008 23.49.51 File: c:\windows\system32\drivers\wdf01000.sys ok scanned
20/05/2008 23.49.52 File: c:\windows\system32\drivers\wdmaud.sys ok scanned
20/05/2008 23.49.52 File: c:\programmi\windows live\installer\wlsetupsvc.exe ok scanned
20/05/2008 23.49.52 File: c:\windows\system32\wbem\wmiapsrv.exe ok scanned
20/05/2008 23.49.53 File: c:\programmi\windows media player\wmpnetwk.exe ok scanned
20/05/2008 23.49.53 File: c:\windows\system32\drivers\wstcodec.sys ok scanned
20/05/2008 23.49.53 File: c:\windows\system32\drivers\wudfpf.sys ok scanned
20/05/2008 23.49.53 File: c:\windows\system32\drivers\wudfrd.sys ok scanned
20/05/2008 23.49.55 File: c:\windows\system32\autochk.exe ok scanned
20/05/2008 23.49.56 File: c:\windows\system32\ieudinit.exe ok scanned
20/05/2008 23.49.57 File: c:\windows\inf\unregmp2.exe ok scanned
20/05/2008 23.49.58 File: c:\windows\system32\ie4uinit.exe ok scanned
20/05/2008 23.49.58 File: c:\windows\system32\iedkcs32.dll ok scanned
20/05/2008 23.49.58 File: C:\WINDOWS\system32\shmgrate.exe ok scanned
20/05/2008 23.49.59 File: C:\WINDOWS\system32\regsvr32.exe ok scanned
20/05/2008 23.49.59 File: C:\WINDOWS\system32\themeui.dll ok scanned
20/05/2008 23.50.00 File: C:\Programmi\outlook express\setup50.exe//# ok scanned
20/05/2008 23.50.00 File: C:\Programmi\outlook express\setup50.exe ok scanned
20/05/2008 23.50.00 File: c:\windows\system32\user.exe ok scanned
20/05/2008 23.50.00 File: c:\windows\system32\advpack.dll ok scanned
20/05/2008 23.50.01 File: c:\windows\inf\msnetmtg.inf ok scanned
20/05/2008 23.50.01 File: c:\windows\inf\wmp11.inf ok scanned
20/05/2008 23.50.01 File: c:\windows\system32\regsvr32.exe ok scanned
20/05/2008 23.50.02 File: c:\windows\system32\mscories.dll ok scanned
20/05/2008 23.50.02 File: c:\windows\system32\comm.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\vga.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\mmsystem.dll ok scanned
20/05/2008 23.50.02 File: c:\windows\system\keyboard.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\mouse.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\wfwnet.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system32\progman.exe ok scanned
20/05/2008 23.50.03 File: c:\windows\system\sound.drv ok scanned
20/05/2008 23.50.03 File: c:\windows\system\system.drv ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\midimap.dll ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\imaadp32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msadp32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msg711.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msgsm32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\tssoft32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\iccvid.dll ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msh263.drv ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\ir32_32.dll ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\ir41_32.ax ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\iyuv_32.dll ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\msrle32.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msvidc32.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msyuv.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\tsbyuv.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msacm32.drv ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\wdmaud.drv ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msg723.acm ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msh261.drv ok scanned
20/05/2008 23.50.06 File: c:\windows\system32\msaud32.acm ok scanned
20/05/2008 23.50.06 File: c:\windows\system32\sl_anet.acm ok scanned
20/05/2008 23.50.06 File: c:\windows\system32\iac25_32.ax ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\ir50_32.dll ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\l3codeca.acm ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\sirenacm.dll ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\msaud32_divx.acm packed file PECompact
20/05/2008 23.50.08 File: c:\windows\system32\msaud32_divx.acm//PECompact ok scanned
20/05/2008 23.50.08 File: c:\windows\system32\msaud32_divx.acm ok scanned
20/05/2008 23.50.09 File: c:\windows\system32\xvidvfw.dll ok scanned
20/05/2008 23.50.09 File: c:\windows\system32\vfwwdm32.dll ok scanned
20/05/2008 23.50.09 File: c:\windows\system32\webcheck.dll ok scanned
20/05/2008 23.50.10 File: c:\windows\system32\stobject.dll ok scanned
20/05/2008 23.50.11 File: c:\windows\system32\wpdshserviceobj.dll ok scanned
20/05/2008 23.50.11 File: c:\windows\system32\logon.scr ok scanned
20/05/2008 23.50.12 File: C:\WINDOWS\system32\logon.scr ok scanned
20/05/2008 23.50.12 File: c:\windows\system32\ssflwbox.scr ok scanned
20/05/2008 23.50.12 File: C:\WINDOWS\system32\browseui.dll ok scanned
20/05/2008 23.50.13 File: c:\progra~1\micros~2\office12\gra8e1~1.dll ok scanned
20/05/2008 23.50.14 File: c:\windows\system32\mmsys.cpl ok scanned
20/05/2008 23.50.15 File: c:\windows\system32\icmui.dll ok scanned
20/05/2008 23.50.15 File: c:\windows\system32\rshx32.dll ok scanned
20/05/2008 23.50.17 File: c:\windows\system32\docprop.dll ok scanned
20/05/2008 23.50.19 File: c:\windows\system32\ntshrui.dll ok scanned
20/05/2008 23.50.20 File: c:\windows\system32\deskadp.dll ok scanned
20/05/2008 23.50.21 File: c:\windows\system32\deskmon.dll ok scanned
20/05/2008 23.50.24 File: c:\windows\system32\dssec.dll ok scanned
20/05/2008 23.50.24 File: c:\windows\system32\slayerxp.dll ok scanned
20/05/2008 23.50.24 File: c:\windows\system32\shscrap.dll ok scanned
20/05/2008 23.50.25 File: c:\windows\system32\diskcopy.dll ok scanned
20/05/2008 23.50.27 File: c:\windows\system32\ntlanui2.dll ok scanned
20/05/2008 23.50.31 File: C:\WINDOWS\system32\icmui.dll ok scanned
20/05/2008 23.50.46 File: c:\windows\system32\printui.dll ok scanned
20/05/2008 23.50.46 File: c:\windows\system32\dskquoui.dll ok scanned
20/05/2008 23.50.48 File: c:\windows\system32\syncui.dll ok scanned
20/05/2008 23.50.51 File: c:\windows\system32\hticons.dll ok scanned
20/05/2008 23.50.51 File: c:\windows\system32\fontext.dll ok scanned
20/05/2008 23.50.53 File: c:\windows\system32\deskperf.dll ok scanned
20/05/2008 23.50.56 File: c:\windows\system32\wiashext.dll ok scanned
20/05/2008 23.50.58 File: c:\windows\system32\remotepg.dll ok scanned
20/05/2008 23.50.58 File: c:\windows\system32\wshext.dll ok scanned
20/05/2008 23.51.00 File: c:\programmi\file comuni\system\ole db\oledb32.dll ok scanned
20/05/2008 23.51.02 File: c:\windows\system32\mstask.dll ok scanned
20/05/2008 23.51.03 File: C:\WINDOWS\system32\shdocvw.dll ok scanned
20/05/2008 23.51.03 File: c:\windows\system32\wuaucpl.cpl ok scanned
20/05/2008 23.51.05 File: C:\WINDOWS\system32\twext.dll ok scanned
20/05/2008 23.51.06 File: C:\WINDOWS\system32\shmedia.dll ok scanned
20/05/2008 23.51.17 File: c:\windows\system32\ieframe.dll ok scanned
20/05/2008 23.51.23 File: c:\windows\system32\sendmail.dll ok scanned
20/05/2008 23.51.23 File: c:\windows\system32\occache.dll ok scanned
20/05/2008 23.51.25 File: C:\WINDOWS\system32\webcheck.dll ok scanned
20/05/2008 23.51.27 File: C:\WINDOWS\system32\appwiz.cpl ok scanned
20/05/2008 23.51.29 File: C:\WINDOWS\system32\shimgvw.dll ok scanned
20/05/2008 23.51.31 File: C:\WINDOWS\system32\netplwiz.dll ok scanned
20/05/2008 23.51.32 File: C:\WINDOWS\system32\zipfldr.dll ok scanned
20/05/2008 23.51.34 File: c:\windows\system32\extmgr.dll ok scanned
20/05/2008 23.51.34 File: c:\windows\system32\msieftp.dll ok scanned
20/05/2008 23.51.34 File: c:\windows\system32\docprop2.dll ok scanned
20/05/2008 23.51.39 File: C:\WINDOWS\system32\dsquery.dll ok scanned
20/05/2008 23.51.41 File: C:\WINDOWS\system32\dsuiext.dll ok scanned
20/05/2008 23.51.41 File: C:\WINDOWS\system32\mydocs.dll ok scanned
20/05/2008 23.51.43 File: C:\WINDOWS\system32\cscui.dll ok scanned
20/05/2008 23.51.45 File: c:\windows\msagent\agentpsh.dll ok scanned
20/05/2008 23.51.48 File: c:\windows\system32\dfsshlex.dll ok scanned
20/05/2008 23.51.49 File: C:\WINDOWS\system32\photowiz.dll ok scanned
20/05/2008 23.51.50 File: C:\WINDOWS\system32\mmcshext.dll ok scanned
20/05/2008 23.51.51 File: c:\windows\system32\cabview.dll ok scanned
20/05/2008 23.51.51 File: c:\programmi\outlook express\wabfind.dll ok scanned
20/05/2008 23.51.52 File: c:\windows\system32\wmpshell.dll ok scanned
20/05/2008 23.51.55 File: c:\programmi\winrar\rarext.dll ok scanned
20/05/2008 23.51.56 File: c:\programmi\file comuni\microsoft shared\web folders\msonsext.dll ok scanned
20/05/2008 23.51.58 File: c:\progra~1\micros~2\office12\onfilter.dll ok scanned
20/05/2008 23.51.59 File: c:\programmi\microsoft office\office12\msohevi.dll ok scanned
20/05/2008 23.52.01 File: c:\progra~1\fileco~1\micros~1\office12\msoshext.dll ok scanned
20/05/2008 23.52.01 File: c:\windows\system32\dfshim.dll ok scanned
20/05/2008 23.52.02 File: C:\WINDOWS\system32\audiodev.dll ok scanned
20/05/2008 23.52.03 File: C:\WINDOWS\system32\wpdshext.dll ok scanned
20/05/2008 23.52.04 File: c:\programmi\grisoft\avg7\avgse.dll ok scanned
20/05/2008 23.52.05 File: c:\programmi\itunes\itunesminiplayer.dll ok scanned
20/05/2008 23.52.05 File: c:\programmi\windows live\messenger\fsshext.8.5.1302.1018.dll ok scanned
20/05/2008 23.52.07 File: c:\programmi\avi2dvd\programs\filters\haali media splitter\mmfinfo.dll ok scanned
20/05/2008 23.52.10 File: c:\programmi\nero\nero 7\nero coverdesigner\coveredextension.dll ok scanned
20/05/2008 23.52.12 File: c:\programmi\file comuni\ahead\lib\nerodigitalext.dll ok scanned
20/05/2008 23.52.12 File: c:\programmi\adobe\acrobat 7.0\activex\acroiehelper.dll ok scanned
20/05/2008 23.52.13 File: c:\programmi\java\jre1.6.0_05\bin\ssv.dll ok scanned
20/05/2008 23.52.14 File: c:\programmi\file comuni\microsoft shared\windows live\windowslivelogin.dll ok scanned
20/05/2008 23.52.15 File: c:\programmi\adobe\acrobat 7.0\reader\acrord32.exe ok scanned
20/05/2008 23.52.15 File: c:\progra~1\grisoft\avg7\avgse.dll ok scanned
20/05/2008 23.52.23 File: c:\programmi\avi2dvd\avi2dvd.exe ok scanned
20/05/2008 23.52.45 File: c:\programmi\nero\nero 7\nero backitup\backitup.exe ok scanned
20/05/2008 23.52.48 File: c:\programmi\netmeeting\conf.exe ok scanned
20/05/2008 23.52.50 File: c:\programmi\windows nt\dialer.exe ok scanned
20/05/2008 23.52.51 File: c:\programmi\microsoft encarta\microsoft encarta 2008 - premium dvd\edict.exe ok scanned
20/05/2008 23.52.52 File: c:\programmi\microsoft encarta\microsoft encarta 2008 - premium dvd\encarta.exe ok scanned
20/05/2008 23.52.54 File: c:\windows\pchealth\helpctr\binaries\helpctr.exe ok scanned
20/05/2008 23.52.56 File: c:\programmi\trend micro\hijackthis\hijackthis.exe packed file PE_Patch.UPX
20/05/2008 23.52.56 File: c:\programmi\trend micro\hijackthis\hijackthis.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.52.56 File: c:\programmi\trend micro\hijackthis\hijackthis.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.52.59 File: c:\programmi\trend micro\hijackthis\hijackthis.exe//PE_Patch.UPX ok scanned
20/05/2008 23.52.59 File: c:\programmi\trend micro\hijackthis\hijackthis.exe ok scanned
20/05/2008 23.53.00 File: c:\programmi\internet explorer\connection wizard\icwconn1.exe ok scanned
20/05/2008 23.53.00 File: c:\programmi\internet explorer\connection wizard\icwconn2.exe ok scanned
20/05/2008 23.53.02 File: c:\progra~1\incred~1\bin\imlc.exe ok scanned
20/05/2008 23.53.03 File: c:\progra~1\incred~1\bin\impackr.exe ok scanned
20/05/2008 23.53.03 File: c:\progra~1\incred~1\bin\impcnt.exe ok scanned
20/05/2008 23.53.04 File: c:\progra~1\incred~1\bin\incmail.exe ok scanned
20/05/2008 23.53.05 File: c:\programmi\internet explorer\connection wizard\inetwiz.exe ok scanned
20/05/2008 23.53.06 File: c:\progra~1\micros~2\office12\infopath.exe ok scanned
20/05/2008 23.53.07 File: c:\programmi\internet explorer\connection wizard\isignup.exe ok scanned
20/05/2008 23.53.11 File: c:\programmi\itunes\itunes.exe ok scanned
20/05/2008 23.53.12 File: C:\WINDOWS\system32\usmt\migwiz.exe ok scanned
20/05/2008 23.53.24 File: c:\programmi\movie maker\moviemk.exe ok scanned
20/05/2008 23.53.26 File: c:\programmi\motorola phone tools\mphonetools.exe ok scanned
20/05/2008 23.53.27 File: c:\programmi\windows media player\mplayer2.exe ok scanned
20/05/2008 23.53.33 File: c:\progra~1\micros~2\office12\msaccess.exe ok scanned
20/05/2008 23.53.34 File: c:\windows\pchealth\helpctr\binaries\msconfig.exe ok scanned
20/05/2008 23.53.34 File: C:\Programmi\outlook express\msimn.exe ok scanned
20/05/2008 23.53.35 File: c:\programmi\file comuni\microsoft shared\msinfo\msinfo32.exe ok scanned
20/05/2008 23.53.37 File: c:\programmi\windows live\messenger\msnmsgr.exe ok scanned
20/05/2008 23.53.37 File: c:\programmi\file comuni\microsoft shared\office12\msoxmled.exe packed file PE_Patch
20/05/2008 23.53.37 File: c:\programmi\file comuni\microsoft shared\office12\msoxmled.exe//PE_Patch ok scanned
20/05/2008 23.53.37 File: c:\programmi\file comuni\microsoft shared\office12\msoxmled.exe ok scanned
20/05/2008 23.53.42 File: c:\progra~1\micros~2\office12\mspub.exe ok scanned
20/05/2008 23.53.42 File: c:\progra~1\fileco~1\micros~1\modi\12.0\mspview.exe packed file PE_Patch
20/05/2008 23.53.43 File: c:\progra~1\fileco~1\micros~1\modi\12.0\mspview.exe//PE_Patch ok scanned
20/05/2008 23.53.43 File: c:\progra~1\fileco~1\micros~1\modi\12.0\mspview.exe ok scanned
20/05/2008 23.53.49 File: c:\programmi\nero\nero 7\nero coverdesigner\coverdes.exe ok scanned
20/05/2008 23.54.24 File: c:\programmi\nero\nero 7\core\nero.exe ok scanned
20/05/2008 23.54.26 File: c:\programmi\nero\nero 7\nero toolkit\neroburnrights.exe ok scanned
20/05/2008 23.54.27 File: c:\programmi\nero\nero 7\nero home\nerohome.exe ok scanned
20/05/2008 23.54.31 File: c:\programmi\nero\nero 7\nero mediahome\neromediahome.exe ok scanned
20/05/2008 23.54.33 File: c:\programmi\nero\nero 7\nero vision\nerovision.exe ok scanned
20/05/2008 23.54.35 File: c:\progra~1\micros~2\office12\onenote.exe ok scanned
20/05/2008 23.54.36 File: C:\WINDOWS\system32\mspaint.exe ok scanned
20/05/2008 23.54.37 File: c:\programmi\nero\nero 7\nero photosnap\photosnapviewer.exe ok scanned
20/05/2008 23.54.38 File: c:\programmi\quicktime\pictureviewer.exe ok scanned
20/05/2008 23.54.39 File: c:\programmi\windows nt\pinball\pinball.exe ok scanned
20/05/2008 23.54.40 File: c:\progra~1\micros~2\office12\powerpnt.exe ok scanned
20/05/2008 23.54.44 File: c:\programmi\quicktime\quicktimeplayer.exe ok scanned
20/05/2008 23.54.48 File: c:\programmi\nero\nero 7\nero recode\recode.exe ok scanned
20/05/2008 23.54.49 File: c:\programmi\vanbasco's karaoke player\vmidi.exe ok scanned
20/05/2008 23.54.49 File: C:\Programmi\outlook express\wab.exe ok scanned
20/05/2008 23.54.50 File: C:\Programmi\outlook express\wabmig.exe ok scanned
20/05/2008 23.54.52 File: c:\programmi\winrar\winrar.exe ok scanned
20/05/2008 23.54.54 File: c:\progra~1\micros~2\office12\winword.exe ok scanned
20/05/2008 23.54.55 File: C:\Programmi\windows nt\accessori\wordpad.exe ok scanned
20/05/2008 23.54.56 File: c:\windows\system32\ntsd.exe ok scanned
20/05/2008 23.54.57 File: c:\windows\system32\java.exe ok scanned
20/05/2008 23.54.58 File: c:\windows\system32\console.dll ok scanned
20/05/2008 23.54.59 File: c:\programmi\java\jre1.6.0_05\bin\npjpi160_05.dll ok scanned
20/05/2008 23.55.00 File: c:\progra~1\micros~2\office12\onbttnie.dll ok scanned
20/05/2008 23.55.01 File: c:\progra~1\micros~2\office12\refbar.ico ok scanned
20/05/2008 23.55.01 File: c:\progra~1\micros~2\office12\refbarh.ico ok scanned
20/05/2008 23.55.01 File: c:\progra~1\micros~2\office12\refiebar.dll ok scanned
20/05/2008 23.55.02 File: c:\programmi\file comuni\microsoft shared\encarta search bar\encsbar.dll ok scanned
20/05/2008 23.55.03 File: c:\windows\downloaded program files\conflict.1\puren-us.dll ok scanned
20/05/2008 23.55.04 File: c:\windows\downloaded program files\conflict.1\msnpupld.dll ok scanned
20/05/2008 23.55.04 File: c:\windows\downloaded program files\puren-us.dll ok scanned
20/05/2008 23.55.04 File: c:\windows\downloaded program files\msnpupld.dll ok scanned
20/05/2008 23.55.05 File: c:\windows\downloaded program files\fp_ax_cab_installer.exe ok scanned
20/05/2008 23.55.06 File: c:\programmi\java\jre1.6.0_03\bin\npjpi160_03.dll ok scanned
20/05/2008 23.55.12 File: c:\windows\system32\macromed\flash\flash9e.ocx ok scanned
20/05/2008 23.55.17 File: c:\programmi\apple software update\softwareupdate.exe ok scanned
20/05/2008 23.55.17 File: C:\WINDOWS\system32\rsvpsp.dll ok scanned
20/05/2008 23.55.17 File: C:\WINDOWS\system32\winrnr.dll ok scanned
20/05/2008 23.55.20 Logical disk sector: C ok scanned
20/05/2008 23.55.20 Logical disk sector: D ok scanned
20/05/2008 23.55.21 Physical disk sector: \Device\HarddiskVolume2 ok scanned
20/05/2008 23.55.22 Physical disk sector: \Device\HarddiskVolume1 ok scanned
20/05/2008 23.55.22 Physical disk sector: \Device\Harddisk0\DR0 ok scanned
20/05/2008 23.55.23 Physical disk sector: \Device\Harddisk1\DR1 ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 664 0 0 0 0 0 31 0 0
System memory 143 0 0 0 0 0 1 0 0
Startup objects 515 0 0 0 0 0 30 0 0
Disk boot sectors 6 0 0 0 0 0 0 0 0


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----



<?xml version="1.0" encoding="utf-8" ?>
- <SYSTEMSTATUS EVAL="6" ITEMS_TOTAL="11044" STRIPPED="FALSE" START="080521-000809" END="080521-001457">
- <NODE NAME="SECTION" VALUE="Running Processes" NAME_CAPTION="Type" VALUE_CAPTION="Path" EXTRA_CAPTION="User Name" TR="V=4000;n=4001;v=4002;e=4006" TREE_ICON="1" PARENTS_ONLY="1" EVAL="6">
- <NODE NAME="Process" VALUE="system (0)" TR="N=4003" EXTRA="" EVAL="1">
<NODE EMPTY="1" EVAL="1" />
</NODE>
- <NODE NAME="Process" VALUE="system (4)" TR="N=4003" EXTRA="" EVAL="1">
<NODE EMPTY="1" EVAL="1" />
</NODE>
- <NODE NAME="Process" VALUE="smss.exe (420)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="619" EVAL="1" F="2">
<NODE NAME="Module" VALUE="\SystemRoot\System32\smss.exe" L="F" TR="N=4004" LINK="619" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="csrss.exe (476)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="222" EVAL="1" F="2">
<NODE NAME="Module" VALUE="\??\C:\WINDOWS\system32\csrss.exe" L="F" TR="N=4004" LINK="222" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CSRSRV.dll" L="F" TR="N=4004" LINK="221" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\basesrv.dll" L="F" TR="N=4004" LINK="192" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\winsrv.dll" L="F" TR="N=4004" LINK="696" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\KERNEL32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sxs.dll" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="winlogon.exe (500)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="691" EVAL="1" F="2">
<NODE NAME="Module" VALUE="\??\C:\WINDOWS\system32\winlogon.exe" L="F" TR="N=4004" LINK="691" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NDdeApi.dll" L="F" TR="N=4004" LINK="514" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PROFMAP.dll" L="F" TR="N=4004" LINK="557" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\REGAPI.dll" L="F" TR="N=4004" LINK="573" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSGINA.dll" L="F" TR="N=4004" LINK="480" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ODBC32.dll" L="F" TR="N=4004" LINK="539" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\odbcint.dll" L="F" TR="N=4004" LINK="540" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHSVCS.dll" L="F" TR="N=4004" LINK="616" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sfc.dll" L="F" TR="N=4004" LINK="605" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sfc_os.dll" L="F" TR="N=4004" LINK="606" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSCARD.DLL" L="F" TR="N=4004" LINK="694" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cscdll.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WlNotify.dll" L="F" TR="N=4004" LINK="701" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WgaLogon.dll" L="F" TR="N=4004" LINK="682" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sxs.dll" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Cabinet.dll" L="F" TR="N=4004" LINK="197" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemprox.dll" L="F" TR="N=4004" LINK="672" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemcomn.dll" L="F" TR="N=4004" LINK="669" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemsvc.dll" L="F" TR="N=4004" LINK="673" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\fastprox.dll" L="F" TR="N=4004" LINK="666" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="services.exe (544)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="602" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\services.exe" L="F" TR="N=4004" LINK="602" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SCESRV.dll" L="F" TR="N=4004" LINK="593" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\umpnpmgr.dll" L="F" TR="N=4004" LINK="645" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NCObjAPI.DLL" L="F" TR="N=4004" LINK="513" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcAdProc.dll" L="F" TR="N=4004" LINK="161" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\eventlog.dll" L="F" TR="N=4004" LINK="407" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="lsass.exe (556)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="450" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\lsass.exe" L="F" TR="N=4004" LINK="450" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LSASRV.dll" L="F" TR="N=4004" LINK="449" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMSRV.dll" L="F" TR="N=4004" LINK="590" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptdll.dll" L="F" TR="N=4004" LINK="214" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msprivs.dll" L="F" TR="N=4004" LINK="495" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kerberos.dll" L="F" TR="N=4004" LINK="440" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netlogon.dll" L="F" TR="N=4004" LINK="519" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\w32time.dll" L="F" TR="N=4004" LINK="663" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\schannel.dll" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdigest.dll" L="F" TR="N=4004" LINK="678" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\scecli.dll" L="F" TR="N=4004" LINK="592" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ipsecsvc.dll" L="F" TR="N=4004" LINK="437" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\oakley.DLL" L="F" TR="N=4004" LINK="537" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINIPSEC.DLL" L="F" TR="N=4004" LINK="690" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pstorsvc.dll" L="F" TR="N=4004" LINK="560" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psbase.dll" L="F" TR="N=4004" LINK="559" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dssenh.dll" L="F" TR="N=4004" LINK="399" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Process" VALUE="imapp.exe (560)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="142" EVAL="5" F="4">
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImApp.exe" L="F" TR="N=4004" LINK="142" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImUtilsU.dll" L="F" TR="N=4004" LINK="147" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImNtUtilU.dll" L="F" TR="N=4004" LINK="145" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42u.DLL" L="F" TR="N=4004" LINK="456" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImLookU.dll" L="F" TR="N=4004" LINK="144" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42LOC.DLL" L="F" TR="N=4004" LINK="455" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DbgHelp.dll" L="F" TR="N=4004" LINK="227" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImAppRU.dll" L="F" TR="N=4004" LINK="46" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OleAcc.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImComUtlU.dll" L="F" TR="N=4004" LINK="47" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImSpoolU.dll" L="F" TR="N=4004" LINK="52" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCIRT.dll" L="F" TR="N=4004" LINK="501" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImFoldrsU.dll" L="F" TR="N=4004" LINK="48" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImServU.dll" L="F" TR="N=4004" LINK="51" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImJunkU.dll" L="F" TR="N=4004" LINK="49" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImNotfyU.dll" L="F" TR="N=4004" LINK="50" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sensapi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (704)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\rpcss.dll" L="F" TR="N=4004" LINK="582" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\termsrv.dll" L="F" TR="N=4004" LINK="639" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ICAAPI.dll" L="F" TR="N=4004" LINK="422" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\mstlsapi.dll" L="F" TR="N=4004" LINK="498" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\REGAPI.dll" L="F" TR="N=4004" LINK="573" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (768)" TR="N=4003" EXTRA="NT AUTHORITY\NetworkService" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\rpcss.dll" L="F" TR="N=4004" LINK="582" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (804)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\shsvcs.dll" L="F" TR="N=4004" LINK="616" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\dhcpcsvc.dll" L="F" TR="N=4004" LINK="236" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="c:\windows\system32\wzcsvc.dll" L="F" TR="N=4004" LINK="722" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WMI.dll" L="F" TR="N=4004" LINK="703" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ESENT.dll" L="F" TR="N=4004" LINK="406" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rastls.dll" L="F" TR="N=4004" LINK="572" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPTUI.dll" L="F" TR="N=4004" LINK="218" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MPRAPI.dll" L="F" TR="N=4004" LINK="467" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SCHANNEL.dll" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WinSCard.dll" L="F" TR="N=4004" LINK="694" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\raschap.dll" L="F" TR="N=4004" LINK="565" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\schedsvc.dll" L="F" TR="N=4004" LINK="595" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSIDLE.DLL" L="F" TR="N=4004" LINK="486" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\audiosrv.dll" L="F" TR="N=4004" LINK="189" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wkssvc.dll" L="F" TR="N=4004" LINK="699" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\qmgr.dll" L="F" TR="N=4004" LINK="561" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\cryptsvc.dll" L="F" TR="N=4004" LINK="217" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\certcli.dll" L="F" TR="N=4004" LINK="199" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\dmserver.dll" L="F" TR="N=4004" LINK="241" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\srvsvc.dll" L="F" TR="N=4004" LINK="626" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\pchealth\helpctr\binaries\pchsvc.dll" L="F" TR="N=4004" LINK="174" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\es.dll" L="F" TR="N=4004" LINK="405" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ersvc.dll" L="F" TR="N=4004" LINK="404" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\srsvc.dll" L="F" TR="N=4004" LINK="625" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\POWRPROF.dll" L="F" TR="N=4004" LINK="555" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\seclogon.dll" L="F" TR="N=4004" LINK="597" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\netman.dll" L="F" TR="N=4004" LINK="520" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\netshell.dll" L="F" TR="N=4004" LINK="523" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\credui.dll" L="F" TR="N=4004" LINK="212" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WZCSAPI.DLL" L="F" TR="N=4004" LINK="721" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wuauserv.dll" L="F" TR="N=4004" LINK="719" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wbem\wmisvc.dll" L="F" TR="N=4004" LINK="676" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VSSAPI.DLL" L="F" TR="N=4004" LINK="661" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wuaueng.dll" L="F" TR="N=4004" LINK="718" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Cabinet.dll" L="F" TR="N=4004" LINK="197" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\mspatcha.dll" L="F" TR="N=4004" LINK="493" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\w32time.dll" L="F" TR="N=4004" LINK="663" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\trkwks.dll" L="F" TR="N=4004" LINK="642" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\sens.dll" L="F" TR="N=4004" LINK="600" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\browser.dll" L="F" TR="N=4004" LINK="195" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wscsvc.dll" L="F" TR="N=4004" LINK="712" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\msi.dll" L="F" TR="N=4004" LINK="485" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ipnathlp.dll" L="F" TR="N=4004" LINK="436" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemcomn.dll" L="F" TR="N=4004" LINK="669" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\sfc.dll" L="F" TR="N=4004" LINK="605" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\sfc_os.dll" L="F" TR="N=4004" LINK="606" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Wbem\wbemcore.dll" L="F" TR="N=4004" LINK="670" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Wbem\esscli.dll" L="F" TR="N=4004" LINK="665" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Wbem\FastProx.dll" L="F" TR="N=4004" LINK="666" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\upnp.dll" L="F" TR="N=4004" LINK="648" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SSDPAPI.dll" L="F" TR="N=4004" LINK="627" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comsvcs.dll" L="F" TR="N=4004" LINK="211" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\colbact.DLL" L="F" TR="N=4004" LINK="207" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MTXCLU.DLL" L="F" TR="N=4004" LINK="510" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WSOCK32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CLUSAPI.DLL" L="F" TR="N=4004" LINK="205" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\RESUTILS.DLL" L="F" TR="N=4004" LINK="576" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wmiutils.dll" L="F" TR="N=4004" LINK="677" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\repdrvfs.dll" L="F" TR="N=4004" LINK="668" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wmiprvsd.dll" L="F" TR="N=4004" LINK="675" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NCObjAPI.DLL" L="F" TR="N=4004" LINK="513" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemess.dll" L="F" TR="N=4004" LINK="671" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netcfgx.dll" L="F" TR="N=4004" LINK="517" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasmans.dll" L="F" TR="N=4004" LINK="568" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINIPSEC.DLL" L="F" TR="N=4004" LINK="690" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\ncprov.dll" L="F" TR="N=4004" LINK="667" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\tapisrv.dll" L="F" TR="N=4004" LINK="637" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rastapi.dll" L="F" TR="N=4004" LINK="571" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\unimdm.tsp" L="F" TR="N=4004" LINK="646" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\uniplat.dll" L="F" TR="N=4004" LINK="647" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\kmddsp.tsp" L="F" TR="N=4004" LINK="442" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ndptsp.tsp" L="F" TR="N=4004" LINK="515" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ipconf.tsp" L="F" TR="N=4004" LINK="434" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\h323.tsp" L="F" TR="N=4004" LINK="414" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\hidphone.tsp" L="F" TR="N=4004" LINK="417" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\HID.DLL" L="F" TR="N=4004" LINK="416" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasppp.dll" L="F" TR="N=4004" LINK="570" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ntlsapi.dll" L="F" TR="N=4004" LINK="533" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kerberos.dll" L="F" TR="N=4004" LINK="440" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cryptdll.dll" L="F" TR="N=4004" LINK="214" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\RASDLG.dll" L="F" TR="N=4004" LINK="566" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\dssenh.dll" L="F" TR="N=4004" LINK="399" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemsvc.dll" L="F" TR="N=4004" LINK="673" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (856)" TR="N=4003" EXTRA="NT AUTHORITY\NetworkService" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\dnsrslvr.dll" L="F" TR="N=4004" LINK="243" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (908)" TR="N=4003" EXTRA="NT AUTHORITY\LocalService" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\lmhsvc.dll" L="F" TR="N=4004" LINK="445" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\webclnt.dll" L="F" TR="N=4004" LINK="681" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\regsvc.dll" L="F" TR="N=4004" LINK="574" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ssdpsrv.dll" L="F" TR="N=4004" LINK="628" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ipodservice.exe (944)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="56" EVAL="5" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\iPod\bin\iPodService.exe" L="F" TR="N=4004" LINK="56" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CFGMGR32.dll" L="F" TR="N=4004" LINK="200" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\setupapi.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.DLL" L="F" TR="N=4004" LINK="58" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\iPod\bin\iPodService.Resources\iPodService.DLL" L="F" TR="N=4004" LINK="57" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="explorer.exe (1148)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="163" EVAL="5" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\Explorer.EXE" L="F" TR="N=4004" LINK="163" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\BROWSEUI.dll" L="F" TR="N=4004" LINK="196" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHDOCVW.dll" L="F" TR="N=4004" LINK="608" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPTUI.dll" L="F" TR="N=4004" LINK="218" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CSCDLL.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\themeui.dll" L="F" TR="N=4004" LINK="640" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msutb.dll" L="F" TR="N=4004" LINK="499" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LINKINFO.dll" L="F" TR="N=4004" LINK="444" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntshrui.dll" L="F" TR="N=4004" LINK="536" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ieframe.dll" L="F" TR="N=4004" LINK="425" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MLANG.dll" L="F" TR="N=4004" LINK="460" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\webcheck.dll" L="F" TR="N=4004" LINK="680" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\stobject.dll" L="F" TR="N=4004" LINK="632" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\BatMeter.dll" L="F" TR="N=4004" LINK="193" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\POWRPROF.dll" L="F" TR="N=4004" LINK="555" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WPDShServiceObj.dll" L="F" TR="N=4004" LINK="707" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msi.dll" L="F" TR="N=4004" LINK="485" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mydocs.dll" L="F" TR="N=4004" LINK="512" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PortableDeviceTypes.dll" L="F" TR="N=4004" LINK="554" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PortableDeviceApi.dll" L="F" TR="N=4004" LINK="553" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETSHELL.dll" L="F" TR="N=4004" LINK="523" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\credui.dll" L="F" TR="N=4004" LINK="212" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\drprov.dll" L="F" TR="N=4004" LINK="394" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ntlanman.dll" L="F" TR="N=4004" LINK="531" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI0.dll" L="F" TR="N=4004" LINK="524" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI1.dll" L="F" TR="N=4004" LINK="525" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETRAP.dll" L="F" TR="N=4004" LINK="522" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\davclnt.dll" L="F" TR="N=4004" LINK="226" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\browselc.dll" L="F" TR="N=4004" LINK="194" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll" L="F" TR="N=4004" LINK="70" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSFTEDIT.DLL" L="F" TR="N=4004" LINK="479" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL" L="F" TR="N=4004" LINK="150" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASDLG.dll" L="F" TR="N=4004" LINK="566" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPRAPI.dll" L="F" TR="N=4004" LINK="467" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DUSER.dll" L="F" TR="N=4004" LINK="401" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSAPI.DLL" L="F" TR="N=4004" LINK="721" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netman.dll" L="F" TR="N=4004" LINK="520" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSvc.DLL" L="F" TR="N=4004" LINK="722" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WMI.dll" L="F" TR="N=4004" LINK="703" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DHCPCSVC.DLL" L="F" TR="N=4004" LINK="236" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ESENT.dll" L="F" TR="N=4004" LINK="406" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll" L="F" TR="N=4004" LINK="91" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\MFC71U.DLL" L="F" TR="N=4004" LINK="87" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\MSVCR71.dll" L="F" TR="N=4004" LINK="89" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\MSVCP71.dll" L="F" TR="N=4004" LINK="88" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC71ITA.DLL" L="F" TR="N=4004" LINK="458" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\WinRAR\rarext.dll" L="F" TR="N=4004" LINK="117" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgse.dll" L="F" TR="N=4004" LINK="42" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" L="F" TR="N=4004" LINK="93" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL" L="F" TR="N=4004" LINK="94" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll" L="F" TR="N=4004" LINK="731" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVFW32.dll" L="F" TR="N=4004" LINK="506" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Faultrep.dll" L="F" TR="N=4004" LINK="409" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RICHED32.DLL" L="F" TR="N=4004" LINK="578" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RICHED20.dll" L="F" TR="N=4004" LINK="577" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shimgvw.dll" L="F" TR="N=4004" LINK="612" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" L="F" TR="N=4004" LINK="8" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" L="F" TR="N=4004" LINK="78" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" L="F" TR="N=4004" LINK="13" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll" L="F" TR="N=4004" LINK="12" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" L="F" TR="N=4004" LINK="18" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" L="F" TR="N=4004" LINK="9" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wmvcore.dll" L="F" TR="N=4004" LINK="705" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WMASF.DLL" L="F" TR="N=4004" LINK="702" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSGINA.dll" L="F" TR="N=4004" LINK="480" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ODBC32.dll" L="F" TR="N=4004" LINK="539" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\odbcint.dll" L="F" TR="N=4004" LINK="540" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shdoclc.dll" L="F" TR="N=4004" LINK="607" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dfshim.dll" L="F" TR="N=4004" LINK="234" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mscoree.dll" L="F" TR="N=4004" LINK="475" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll" L="F" TR="N=4004" LINK="171" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll" L="F" TR="N=4004" LINK="167" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll" L="F" TR="N=4004" LINK="166" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\it\ShFusRes.dll" L="F" TR="N=4004" LINK="168" EVAL="5" F="512" />
</NODE>
- <NODE NAME="Process" VALUE="spoolsv.exe (1204)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="624" EVAL="1" F="1">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\spoolsv.exe" L="F" TR="N=4004" LINK="624" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SPOOLSS.DLL" L="F" TR="N=4004" LINK="623" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\localspl.dll" L="F" TR="N=4004" LINK="446" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sfc_os.dll" L="F" TR="N=4004" LINK="606" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\winspool.drv" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cnbjmon.dll" L="F" TR="N=4004" LINK="206" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hpzlnt04.dll" L="F" TR="N=4004" LINK="420" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mdimon.dll" L="F" TR="N=4004" LINK="453" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msi.dll" L="F" TR="N=4004" LINK="485" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pjlmon.dll" L="F" TR="N=4004" LINK="551" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msonpmon.dll" L="F" TR="N=4004" LINK="492" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\tcpmon.dll" L="F" TR="N=4004" LINK="638" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\usbmon.dll" L="F" TR="N=4004" LINK="653" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll" L="F" TR="N=4004" LINK="621" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll" L="F" TR="N=4004" LINK="622" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\win32spl.dll" L="F" TR="N=4004" LINK="686" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETRAP.dll" L="F" TR="N=4004" LINK="522" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\inetpp.dll" L="F" TR="N=4004" LINK="433" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgamsvr.exe (1352)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="123" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" L="F" TR="N=4004" LINK="123" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgklib.dll" L="F" TR="N=4004" LINK="129" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP71.dll" L="F" TR="N=4004" LINK="503" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" L="F" TR="N=4004" LINK="130" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcfg.dll" L="F" TR="N=4004" LINK="34" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemprox.dll" L="F" TR="N=4004" LINK="672" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemcomn.dll" L="F" TR="N=4004" LINK="669" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemsvc.dll" L="F" TR="N=4004" LINK="673" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\fastprox.dll" L="F" TR="N=4004" LINK="666" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avglng.dll" L="F" TR="N=4004" LINK="37" EVAL="5" />
</NODE>
- <NODE NAME="Process" VALUE="groovemonitor.exe (1440)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="73" EVAL="1" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" L="F" TR="N=4004" LINK="73" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="75" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="74" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgcc.exe (1460)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="124" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" L="F" TR="N=4004" LINK="124" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgTMgr.dll" L="F" TR="N=4004" LINK="134" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgCtrl.dll" L="F" TR="N=4004" LINK="125" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC71.DLL" L="F" TR="N=4004" LINK="457" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVFW32.dll" L="F" TR="N=4004" LINK="506" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP71.dll" L="F" TR="N=4004" LINK="503" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgAbout.dll" L="F" TR="N=4004" LINK="122" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgTest.dll" L="F" TR="N=4004" LINK="133" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgTRes.dll" L="F" TR="N=4004" LINK="135" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgSet.dll" L="F" TR="N=4004" LINK="132" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC71ITA.DLL" L="F" TR="N=4004" LINK="458" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" L="F" TR="N=4004" LINK="130" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcfg.dll" L="F" TR="N=4004" LINK="34" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgklib.dll" L="F" TR="N=4004" LINK="36" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avglng.dll" L="F" TR="N=4004" LINK="37" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgresf.dll" L="F" TR="N=4004" LINK="131" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgf.dll" L="F" TR="N=4004" LINK="35" EVAL="5" F="64" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\AVGRES.DLL" L="F" TR="N=4004" LINK="40" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcckrn.dll" L="F" TR="N=4004" LINK="33" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgvault.dll" L="F" TR="N=4004" LINK="44" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgrep.dll" L="F" TR="N=4004" LINK="39" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgunarc.dll" L="F" TR="N=4004" LINK="43" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll" L="F" TR="N=4004" LINK="128" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll" L="F" TR="N=4004" LINK="127" EVAL="5" />
</NODE>
- <NODE NAME="Process" VALUE="qttask.exe (1468)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="107" EVAL="5">
<NODE NAME="Module" VALUE="C:\Programmi\QuickTime\qttask.exe" L="F" TR="N=4004" LINK="107" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ituneshelper.exe (1492)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="60" EVAL="5" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\iTunes\iTunesHelper.exe" L="F" TR="N=4004" LINK="60" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalized.DLL" L="F" TR="N=4004" LINK="61" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\iTunes\iTunesHelper.Resources\iTunesHelper.DLL" L="F" TR="N=4004" LINK="62" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgupsvc.exe (1520)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="136" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" L="F" TR="N=4004" LINK="136" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgemc.exe (1564)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="126" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" L="F" TR="N=4004" LINK="126" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\libsasl.dll" L="F" TR="N=4004" LINK="137" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WSOCK32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP71.dll" L="F" TR="N=4004" LINK="503" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" L="F" TR="N=4004" LINK="130" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcfg.dll" L="F" TR="N=4004" LINK="34" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgklib.dll" L="F" TR="N=4004" LINK="36" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avglng.dll" L="F" TR="N=4004" LINK="37" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgscan.dll" L="F" TR="N=4004" LINK="41" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgunarc.dll" L="F" TR="N=4004" LINK="43" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.DLL" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SCHANNEL.DLL" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\saslcrammd5.dll" L="F" TR="N=4004" LINK="138" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\sasldigestmd5.dll" L="F" TR="N=4004" LINK="139" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\sasllogin.dll" L="F" TR="N=4004" LINK="140" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\saslplain.dll" L="F" TR="N=4004" LINK="141" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgmail.dll" L="F" TR="N=4004" LINK="38" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensAPI.DLL" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll" L="F" TR="N=4004" LINK="127" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="prevxcsi.exe (1608)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="105" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\PrevxCSI\prevxcsi.exe" L="F" TR="N=4004" LINK="105" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMDLG32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IPHLPAPI.DLL" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LINKINFO.dll" L="F" TR="N=4004" LINK="444" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntshrui.dll" L="F" TR="N=4004" LINK="536" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="rundll32.exe (1624)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="588" EVAL="5" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rundll32.exe" L="F" TR="N=4004" LINK="588" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\stmctrl.dll" L="F" TR="N=4004" LINK="631" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="rundll32.exe (1652)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="588" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RunDll32.exe" L="F" TR="N=4004" LINK="588" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system\cmicnfg.cpl" L="F" TR="N=4004" LINK="727" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\udaprop.dll" L="F" TR="N=4004" LINK="644" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dsound.dll" L="F" TR="N=4004" LINK="396" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\KsUser.dll" L="F" TR="N=4004" LINK="443" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="prevxcsi.exe (1700)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="105" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\PrevxCSI\prevxcsi.exe" L="F" TR="N=4004" LINK="105" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMDLG32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IPHLPAPI.DLL" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Process" VALUE="mdm.exe (1736)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="26" EVAL="5" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe" L="F" TR="N=4004" LINK="26" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\mdmui.dll" L="F" TR="N=4004" LINK="25" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="jusched.exe (1776)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="66" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" L="F" TR="N=4004" LINK="66" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="alg.exe (1808)" TR="N=4003" EXTRA="NT AUTHORITY\LocalService" LINK="182" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\alg.exe" L="F" TR="N=4004" LINK="182" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WSOCK32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSWSOCK.DLL" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (1848)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wiaservc.dll" L="F" TR="N=4004" LINK="684" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\CFGMGR32.dll" L="F" TR="N=4004" LINK="200" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\setupapi.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\mscms.dll" L="F" TR="N=4004" LINK="473" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sti.dll" L="F" TR="N=4004" LINK="630" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="sysinspector.exe (1872)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="733" EVAL="2">
<NODE NAME="Module" VALUE="D:\Documenti\Claudia\SysInspector.exe" L="F" TR="N=4004" LINK="733" EVAL="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMDLG32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ctfmon.exe (1944)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="223" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ctfmon.exe" L="F" TR="N=4004" LINK="223" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSUTB.dll" L="F" TR="N=4004" LINK="499" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="a2service.exe (2124)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="7" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\a-squared Free\a2service.exe" L="F" TR="N=4004" LINK="7" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\advapi32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\oleaut32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\version.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wsock32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="iexplore.exe (2420)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="55" EVAL="5" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\iexplore.exe" L="F" TR="N=4004" LINK="55" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEFRAME.dll" L="F" TR="N=4004" LINK="425" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEUI.dll" L="F" TR="N=4004" LINK="427" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSIMG32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll" L="F" TR="N=4004" LINK="731" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xmllite.dll" L="F" TR="N=4004" LINK="723" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msimtf.dll" L="F" TR="N=4004" LINK="490" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" L="F" TR="N=4004" LINK="78" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\ieproxy.dll" L="F" TR="N=4004" LINK="54" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MLANG.dll" L="F" TR="N=4004" LINK="460" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ws2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" L="F" TR="N=4004" LINK="8" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll" L="F" TR="N=4004" LINK="70" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSFTEDIT.DLL" L="F" TR="N=4004" LINK="479" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL" L="F" TR="N=4004" LINK="150" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll" L="F" TR="N=4004" LINK="67" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" L="F" TR="N=4004" LINK="29" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\msidcrl40.dll" L="F" TR="N=4004" LINK="28" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEACC.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\userenv.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtml.dll" L="F" TR="N=4004" LINK="483" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msls31.dll" L="F" TR="N=4004" LINK="491" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ieapfltr.dll" L="F" TR="N=4004" LINK="424" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ImgUtil.dll" L="F" TR="N=4004" LINK="430" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USP10.dll" L="F" TR="N=4004" LINK="657" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx" L="F" TR="N=4004" LINK="452" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\schannel.dll" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dssenh.dll" L="F" TR="N=4004" LINK="399" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtmled.dll" L="F" TR="N=4004" LINK="484" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Dxtrans.dll" L="F" TR="N=4004" LINK="403" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ddrawex.dll" L="F" TR="N=4004" LINK="230" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DDRAW.dll" L="F" TR="N=4004" LINK="229" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DCIMAN32.dll" L="F" TR="N=4004" LINK="228" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Dxtmsft.dll" L="F" TR="N=4004" LINK="402" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\vbscript.dll" L="F" TR="N=4004" LINK="659" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mscoree.dll" L="F" TR="N=4004" LINK="475" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll" L="F" TR="N=4004" LINK="169" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mscms.dll" L="F" TR="N=4004" LINK="473" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSRATING.dll" L="F" TR="N=4004" LINK="496" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntshrui.dll" L="F" TR="N=4004" LINK="536" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LINKINFO.dll" L="F" TR="N=4004" LINK="444" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\drprov.dll" L="F" TR="N=4004" LINK="394" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ntlanman.dll" L="F" TR="N=4004" LINK="531" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI0.dll" L="F" TR="N=4004" LINK="524" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI1.dll" L="F" TR="N=4004" LINK="525" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETRAP.dll" L="F" TR="N=4004" LINK="522" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\davclnt.dll" L="F" TR="N=4004" LINK="226" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PortableDeviceApi.dll" L="F" TR="N=4004" LINK="553" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSGINA.dll" L="F" TR="N=4004" LINK="480" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ODBC32.dll" L="F" TR="N=4004" LINK="539" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\odbcint.dll" L="F" TR="N=4004" LINK="540" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sti.dll" L="F" TR="N=4004" LINK="630" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CFGMGR32.dll" L="F" TR="N=4004" LINK="200" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dispex.dll" L="F" TR="N=4004" LINK="238" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\D3DIM700.DLL" L="F" TR="N=4004" LINK="225" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" L="F" TR="N=4004" LINK="13" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll" L="F" TR="N=4004" LINK="12" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pngfilt.dll" L="F" TR="N=4004" LINK="552" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shmedia.dll" L="F" TR="N=4004" LINK="614" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVFW32.dll" L="F" TR="N=4004" LINK="506" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AVIFIL32.dll" L="F" TR="N=4004" LINK="191" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\browseui.dll" L="F" TR="N=4004" LINK="196" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHDOCVW.dll" L="F" TR="N=4004" LINK="608" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPTUI.dll" L="F" TR="N=4004" LINK="218" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="rmctrl .exe (2588)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="579" EVAL="6" F="768">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rmctrl .exe" L="F" TR="N=4004" LINK="579" EVAL="6" F="768" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ctrldll.dll" L="F" TR="N=4004" LINK="224" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\HID.DLL" L="F" TR="N=4004" LINK="416" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="iexplore.exe (2624)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="55" EVAL="2" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\IEXPLORE.EXE" L="F" TR="N=4004" LINK="55" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEFRAME.dll" L="F" TR="N=4004" LINK="425" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEUI.dll" L="F" TR="N=4004" LINK="427" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSIMG32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll" L="F" TR="N=4004" LINK="731" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xmllite.dll" L="F" TR="N=4004" LINK="723" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msimtf.dll" L="F" TR="N=4004" LINK="490" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CSCDLL.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" L="F" TR="N=4004" LINK="78" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\ieproxy.dll" L="F" TR="N=4004" LINK="54" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MLANG.dll" L="F" TR="N=4004" LINK="460" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ws2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" L="F" TR="N=4004" LINK="8" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll" L="F" TR="N=4004" LINK="70" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSFTEDIT.DLL" L="F" TR="N=4004" LINK="479" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL" L="F" TR="N=4004" LINK="150" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll" L="F" TR="N=4004" LINK="67" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" L="F" TR="N=4004" LINK="29" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\msidcrl40.dll" L="F" TR="N=4004" LINK="28" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEACC.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\userenv.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DHCPCSVC.DLL" L="F" TR="N=4004" LINK="236" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netman.dll" L="F" TR="N=4004" LINK="520" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPRAPI.dll" L="F" TR="N=4004" LINK="467" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netshell.dll" L="F" TR="N=4004" LINK="523" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\credui.dll" L="F" TR="N=4004" LINK="212" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSAPI.DLL" L="F" TR="N=4004" LINK="721" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSvc.DLL" L="F" TR="N=4004" LINK="722" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WMI.dll" L="F" TR="N=4004" LINK="703" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ESENT.dll" L="F" TR="N=4004" LINK="406" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtml.dll" L="F" TR="N=4004" LINK="483" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msls31.dll" L="F" TR="N=4004" LINK="491" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ieapfltr.dll" L="F" TR="N=4004" LINK="424" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ImgUtil.dll" L="F" TR="N=4004" LINK="430" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pngfilt.dll" L="F" TR="N=4004" LINK="552" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtmled.dll" L="F" TR="N=4004" LINK="484" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ps2usbkbddrv .exe (2684)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="100" EVAL="5">
<NODE NAME="Module" VALUE="C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv .exe" L="F" TR="N=4004" LINK="100" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nortek Keyboard Application\DLLMKKBD.dll" L="F" TR="N=4004" LINK="98" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\user32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\advapi32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\oleaut32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\version.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shell32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\winmm.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nortek Keyboard Application\keydll.dll" L="F" TR="N=4004" LINK="99" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\HID.DLL" L="F" TR="N=4004" LINK="416" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42.DLL" L="F" TR="N=4004" LINK="454" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\olepro32.dll" L="F" TR="N=4004" LINK="546" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42LOC.DLL" L="F" TR="N=4004" LINK="455" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="wlloginproxy.exe (2764)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="30" EVAL="1" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe" L="F" TR="N=4004" LINK="30" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\msidcrl40.dll" L="F" TR="N=4004" LINK="28" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEACC.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\userenv.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ws2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="_start.exe (3032)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="4" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\_start.exe" L="F" TR="N=4004" LINK="4" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="launch.exe (3800)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="732" EVAL="2" F="4">
<NODE NAME="Module" VALUE="D:\Documenti\Claudia\launch.exe" L="F" TR="N=4004" LINK="732" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.DLL" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.DLL" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLE32.DLL" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\riched32.dll" L="F" TR="N=4004" LINK="578" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RICHED20.dll" L="F" TR="N=4004" LINK="577" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="setup.exe (3824)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="6" EVAL="5" F="260">
<NODE NAME="Module" VALUE="C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\setup.exe" L="F" TR="N=4004" LINK="6" EVAL="2" F="260" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hhctrl.ocx" L="F" TR="N=4004" LINK="415" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mui\0010\hhctrlui.dll" L="F" TR="N=4004" LINK="511" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CSCDLL.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\dwebllio.dll" L="F" TR="N=4004" LINK="5" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SECTION" VALUE="Network Connections" TREE_ICON="2" TR="V=4400" EVAL="6">
- <NODE NAME="SUBSECTION" VALUE="TCP Connections" NAME_CAPTION="Program" VALUE_CAPTION="Connection (local-remote)" EXTRA_CAPTION="Translation" TR="V=4401;n=4403;v=4404;e=4405" EVAL="5">
<NODE NAME="svchost.exe (768)" VALUE="0.0.0.0:135|0.0.0.0:22733|LISTEN" EXTRA="utente-e4c976d8:135|utente-e4c976d8:22733|LISTEN" LINK="633" EVAL="1" F="1026" />
<NODE NAME="System (4)" VALUE="0.0.0.0:445|0.0.0.0:2188|LISTEN" EXTRA="utente-e4c976d8:445|utente-e4c976d8:2188|LISTEN" EVAL="1" F="1024" />
<NODE NAME="iexplore.exe (2420)" VALUE="79.11.69.109:2309|89.202.157.198:80|CLOSE_WAIT" EXTRA="utente-e4c976d8:2309|dl3.eset.com:80|CLOSE_WAIT" EVAL="5" F="1024" />
<NODE NAME="alg.exe (1808)" VALUE="127.0.0.1:1028|0.0.0.0:41|LISTEN" EXTRA="localhost:1028|utente-e4c976d8:41|LISTEN" LINK="182" EVAL="1" F="1026" />
<NODE NAME="avgemc.exe (1564)" VALUE="127.0.0.1:10110|0.0.0.0:2080|LISTEN" EXTRA="localhost:10110|utente-e4c976d8:2080|LISTEN" EVAL="5" F="1024" />
<NODE NAME="System (0)" VALUE="127.0.0.1:10110|127.0.0.1:2311|TIME_WAIT" EXTRA="localhost:10110|localhost:2311|TIME_WAIT" EVAL="1" F="1024" />
</NODE>
- <NODE NAME="SUBSECTION" VALUE="UDP Connections" NAME_CAPTION="Program" VALUE_CAPTION="Connection (local-remote)" EXTRA_CAPTION="Translation" TR="V=4402;n=4403;v=4404;e=4405" EVAL="5">
<NODE NAME="System (4)" VALUE="0.0.0.0:445" EXTRA="utente-e4c976d8:445" EVAL="1" F="1024" />
<NODE NAME="lsass.exe (556)" VALUE="0.0.0.0:500" EXTRA="utente-e4c976d8:500" LINK="450" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1045" EXTRA="utente-e4c976d8:1045" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1061" EXTRA="utente-e4c976d8:1061" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1286" EXTRA="utente-e4c976d8:1286" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1696" EXTRA="utente-e4c976d8:1696" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1758" EXTRA="utente-e4c976d8:1758" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1761" EXTRA="utente-e4c976d8:1761" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1777" EXTRA="utente-e4c976d8:1777" LINK="633" EVAL="1" F="1026" />
<NODE NAME="lsass.exe (556)" VALUE="0.0.0.0:4500" EXTRA="utente-e4c976d8:4500" LINK="450" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (804)" VALUE="79.11.69.109:123" EXTRA="utente-e4c976d8:123" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (804)" VALUE="127.0.0.1:123" EXTRA="localhost:123" LINK="633" EVAL="1" F="1026" />
<NODE NAME="IEXPLORE.EXE (2624)" VALUE="127.0.0.1:1033" EXTRA="localhost:1033" EVAL="2" F="1024" />
<NODE NAME="ImApp.exe (560)" VALUE="127.0.0.1:1044" EXTRA="localhost:1044" EVAL="5" F="1024" />
<NODE NAME="iexplore.exe (2420)" VALUE="127.0.0.1:1548" EXTRA="localhost:1548" EVAL="5" F="1024" />
<NODE NAME="svchost.exe (908)" VALUE="127.0.0.1:1900" EXTRA="localhost:1900" LINK="633" EVAL="1" F="1026" />
</NODE>
- <NODE NAME="SUBSECTION" VALUE="DNS Servers" NAME_CAPTION="IGNORE" VALUE_CAPTION="IP Address" TR="V=4406;v=4405" EVAL="6" F="4096">
<NODE NAME="" VALUE="85.255.113.195" EXTRA="" EVAL="6" />
<NODE NAME="" VALUE="85.255.112.64" EXTRA="" EVAL="6" />
</NODE>
</NODE>
- <NODE NAME="SECTION" VALUE="Important Registry Entries" NAME_CAPTION="Key" VALUE_CAPTION="Value" TR="V=4600;n=4601;v=4602" TREE_ICON="3" EVAL="6" F="1">
- <NODE NAME="SUBSECTION" VALUE="Standard Autostart" TR="V=4603" EVAL="6" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" EVAL="6" F="1">
<NODE NAME="AVG7_CC" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" LINK="124" EVAL="5" />
<NODE NAME="AVP" VALUE=""C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe"" LINK="1" EVAL="5" />
<NODE NAME="AdslTaskBar" VALUE="rundll32.exe stmctrl.dll,TaskBar" LINK="631" EVAL="5" F="512" />
<NODE NAME="Cmaudio" VALUE="RunDll32 cmicnfg.cpl,CMICtrlWnd" EVAL="1" F="1" />
<NODE NAME="GrooveMonitor" VALUE=""C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"" LINK="73" EVAL="1" F="1" />
<NODE NAME="HPDJ Taskbar Utility" VALUE="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" LINK="620" EVAL="6" F="768" />
<NODE NAME="NeroFilterCheck" VALUE="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" LINK="17" EVAL="5" F="256" />
<NODE NAME="QuickTime Task" VALUE=""C:\Programmi\QuickTime\qttask.exe" -atboottime" LINK="107" EVAL="5" />
<NODE NAME="RemoteControl" VALUE="C:\WINDOWS\system32\rmctrl.exe" LINK="580" EVAL="6" F="768" />
<NODE NAME="SoundMan" VALUE="SOUNDMAN.EXE" LINK="176" EVAL="5" F="512" />
<NODE NAME="SunJavaUpdateSched" VALUE=""C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"" LINK="66" EVAL="2" F="4" />
<NODE NAME="WireLessKeyboard" VALUE="C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe" LINK="101" EVAL="5" F="256" />
<NODE NAME="iTunesHelper" VALUE=""C:\Programmi\iTunes\iTunesHelper.exe"" LINK="60" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" EVAL="2" F="1">
<NODE NAME="CTFMON.EXE" VALUE="C:\WINDOWS\system32\ctfmon.exe" LINK="223" EVAL="1" F="2" />
<NODE NAME="IncrediMail" VALUE="C:\Programmi\IncrediMail\bin\IncMail.exe /c" LINK="53" EVAL="2" F="4" />
<NODE NAME="updateMgr" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1" LINK="11" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" R="1" EVAL="1" F="1">
<NODE NAME="Shell" VALUE="Explorer.exe" LINK="163" EVAL="1" F="2" />
<NODE NAME="UIHost" VALUE="logonui.exe" LINK="448" EVAL="1" F="2" />
<NODE NAME="Userinit" VALUE="C:\WINDOWS\system32\userinit.exe," LINK="656" EVAL="1" F="2" />
<NODE NAME="VmApplet" VALUE="rundll32 shell32,Control_RunDLL "sysdm.cpl"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" R="1" EVAL="1" F="1">
<NODE NAME="AppInit_DLLs" VALUE="" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" EVAL="1" F="1">
<NODE NAME="DllDirectory" VALUE="%SystemRoot%\system32" EVAL="1" F="1" />
<NODE NAME="advapi32" VALUE="advapi32.dll" LINK="181" EVAL="1" F="2" />
<NODE NAME="comdlg32" VALUE="comdlg32.dll" LINK="209" EVAL="1" F="2" />
<NODE NAME="gdi32" VALUE="gdi32.dll" LINK="412" EVAL="1" F="2" />
<NODE NAME="imagehlp" VALUE="imagehlp.dll" LINK="428" EVAL="1" F="2" />
<NODE NAME="kernel32" VALUE="kernel32.dll" LINK="441" EVAL="1" F="2" />
<NODE NAME="lz32" VALUE="lz32.dll" LINK="451" EVAL="1" F="2" />
<NODE NAME="ole32" VALUE="ole32.dll" LINK="541" EVAL="1" F="2" />
<NODE NAME="oleaut32" VALUE="oleaut32.dll" LINK="543" EVAL="1" F="2" />
<NODE NAME="olecli32" VALUE="olecli32.dll" LINK="544" EVAL="1" F="2" />
<NODE NAME="olecnv32" VALUE="olecnv32.dll" LINK="545" EVAL="1" F="2" />
<NODE NAME="olesvr32" VALUE="olesvr32.dll" LINK="547" EVAL="1" F="2" />
<NODE NAME="olethk32" VALUE="olethk32.dll" LINK="548" EVAL="1" F="2" />
<NODE NAME="rpcrt4" VALUE="rpcrt4.dll" LINK="581" EVAL="1" F="2" />
<NODE NAME="shell32" VALUE="shell32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="url" VALUE="url.dll" LINK="651" EVAL="1" F="2" />
<NODE NAME="urlmon" VALUE="urlmon.dll" LINK="652" EVAL="1" F="2" />
<NODE NAME="user32" VALUE="user32.dll" LINK="654" EVAL="1" F="2" />
<NODE NAME="version" VALUE="version.dll" LINK="660" EVAL="1" F="2" />
<NODE NAME="wininet" VALUE="wininet.dll" LINK="689" EVAL="1" F="2" />
<NODE NAME="wldap32" VALUE="wldap32.dll" LINK="700" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" R="1" EVAL="1" F="1">
<NODE NAME="ShellFolder per la masterizzazione CD" VALUE="%SystemRoot%\system32\SHELL32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="Oggetto PostBootReminder" VALUE="%SystemRoot%\system32\SHELL32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="SysTray" VALUE="C:\WINDOWS\system32\stobject.dll" LINK="632" EVAL="1" F="2" />
<NODE NAME="WPDShServiceObj Class" VALUE="C:\WINDOWS\system32\WPDShServiceObj.dll" LINK="707" EVAL="1" F="1" />
<NODE NAME="WebCheck" VALUE="C:\WINDOWS\system32\webcheck.dll" LINK="680" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" R="1" EVAL="1" F="1">
<NODE NAME="Precaricatore Browseui" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Daemon di cache delle categorie di componenti" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Winlogon Notify" TR="V=4604" EVAL="1" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="crypt32.dll" LINK="213" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="cryptnet.dll" LINK="216" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="cscdll.dll" LINK="219" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="sclgntfy.dll" LINK="596" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="WlNotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="WgaLogon.dll" LINK="682" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Browser Helper Objects" TR="V=4605" EVAL="2" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" EVAL="2" F="1">
<NODE NAME="Adobe PDF Reader Link Helper" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" LINK="8" EVAL="1" F="1" />
<NODE NAME="Groove GFS Browser Helper" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="SSVHelper Class" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll" LINK="67" EVAL="2" F="4" />
<NODE NAME="Guida per l'accesso a Windows Live" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" LINK="29" EVAL="1" F="1" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Internet Explorer" TR="V=4606" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKLM\Software\Microsoft\Internet Explorer\Main" R="1" EVAL="1" F="1">
<NODE NAME="Default_Page_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=69157" EVAL="1" F="1" />
<NODE NAME="Default_Search_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Local Page" VALUE="%SystemRoot%\system32\blank.htm" EVAL="1" F="1" />
<NODE NAME="Search Page" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Start Page" VALUE="http://go.microsoft.com/fwlink/?LinkId=69157" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKCU\Software\Microsoft\Internet Explorer\Main" R="1" EVAL="5" F="1">
<NODE NAME="Default_Page_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=69157" EVAL="1" F="1" />
<NODE NAME="Default_Search_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Local Page" VALUE="C:\WINDOWS\system32\blank.htm" EVAL="1" F="1" />
<NODE NAME="Search Page" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Start Page" VALUE="http://www.virgilio.it/" />
</NODE>
<NODE NAME="Key" VALUE="HKLM\Software\Microsoft\Internet Explorer\Extensions" R="1" EVAL="1" F="1" />
- <NODE NAME="Key" VALUE="HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" EVAL="1" F="1">
<NODE NAME="Microsoft Url Search Hook" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Shell Open Commands" PARENTS_ONLY="1" EXTRA_CAPTION="Extension" TR="V=4607;e=4615" L="F" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDAExtension.12\shell\open\command" R="1" EXTRA="accda" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP "%1"" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDCFile.12\shell\open\command" R="1" EXTRA="accdc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDEFile.12\shell\open\command" R="1" EXTRA="accde" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDRFile.12\shell\open\command" R="1" EXTRA="accdr" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /RUNTIME "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDTFile.12\shell\open\command" R="1" EXTRA="accdt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ADEFile.12\shell\open\command" R="1" EXTRA="ade" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Application.12\shell\open\command" R="1" EXTRA="accdb" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.BlankDatabaseTemplate.12\shell\open\command" R="1" EXTRA="mdn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.BlankProjectTemplate.12\shell\open\command" R="1" EXTRA="adn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Extension.12\shell\open\command" R="1" EXTRA="mda" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP "%1"" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.MDBFile\shell\open\command" R="1" EXTRA="mdb" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.MDEFile.12\shell\open\command" R="1" EXTRA="mde" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Project.12\shell\open\command" R="1" EXTRA="adp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.DataAccessPage.1\shell\open\command" R="1" EXTRA="maw" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Diagram.1\shell\open\command" R="1" EXTRA="mag" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Form.1\shell\open\command" R="1" EXTRA="maf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Function.1\shell\open\command" R="1" EXTRA="mau" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Macro.1\shell\open\command" R="1" EXTRA="mam" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Module.1\shell\open\command" R="1" EXTRA="mad" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Query.1\shell\open\command" R="1" EXTRA="maq" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1"]" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Report.1\shell\open\command" R="1" EXTRA="mar" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1", 2]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.StoredProcedure.1\shell\open\command" R="1" EXTRA="mas" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Table.1\shell\open\command" R="1" EXTRA="mat" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%1"]" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.View.1\shell\open\command" R="1" EXTRA="mav" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.WizardDataFile.12\shell\open\command" R="1" EXTRA="mdt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.WizardUserDataFile.12\shell\open\command" R="1" EXTRA="accdu" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Workgroup.12\shell\open\command" R="1" EXTRA="mdw" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\accesshtmlfile\shell\open\command" R="1" EXTRA="mdbhtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\accessthmltemplate\shell\open\command" R="1" EXTRA="wizhtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.Document\shell\open\command" R="1" EXTRA="pdf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.FDFDoc\shell\open\command" R="1" EXTRA="fdf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.XDPDoc\shell\open\command" R="1" EXTRA="xdp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.XFDFDoc\shell\open\command" R="1" EXTRA="xfdf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\acwfile\shell\open\command" R="1" EXTRA="acw" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\accwiz.exe %1" LINK="177" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AIFFFile\shell\open\command" R="1" EXTRA="aifc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Application.Manifest\shell\open\command" R="1" EXTRA="application" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe dfshim.dll,ShOpenVerbApplication %1" LINK="234" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Application.Reference\shell\open\command" R="1" EXTRA="appref-ms" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1" LINK="234" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AUFile\shell\open\command" R="1" EXTRA="au, snd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\batfile\shell\open\command" R="1" EXTRA="bat" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Briefcase\shell\open\command" R="1" EXTRA="bfc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="explorer.exe %1" LINK="163" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CATFile\shell\open\command" R="1" EXTRA="cat" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCAT %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CERFile\shell\open\command" R="1" EXTRA="cer, crt, der" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCER %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CertificateStoreFile\shell\open\command" R="1" EXTRA="sst" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenSTR %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\certificate_wab_auto_file\shell\open\command" R="1" EXTRA="p7c" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\wab.exe" /certificate %1" LINK="103" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\chm.file\shell\open\command" R="1" EXTRA="chm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\WINDOWS\hh.exe" %1" LINK="164" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\clpfile\shell\open\command" R="1" EXTRA="clp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="clipbrd.exe %1" LINK="203" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\cmdfile\shell\open\command" R="1" EXTRA="cmd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\comfile\shell\open\command" R="1" EXTRA="com" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ConferenceLink\shell\open\command" R="1" EXTRA="cnf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe msconf.dll,OpenConfLink %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CRLFile\shell\open\command" R="1" EXTRA="crl" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCRL %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\DocShortcut\shell\open\command" R="1" EXTRA="shb" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1" LINK="615" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\dqyfile\shell\open\command" R="1" EXTRA="dqy" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE" LINK="149" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\dunfile\shell\open\command" R="1" EXTRA="dun" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1" LINK="523" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\EBXTransfer\shell\open\command" R="1" EXTRA="etd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\EDNActivation\shell\open\command" R="1" EXTRA="edn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\emffile\shell\open\command" R="1" EXTRA="emf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1" LINK="612" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\eMule\shell\open\command" R="1" EXTRA="emulecollection" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\eMule\eMule.exe" "%1"" LINK="16" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Addin\shell\open\command" R="1" EXTRA="xla" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.AddInMacroEnabled\shell\open\command" R="1" EXTRA="xlam" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Backup\shell\open\command" R="1" EXTRA="xlk" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.CSV\shell\open\command" R="1" EXTRA="csv" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Macrosheet\shell\open\command" R="1" EXTRA="xlm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Sheet.12\shell\open\command" R="1" EXTRA="xlsx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Sheet.8\shell\open\command" R="1" EXTRA="xls" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.SheetBinaryMacroEnabled.12\shell\open\command" R="1" EXTRA="xlsb" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.SheetMacroEnabled.12\shell\open\command" R="1" EXTRA="xlsm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.SLK\shell\open\command" R="1" EXTRA="slk" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Template\shell\open\command" R="1" EXTRA="xltx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Template.8\shell\open\command" R="1" EXTRA="xlt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.TemplateMacroEnabled\shell\open\command" R="1" EXTRA="xltm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Workspace\shell\open\command" R="1" EXTRA="xlw" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.XLL\shell\open\command" R="1" EXTRA="xll" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excelhtmlfile\shell\open\command" R="1" EXTRA="xlshtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE"" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excelhtmltemplate\shell\open\command" R="1" EXTRA="xlthtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE"" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\exefile\shell\open\command" R="1" EXTRA="exe" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\fndfile\shell\open\command" R="1" EXTRA="fnd" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\Explorer.exe" LINK="163" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\fonfile\shell\open\command" R="1" EXTRA="fon" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.3gp\shell\open\command" R="1" EXTRA="3gp" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.asx\shell\open\command" R="1" EXTRA="asx" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.dmb\shell\open\command" R="1" EXTRA="dmb" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.dmskm\shell\open\command" R="1" EXTRA="dmskm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.flv\shell\open\command" R="1" EXTRA="flv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.gom\shell\open\command" R="1" EXTRA="gom" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.k3g\shell\open\command" R="1" EXTRA="k3g" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.lmp4\shell\open\command" R="1" EXTRA="lmp4" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.m4v\shell\open\command" R="1" EXTRA="m4v" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.mkv\shell\open\command" R="1" EXTRA="mkv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.mqv\shell\open\command" R="1" EXTRA="mqv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.rm\shell\open\command" R="1" EXTRA="rm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.rmvb\shell\open\command" R="1" EXTRA="rmvb" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Gomplayer.Skinfile\shell\open\command" R="1" EXTRA="gps" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.skm\shell\open\command" R="1" EXTRA="skm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.swf\shell\open\command" R="1" EXTRA="swf" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.tp\shell\open\command" R="1" EXTRA="tp" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wm\shell\open\command" R="1" EXTRA="wm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wmp\shell\open\command" R="1" EXTRA="wmp" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wmx\shell\open\command" R="1" EXTRA="wmx" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wvx\shell\open\command" R="1" EXTRA="wvx" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveFile\shell\open\command" R="1" EXTRA="grv" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveLinkFile\shell\open\command" R="1" EXTRA="glk" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveSpaceArchive\shell\open\command" R="1" EXTRA="gsa" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveToolArchive\shell\open\command" R="1" EXTRA="gta" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveVCard\shell\open\command" R="1" EXTRA="vcg" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\h323file\shell\open\command" R="1" EXTRA="323" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""rundll32.exe" msconf.dll,NewMediaPhone %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\hlpfile\shell\open\command" R="1" EXTRA="hlp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\winhlp32.exe %1" LINK="687" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\htafile\shell\open\command" R="1" EXTRA="hta" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\WINDOWS\system32\mshta.exe "%1" %*" LINK="482" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\htfile\shell\open\command" R="1" EXTRA="ht" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows NT\HYPERTRM.EXE" %1" LINK="116" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\htmlfile\shell\open\command" R="1" EXTRA="htm, html" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iiifile\shell\open\command" R="1" EXTRA="iii" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""rundll32.exe" msconf.dll,NewMediaPhone %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\IncrediContent\shell\open\command" R="1" EXTRA="ima, imc, ime, imf, imi, imn, ims, imw" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\INCRED~1\bin\ImpCnt.exe /tmp /locate /depend "%1"" LINK="146" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\IncrediMessage\shell\open\command" R="1" EXTRA="eml" EVAL="2">
<NODE NAME="Default" VALUE="C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c "%1"" LINK="148" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\IncredLWizard\shell\open\command" R="1" EXTRA="flw, ltw" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\INCRED~1\bin\ImLc.exe "%1"" LINK="143" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\inffile\shell\open\command" R="1" EXTRA="inf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InfoPath.Document.2\shell\open\command" R="1" EXTRA="infopathxml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\INFOPATH.EXE" "%1"" LINK="76" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InfoPath.Solution.2\shell\open\command" R="1" EXTRA="xsn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\INFOPATH.EXE" "%1"" LINK="76" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InfoPath.SolutionManifest.2\shell\open\command" R="1" EXTRA="xsf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\INFOPATH.EXE" "%1"" LINK="76" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\inifile\shell\open\command" R="1" EXTRA="ini" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InternetShortcut\shell\open\command" R="1" EXTRA="url" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe ieframe.dll,OpenURL %l" LINK="425" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iqyfile\shell\open\command" R="1" EXTRA="iqy" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE /e" LINK="149" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ITS FILE\shell\open\command" R="1" EXTRA="its" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.ipg\shell\open\command" R="1" EXTRA="ipg" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.ipsw\shell\open\command" R="1" EXTRA="ipsw" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.itl\shell\open\command" R="1" EXTRA="itl" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.itms\shell\open\command" R="1" EXTRA="itms" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.itpc\shell\open\command" R="1" EXTRA="itpc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.pcast\shell\open\command" R="1" EXTRA="pcast" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\jarfile\shell\open\command" R="1" EXTRA="jar" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Java\jre1.6.0_05\bin\javaw.exe" -jar "%1" %*" LINK="64" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\JNLPFile\shell\open\command" R="1" EXTRA="jnlp" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Java\jre1.6.0_05\bin\javaws.exe" "%1"" LINK="65" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\JSEFile\shell\open\command" R="1" EXTRA="JSE" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\JSFile\shell\open\command" R="1" EXTRA="js" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command" R="1" EXTRA="mfp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome "%1"" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MediaPackageFile\shell\open\command" R="1" EXTRA="mpf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSTORE.EXE" "%1"" LINK="80" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\mhtmlfile\shell\open\command" R="1" EXTRA="mht, mhtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Microsoft Internet News Message\shell\open\command" R="1" EXTRA="nws" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\msimn.exe" /nws:%1" LINK="102" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\mpegfile\shell\open\command" R="1" EXTRA="mp2v, mpv2" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MPlayer\shell\open\command" R="1" EXTRA="mmm" EVAL="1" F="1">
<NODE NAME="Default" VALUE="mplay32.exe /play /close "%L"" LINK="465" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MS-ITSS FILE\shell\open\command" R="1" EXTRA="itss" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome ms-itss:%1::/" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\msbackupfile\shell\open\command" R="1" EXTRA="bkf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\ntbackup.exe" LINK="528" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSCFile\shell\open\command" R="1" EXTRA="msc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\mmc.exe "%1" %*" LINK="461" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSDASC\shell\open\command" R="1" EXTRA="UDL" EVAL="1" F="1">
<NODE NAME="Default" VALUE="Rundll32.exe C:\PROGRA~1\FILECO~1\System\OLEDB~1\oledb32.dll,OpenDSLFile %1" LINK="121" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.Encrypted\shell\open\command" R="1" EXTRA="ple" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\Log Viewer.exe" /ViewLog="%1"" LINK="68" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.PrefPack\shell\open\command" R="1" EXTRA="pld" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportPrefs="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.ScriptPack\shell\open\command" R="1" EXTRA="plsc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportScript="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.SkinPack\shell\open\command" R="1" EXTRA="plsk" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportSkin="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.SoundPack\shell\open\command" R="1" EXTRA="plp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportSoundPack="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Msi.Package\shell\open\command" R="1" EXTRA="msi" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%SystemRoot%\System32\msiexec.exe" /i "%1" %*" LINK="488" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Msi.Patch\shell\open\command" R="1" EXTRA="msp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%SystemRoot%\System32\msiexec.exe" /p "%1" %*" LINK="488" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSInfo.Document\shell\open\command" R="1" EXTRA="nfo" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe /msinfo_file %1" LINK="22" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSPaper.Document\shell\open\command" R="1" EXTRA="mdi" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\File comuni\Microsoft Shared\MODI\12.0\MSPVIEW.EXE" "%1"" LINK="21" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSProgramGroup\shell\open\command" R="1" EXTRA="grp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\WINDOWS\system32\grpconv.exe %1" LINK="413" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsRcIncident\shell\open\command" R="1" EXTRA="MsRcIncident" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\msstylesfile\shell\open\command" R="1" EXTRA="msstyles" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nba\shell\open\command" R="1" EXTRA="nba" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nbi\shell\open\command" R="1" EXTRA="nbi" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nbt\shell\open\command" R="1" EXTRA="nbt" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nco\shell\open\command" R="1" EXTRA="nco" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nc_\shell\open\command" R="1" EXTRA="nc_" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nda\shell\open\command" R="1" EXTRA="nda" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nef\shell\open\command" R="1" EXTRA="nef" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nji\shell\open\command" R="1" EXTRA="nji" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.njt\shell\open\command" R="1" EXTRA="njt" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.cdc\shell\open\command" R="1" EXTRA="cdc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.ncd\shell\open\command" R="1" EXTRA="ncd" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.nct\shell\open\command" R="1" EXTRA="nct" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.ncw\shell\open\command" R="1" EXTRA="ncw" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.cue\shell\open\command" R="1" EXTRA="cue" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.iso\shell\open\command" R="1" EXTRA="iso" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nab\shell\open\command" R="1" EXTRA="nab" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nhf\shell\open\command" R="1" EXTRA="nhf" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nhv\shell\open\command" R="1" EXTRA="nhv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nmd\shell\open\command" R="1" EXTRA="nmd" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nr3\shell\open\command" R="1" EXTRA="nr3" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nr4\shell\open\command" R="1" EXTRA="nr4" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nra\shell\open\command" R="1" EXTRA="nra" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrb\shell\open\command" R="1" EXTRA="nrb" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrc\shell\open\command" R="1" EXTRA="nrc" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrd\shell\open\command" R="1" EXTRA="nrd" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nre\shell\open\command" R="1" EXTRA="nre" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrg\shell\open\command" R="1" EXTRA="nrg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrh\shell\open\command" R="1" EXTRA="nrh" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nri\shell\open\command" R="1" EXTRA="nri" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrj\shell\open\command" R="1" EXTRA="nrj" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrm\shell\open\command" R="1" EXTRA="nrm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrs\shell\open\command" R="1" EXTRA="nrs" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nru\shell\open\command" R="1" EXTRA="nru" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrv\shell\open\command" R="1" EXTRA="nrv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrw\shell\open\command" R="1" EXTRA="nrw" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nsd\shell\open\command" R="1" EXTRA="nsd" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.bmp\shell\open\command" R="1" EXTRA="bmp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.cut\shell\open\command" R="1" EXTRA="cut" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.dds\shell\open\command" R="1" EXTRA="dds" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.dib\shell\open\command" R="1" EXTRA="dib" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.gif\shell\open\command" R="1" EXTRA="gif" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.ico\shell\open\command" R="1" EXTRA="ico" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.iff\shell\open\command" R="1" EXTRA="iff" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jfif\shell\open\command" R="1" EXTRA="jfif" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jif\shell\open\command" R="1" EXTRA="jif" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jng\shell\open\command" R="1" EXTRA="jng" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jpe\shell\open\command" R="1" EXTRA="jpe" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jpeg\shell\open\command" R="1" EXTRA="jpeg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jpg\shell\open\command" R="1" EXTRA="jpg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.koa\shell\open\command" R="1" EXTRA="koa" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.lbm\shell\open\command" R="1" EXTRA="lbm" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.ljp\shell\open\command" R="1" EXTRA="ljp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.mng\shell\open\command" R="1" EXTRA="mng" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.pbm\shell\open\command" R="1" EXTRA="pbm" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.pcd\shell\open\command" R="1" EXTRA="pcd" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.pcx\shell\open\command" R="1" EXTRA="pcx" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.png\shell\open\command" R="1" EXTRA="png" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.ppm\shell\open\command" R="1" EXTRA="ppm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.psd\shell\open\command" R="1" EXTRA="psd" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.tga\shell\open\command" R="1" EXTRA="tga" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.tif\shell\open\command" R="1" EXTRA="tif" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.tiff\shell\open\command" R="1" EXTRA="tiff" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wbm\shell\open\command" R="1" EXTRA="wbm" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wbmp\shell\open\command" R="1" EXTRA="wbmp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wmf\shell\open\command" R="1" EXTRA="wmf" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wpg\shell\open\command" R="1" EXTRA="wpg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.xbm\shell\open\command" R="1" EXTRA="xbm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroVision.Document\shell\open\command" R="1" EXTRA="nvc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero Vision\NeroVision.exe" "%1"" LINK="96" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OfficeListShortcut\shell\open\command" R="1" EXTRA="ols" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSPUB.EXE" %1" LINK="79" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OfficeTheme.12\shell\open\command" R="1" EXTRA="thmx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote\shell\open\command" R="1" EXTRA="EMPTYBINARYREGISTRY" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE /hyperlink "%1"" LINK="157" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.Package\shell\open\command" R="1" EXTRA="onepkg" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.Section.1\shell\open\command" R="1" EXTRA="one" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.TableOfContents\shell\open\command" R="1" EXTRA="onetoc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" /navigate "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.TableOfContents.12\shell\open\command" R="1" EXTRA="onetoc2" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" /navigate "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\otffile\shell\open\command" R="1" EXTRA="otf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\P7SFile\shell\open\command" R="1" EXTRA="p7s" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\pbkfile\shell\open\command" R="1" EXTRA="pbk" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\rasphone.exe -f "%1"" LINK="569" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PerfFile\shell\open\command" R="1" EXTRA="blg, pma, pmc, pml, pmr, pmw" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\perfmon.exe %1" LINK="549" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\pfmfile\shell\open\command" R="1" EXTRA="pfm" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\piffile\shell\open\command" R="1" EXTRA="pif" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Addin.12\shell\open\command" R="1" EXTRA="ppam" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Addin.8\shell\open\command" R="1" EXTRA="ppa" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Show.12\shell\open\command" R="1" EXTRA="pptx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Show.8\shell\open\command" R="1" EXTRA="ppt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.ShowMacroEnabled.12\shell\open\command" R="1" EXTRA="pptm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Slide.12\shell\open\command" R="1" EXTRA="sldx" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE "%1"" LINK="159" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideMacroEnabled.12\shell\open\command" R="1" EXTRA="sldm" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE "%1"" LINK="159" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideShow.12\shell\open\command" R="1" EXTRA="ppsx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" /s "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideShow.8\shell\open\command" R="1" EXTRA="pps" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" /s "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideShowMacroEnabled.12\shell\open\command" R="1" EXTRA="ppsm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" /s "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Template.12\shell\open\command" R="1" EXTRA="potx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Template.8\shell\open\command" R="1" EXTRA="pot" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.TemplateMacroEnabled.12\shell\open\command" R="1" EXTRA="potm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Wizard.8\shell\open\command" R="1" EXTRA="pwz" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\powerpointhtmlfile\shell\open\command" R="1" EXTRA="ppthtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\powerpointhtmltemplate\shell\open\command" R="1" EXTRA="pothtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\powerpointxmlfile\shell\open\command" R="1" EXTRA="pptxml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\prffile\shell\open\command" R="1" EXTRA="prf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe msrating.dll,ClickedOnPRF %1" LINK="496" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\pszfile\shell\open\command" R="1" EXTRA="psz" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\CyberLink\PowerDVD\PowerDVD.exe %1" LINK="15" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Publisher.Document.12\shell\open\command" R="1" EXTRA="pub" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSPUB.EXE" %1" LINK="79" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.3g2\shell\open\command" R="1" EXTRA="3g2" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.3gp2\shell\open\command" R="1" EXTRA="3gp2" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.3gpp\shell\open\command" R="1" EXTRA="3gpp" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.adts\shell\open\command" R="1" EXTRA="adts" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.amc\shell\open\command" R="1" EXTRA="amc" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.caf\shell\open\command" R="1" EXTRA="caf" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.cdda\shell\open\command" R="1" EXTRA="cdda" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.dif\shell\open\command" R="1" EXTRA="dif" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.gsm\shell\open\command" R="1" EXTRA="gsm" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.mac\shell\open\command" R="1" EXTRA="mac" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pct\shell\open\command" R="1" EXTRA="pct" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pic\shell\open\command" R="1" EXTRA="pic" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pict\shell\open\command" R="1" EXTRA="pict" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pnt\shell\open\command" R="1" EXTRA="pnt" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pntg\shell\open\command" R="1" EXTRA="pntg" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qht\shell\open\command" R="1" EXTRA="qht" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qhtm\shell\open\command" R="1" EXTRA="qhtm" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qt\shell\open\command" R="1" EXTRA="qt" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qti\shell\open\command" R="1" EXTRA="qti" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qtif\shell\open\command" R="1" EXTRA="qtif" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qtl\shell\open\command" R="1" EXTRA="qtl" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.sd2\shell\open\command" R="1" EXTRA="sd2" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.sdp\shell\open\command" R="1" EXTRA="sdp" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ratfile\shell\open\command" R="1" EXTRA="rat" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe msrating.dll,ClickedOnRAT %1" LINK="496" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\regfile\shell\open\command" R="1" EXTRA="key, reg" EVAL="1" F="1">
<NODE NAME="Default" VALUE="regedit.exe "%1"" LINK="175" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\SavedDsQuery\shell\open\command" R="1" EXTRA="qds" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1" LINK="397" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\scrfile\shell\open\command" R="1" EXTRA="scr" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" /S" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\scriptletfile\shell\open\command" R="1" EXTRA="sct, wsc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\WINDOWS\NOTEPAD.EXE" "%1"" LINK="173" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\SHCmdFile\shell\open\command" R="1" EXTRA="scf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="explorer.exe" LINK="163" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ShellScrap\shell\open\command" R="1" EXTRA="shs" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1" LINK="615" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\SPCFile\shell\open\command" R="1" EXTRA="p7b, p7r, spc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\STLFile\shell\open\command" R="1" EXTRA="stl" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCTL %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\T126_Whiteboard\shell\open\command" R="1" EXTRA="NMW" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\NetMeeting\wb32.exe" - "%1"" LINK="97" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\themefile\shell\open\command" R="1" EXTRA="theme" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ttcfile\shell\open\command" R="1" EXTRA="ttc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ttffile\shell\open\command" R="1" EXTRA="ttf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\txtfile\shell\open\command" R="1" EXTRA="dic, exc, log, scp, txt, wtx" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\uipfile\shell\open\command" R="1" EXTRA="uip" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\CyberLInk\Common\updateipr.exe "%1"" LINK="14" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ulsfile\shell\open\command" R="1" EXTRA="uls" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""rundll32.exe" msconf.dll,NewMediaPhone %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\vanBasco.MIDI\shell\open\command" R="1" EXTRA="kar, mid, midi, rmi" EVAL="5">
<NODE NAME="Default" VALUE=""C:\Programmi\vanBasco's Karaoke Player\vmidi.exe"" LINK="109" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\VBEFile\shell\open\command" R="1" EXTRA="VBE" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\VBSFile\shell\open\command" R="1" EXTRA="vbs" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\vcard_wab_auto_file\shell\open\command" R="1" EXTRA="vcf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\wab.exe" /vcard %1" LINK="103" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\VisioViewer.Viewer\shell\open\command" R="1" EXTRA="vdx, vsd, vss, vst, vsx, vtx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wab_auto_file\shell\open\command" R="1" EXTRA="wab" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\wab.exe" %1" LINK="103" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WAXFile\shell\open\command" R="1" EXTRA="wax" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\webpnpFile\shell\open\command" R="1" EXTRA="webpnp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\wpnpinst.exe %1" LINK="708" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Whiteboard\shell\open\command" R="1" EXTRA="WHT" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\NetMeeting\wb32.exe" "%1"" LINK="97" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Windows.Movie.Maker\shell\open\command" R="1" EXTRA="MSWMM" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Movie Maker\moviemk.exe" %1" LINK="84" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WinRAR\shell\open\command" R="1" EXTRA="7z, ace, arj, bz, bz2, cab, gz, lha, lzh, r00, r01, r02, r03, r04, r05, r06, r07, r08, r09, r10, r11, r12, r13, r14, r15, r16, r17, r18, r19, r20, r21, r22, r23, r24, r25, r26, r27, r28, r29, rar, tar, taz, tbz, tbz2, tgz, uu, uue, xxe, z" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\WinRAR\WinRAR.exe" "%1"" LINK="118" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WinRAR.REV\shell\open\command" R="1" EXTRA="rev" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\WinRAR\WinRAR.exe" "%1"" LINK="118" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WinRAR.ZIP\shell\open\command" R="1" EXTRA="zip" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\WinRAR\WinRAR.exe" "%1"" LINK="118" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WMDFile\shell\open\command" R="1" EXTRA="wmd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /WMPackage:"%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WMSFile\shell\open\command" R="1" EXTRA="wms" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /layout:"%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WMZFile\shell\open\command" R="1" EXTRA="wmz" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /layout:"%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Backup.8\shell\open\command" R="1" EXTRA="wbk" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Document.12\shell\open\command" R="1" EXTRA="docx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Document.8\shell\open\command" R="1" EXTRA="doc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.DocumentMacroEnabled.12\shell\open\command" R="1" EXTRA="docm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.RTF.8\shell\open\command" R="1" EXTRA="rtf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Template.12\shell\open\command" R="1" EXTRA="dotx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Template.8\shell\open\command" R="1" EXTRA="dot" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.TemplateMacroEnabled.12\shell\open\command" R="1" EXTRA="dotm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wordhtmlfile\shell\open\command" R="1" EXTRA="dochtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE"" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wordhtmltemplate\shell\open\command" R="1" EXTRA="dothtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE"" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WPLFile\shell\open\command" R="1" EXTRA="wpl" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wrifile\shell\open\command" R="1" EXTRA="wri" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows NT\Accessori\WORDPAD.EXE" "%1"" LINK="115" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WSFFile\shell\open\command" R="1" EXTRA="WSF" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WSHFile\shell\open\command" R="1" EXTRA="WSH" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\x-internet-signup\shell\open\command" R="1" EXTRA="ins, isp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\XEV.GenericApp\shell\open\command" R="1" EXTRA="xevgenxml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\xmlfile\shell\open\command" R="1" EXTRA="rels, xml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\xslfile\shell\open\command" R="1" EXTRA="xsl" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\zapfile\shell\open\command" R="1" EXTRA="zap" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path" EVAL="1" F="1">
<NODE NAME="Debugger" VALUE="ntsd -d" EVAL="1" F="1" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Network" TR="V=4608" EVAL="1" F="1">
- <NODE NAME="Key" VALUE="HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings" R="1" EVAL="1" F="1">
<NODE NAME="AutoConfigProxy" VALUE="wininet.dll" LINK="689" EVAL="1" F="2" />
<NODE NAME="CertificateRevocation" VALUE="" EVAL="1" F="1" />
<NODE NAME="DisableCachingOfSSLPages" VALUE="" EVAL="1" F="1" />
<NODE NAME="EmailName" VALUE="IEUser@" EVAL="1" F="1" />
<NODE NAME="EnableAutodial" VALUE="" EVAL="1" F="1" />
<NODE NAME="EnableHttp1_1" VALUE="" EVAL="1" F="1" />
<NODE NAME="EnableNegotiate" VALUE="" EVAL="1" F="1" />
<NODE NAME="GlobalUserOffline" VALUE="" EVAL="1" F="1" />
<NODE NAME="IE5_UA_Backup_Flag" VALUE="5.0" EVAL="1" F="1" />
<NODE NAME="MigrateProxy" VALUE="" EVAL="1" F="1" />
<NODE NAME="MimeExclusionListForCache" VALUE="multipart/mixed multipart/x-mixed-replace multipart/x-byteranges" EVAL="1" F="1" />
<NODE NAME="NoNetAutodial" VALUE="" EVAL="1" F="1" />
<NODE NAME="PrivDiscUiShown" VALUE="" EVAL="1" F="1" />
<NODE NAME="PrivacyAdvanced" VALUE="" EVAL="1" F="1" />
<NODE NAME="ProxyEnable" VALUE="" EVAL="1" F="1" />
<NODE NAME="SecureProtocols" VALUE="" EVAL="1" F="1" />
<NODE NAME="UrlEncoding" VALUE="" EVAL="1" F="1" />
<NODE NAME="UseSchannelDirectly" VALUE="" EVAL="1" F="1" />
<NODE NAME="User Agent" VALUE="Mozilla/4.0 (compatible; MSIE 7.0; Win32)" EVAL="1" F="1" />
<NODE NAME="WarnOnPost" VALUE="" EVAL="1" F="1" />
<NODE NAME="WarnonZoneCrossing" VALUE="" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001" EVAL="1" F="1">
<NODE NAME="LibraryPath" VALUE="%SystemRoot%\System32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002" EVAL="1" F="1">
<NODE NAME="LibraryPath" VALUE="%SystemRoot%\System32\winrnr.dll" LINK="693" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003" EVAL="1" F="1">
<NODE NAME="LibraryPath" VALUE="%SystemRoot%\System32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\rsvpsp.dll" LINK="586" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\rsvpsp.dll" LINK="586" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" EVAL="1" F="1">
<NODE NAME="ProviderOrder" VALUE="RDPNP,LanmanWorkstation,WebClient" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders" EVAL="1" F="1">
<NODE NAME="SecurityProviders" VALUE="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" LINK="471" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider" EVAL="1" F="1">
<NODE NAME="ProviderPath" VALUE="%SystemRoot%\system32\ntmarta.dll" LINK="534" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites" EVAL="1" F="1">
<NODE NAME="ie.search.msn.com" VALUE="http://ie.search.msn.com/*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites" EVAL="1" F="1">
<NODE NAME="" VALUE="" EVAL="1" F="1" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Desktop" R="1" TR="V=4610" L="M" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKCU\Control Panel\Desktop" EVAL="5" F="1">
<NODE NAME="ConvertedWallpaper" VALUE="C:\Documents and Settings\Utente\Desktop\AS%20ROMAAAAA.jpg" />
<NODE NAME="OriginalWallpaper" VALUE="C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp" LINK="2" EVAL="5" />
<NODE NAME="SCRNSAVE.EXE" VALUE="C:\WINDOWS\system32\ssflwbox.scr" LINK="629" EVAL="1" F="2" />
<NODE NAME="Wallpaper" VALUE="D:\Documenti\Immagini\sfondo roma.bmp" LINK="734" EVAL="5" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Shell Execute Hooks" R="1" TR="V=4611" L="M" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" EVAL="1" F="1">
<NODE NAME="Hook per l'esecuzione degli URL" VALUE="shell32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="Groove GFS Stub Execution Hook" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" EVAL="5" F="1">
<NODE NAME="Proprietà dei file Multimedia" VALUE="mmsys.cpl" LINK="463" EVAL="1" F="2" />
<NODE NAME="Completamento automatico Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico della Cronologia di Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Contenitore dell'elenco di Completamento automatico multiplo Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="&Indirizzo" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico di Shell Folder di Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Haali Column Provider" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" LINK="13" EVAL="5" />
<NODE NAME="Ricerca Web" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="IE Microsoft BrowserBand" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="WebCheckWebCrawler" VALUE="C:\WINDOWS\system32\webcheck.dll" LINK="680" EVAL="1" F="2" />
<NODE NAME="Shell Automation Inproc Service" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Enumeratore applicazioni installate" VALUE="%SystemRoot%\system32\appwiz.cpl" LINK="186" EVAL="1" F="2" />
<NODE NAME="File cabinet" VALUE="cabview.dll" LINK="198" EVAL="1" F="2" />
<NODE NAME="" VALUE="%SystemRoot%\system32\dsuiext.dll" LINK="400" EVAL="1" F="2" />
<NODE NAME="Microsoft DocProp Inplace Droplist Combo Control" VALUE="C:\WINDOWS\system32\docprop2.dll" LINK="245" EVAL="1" F="2" />
<NODE NAME="Offline Files Folder Options" VALUE="%SystemRoot%\System32\cscui.dll" LINK="220" EVAL="1" F="2" />
<NODE NAME="ISFBand OC" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Microsoft Agent Character Property Sheet Handler" VALUE="C:\WINDOWS\msagent\agentpsh.dll" LINK="172" EVAL="1" F="2" />
<NODE NAME="" VALUE="%SystemRoot%\system32\dsquery.dll" LINK="397" EVAL="1" F="2" />
<NODE NAME="Ricerca all'interno" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Groove Explorer Icon Overlay 3 (GFS Folder)" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="Gestore scanner ICM" VALUE="icmui.dll" LINK="423" EVAL="1" F="2" />
<NODE NAME="IE Fade Task" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Estensione shell di protezione" VALUE="rshx32.dll" LINK="584" EVAL="1" F="2" />
<NODE NAME="IE Menu Desk Bar" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Shell Search Band" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Microsoft OLE DB Service Component Data Links" VALUE="C:\Programmi\File comuni\System\Ole DB\oledb32.dll" LINK="31" EVAL="1" F="2" />
<NODE NAME="Stato del download" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Cerca" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Guida in linea e supporto tecnico" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Protezione di Windows" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Esegui..." VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Internet" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Posta elettronica" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Set Program Access and Defaults" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Microsoft DocProp Inplace Time Control" VALUE="C:\WINDOWS\system32\docprop2.dll" LINK="245" EVAL="1" F="2" />
<NODE NAME="Groove Explorer Icon Overlay 4 (GFS Unread Mark)" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="Groove Folder Synchronization" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="IE AutoComplete" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="IE Search Band" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="&Contatti..." VALUE="C:\Programmi\Outlook Express\wabfind.dll" LINK="104" EVAL="1" F="2" />
<NODE NAME="Gestione applicazioni shell" VALUE="%SystemRoot%\system32\appwiz.cpl" LINK="186" EVAL="1" F="2" />
<NODE NAME="Portable Devices" VALUE="%SystemRoot%\system32\wpdshext.dll" LINK="706" EVAL="1" F="1" />
<NODE NAME="Groove XML Icon Handler" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="Microsoft Url History Service" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Shell DeskBarApp" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="The Internet" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Pagina di proprietà di Docfile OLE" VALUE="docprop.dll" LINK="244" EVAL="1" F="2" />
<NODE NAME="GDI + programma di estrazione file in anteprima" VALUE="C:\WINDOWS\system32\shimgvw.dll" LINK="612" EVAL="1" F="2" />
<NODE NAME="Scanner e fotocamere digitali" VALUE="wiashext.dll" LINK="685" EVAL="1" F="2" />
<NODE NAME="Video Media Properties Handler" VALUE="%SystemRoot%\system32\shmedia.dll" LINK="614" EVAL="1" F="2" />
<NODE NAME="Estensioni shell per la condivisione" VALUE="ntshrui.dll" LINK="536" EVAL="1" F="2" />
<NODE NAME="Estensione CPL PlusPack" VALUE="%SystemRoot%\system32\themeui.dll" LINK="640" EVAL="1" F="2" />
<NODE NAME="" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" LINK="78" EVAL="1" F="1" />
<NODE NAME="Estensione scheda video del Pannello di controllo" VALUE="deskadp.dll" LINK="231" EVAL="1" F="2" />
<NODE NAME="Estensione monitor del Pannello di controllo" VALUE="deskmon.dll" LINK="232" EVAL="1" F="2" />
<NODE NAME="Estensione panoramica video del Pannello di controllo" VALUE="deskpan.dll" />
<NODE NAME="IE Navigation Bar" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="IE Menu Site" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="IE Menu Band" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Estensione shell di protezione" VALUE="dssec.dll" LINK="398" EVAL="1" F="2" />
<NODE NAME="MyDocs menu and properties" VALUE="%SystemRoot%\system32\mydocs.dll" LINK="512" EVAL="1" F="2" />
<NODE NAME="Pagina compatibilità" VALUE="SlayerXP.dll" LINK="617" EVAL="1" F="2" />
<NODE NAME="Gestore dati dei ritagli di shell" VALUE="shscrap.dll" LINK="615" EVAL="1" F="2" />
<NODE NAME="Microsoft Office OneNote Namespace Extension for Windows Desktop Search" VALUE="C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" LINK="158" EVAL="1" F="1" />
<NODE NAME="Creazione guidata profilo Passport" VALUE="%SystemRoot%\system32\netplwiz.dll" LINK="521" EVAL="1" F="2" />
<NODE NAME="Estensione copia dischi" VALUE="diskcopy.dll" LINK="237" EVAL="1" F="2" />
<NODE NAME="Pagina proprietà versioni precedenti" VALUE="%SystemRoot%\system32\twext.dll" LINK="643" EVAL="1" F="2" />
<NODE NAME="Estensioni shell per oggetti Rete Microsoft Windows" VALUE="ntlanui2.dll" LINK="532" EVAL="1" F="2" />
<NODE NAME="Gestore monitor ICM" VALUE="%SystemRoot%\System32\icmui.dll" LINK="423" EVAL="1" F="2" />
<NODE NAME="Barra degli strumenti Microsoft Internet" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Auto Update Property Sheet Extension" VALUE="C:\WINDOWS\system32\wuaucpl.cpl" LINK="717" EVAL="1" F="1" />
<NODE NAME="Shell Extension For Windows Script Host" VALUE="C:\WINDOWS\system32\wshext.dll" LINK="713" EVAL="1" F="2" />
<NODE NAME="IE Microsoft History AutoComplete List" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Oggetto DropTarget per Stampa guidata foto" VALUE="%SystemRoot%\system32\photowiz.dll" LINK="550" EVAL="1" F="2" />
<NODE NAME="" VALUE="%SystemRoot%\system32\dsuiext.dll" LINK="400" EVAL="1" F="2" />
<NODE NAME="Microsoft FTP Folder" VALUE="C:\WINDOWS\system32\msieftp.dll" LINK="487" EVAL="1" F="2" />
<NODE NAME="Portable Media Devices" VALUE="%SystemRoot%\system32\Audiodev.dll" LINK="188" EVAL="1" F="1" />
<NODE NAME="Shell Folder 2 accresciuto" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Shell Image Data Factory" VALUE="%SystemRoot%\system32\shimgvw.dll" LINK="612" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico MRU" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Gestore stampante ICM" VALUE="%SystemRoot%\system32\icmui.dll" LINK="423" EVAL="1" F="2" />
<NODE NAME="CDF Extension Copy Hook" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Extensions Manager Folder" VALUE="C:\WINDOWS\system32\extmgr.dll" LINK="408" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico MRU personalizzato" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Microsoft DocProp Inplace Calendar Control" VALUE="C:\WINDOWS\system32\docprop2.dll" LINK="245" EVAL="1" F="2" />
<NODE NAME="IE Tracking Shell Menu" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Groove GFS Context Menu Handler" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Oggetto Pubblicazione guidata sul Web" VALUE="%SystemRoot%\system32\netplwiz.dll" LINK="521" EVAL="1" F="2" />
<NODE NAME="Connessioni di rete" VALUE="C:\WINDOWS\system32\NETSHELL.dll" LINK="523" EVAL="1" F="2" />
<NODE NAME="Groove GFS Browser Helper" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="TridentImageExtractor" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.04.07, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rmctrl .exe
C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv .exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documenti\Claudia\launch.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\setup.exe
D:\Documenti\Claudia\SysInspector.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fastrate USB 100 Modem.lnk = ?
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://colosseo86.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{081369E1-F9BF-4777-8A4B-AF6E9DB687CC}: NameServer = 85.255.113.195 85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{9019F2A4-7DA9-441C-BC3B-DC3844A77909}: NameServer = 85.255.113.195,85.255.112.64
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.64
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.64
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\PrevxCSI\prevxcsi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: setup_7.0.0.180_18.05.2008_00-35 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe

--
End of file - 8008 bytes


GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-22 18:29:50
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8158D6C0
Device \FileSystem\Ntfs \Ntfs 818254D0
Device \FileSystem\Ntfs \Ntfs 81A13DE0
Device \FileSystem\Ntfs \Ntfs 81B05DA8
Device \FileSystem\Ntfs \Ntfs 816039E8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.14 ----

ciao, riedita cortesemente il tuo post a caricando i log secondo le modalità

Modalità di pubblicazione dei log

Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comando Gestisci allegati nelle Opzioni aggiuntive
Clicca su Gestisci allegati -> si aprirà una finestra -> Click su Sfoglia -> seleziona il file da caricare -> Click su Carica -> sotto allegati correnti vedrai il tuo log caricato -> Chiudi la finestra

Altrimenti caricali su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.

Per le immagini consiglio innanzitutto di salvarle in JPG, essendo più leggere e caricarle su fileqube.com (http://fileqube.com) che permette di visualizzarle direttamente online.

Tu hai seguito subito la guida generica... dei prima postare il log di FindAWF, leggi bene il primo post di questa discussione

@ cla8686:
mi spiace ma se non invii i log su uno dei server consigliati per poi pubblicare i link ai download altrimenti è per noi difficile leggere i log :)

Per Francizio..

Volevo chiederti se le istruzioni della guida valgono anche on windows vista.

Grazie

Per Francizio..

Volevo chiederti se le istruzioni della guida valgono anche on windows vista.

Grazie

Ciao.

Non ho la possibilità di testare, ma non credo ci sia alcun tipo di problema.

Credo che fra i centinaia di utenti che hanno chiesto aiuto ci sarà stato sicuramente qualcuno che avesse Vista come SO.

Quindi puoi tranquillamente seguire la guida.;)

ciao a tutti sono nuova di questo forum..qualche giorno fa ho scritto su un'altro forum perchè mi ritrovo internet connection tra le connessioni..io ho alice adsl ..ora non mi crea fastidi ma qualche giorno fa mi cadeva la connessione in continuazine..cmq nell'altro forum mi hanno dato delle indicazioni per come toglierlo...in questo indirizzo ci sono i vari passaggi
http://www.p2pforum.it/forum/showthread.php?t=305744&page=2
dopo aver fatto tutto quello che mi è stato consigliato internet connection la trovo ancora tra le connessioni ... qualcuno mi può aiutare tenendo presente la mia scarsa conoscenza in pc?

Ciao rosa...
Allora...Vediamo di capirci qualcosa.
Spegni il pc, riaccendilo, fai una scansione con FindAWF e posta quì il log.
Viadiamo di venirne a capo.

Per Francizio..

Ho lanciato FindAWF ma il risultato è questo....

Aiuto....

Per Francizio..

Ho lanciato FindAWF ma il risultato è questo....

Aiuto....

Il log è pulito.
Vai in prima pagina, e alla fine del primo messaggio trovi il link con le istruzioni per chi non ha file duplicati.
;)

per francizio
ecco il log

per francizio
ecco il log

scarica avenger e carica il seguente script:
Files to move:
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe | C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe | C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

ho avviato avenger e questo è il log...comunque la malefica connessione è sempre al suo posto

ho sbagliato a caricarlo ..eccolo il log

ho sbagliato a caricarlo ..eccolo il log

Ciao Rosa39, pulisci con CCleaner come indicato in Guida ed elimina la connessione manulamente, per scrupolo riallega un log di FindAWF ;)

ho fatto tutto ...purtroppo manualmente non si toglie ..faccio elimina ma poi è sempre lì...allego il log di findAWF

Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

ho fatto tutto ...purtroppo manualmente non si toglie ..faccio elimina ma poi è sempre lì...allego il log di findAWF

EDIT: non avevo visto che aveva il problema dell'eliminazione manuale.
Segui le istruzioni di wjmat

Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log


Non hanno duplicati per questo motivo http://www.hwupgrade.it/forum/showpost.php?p=22589727&postcount=2389 ;)

ho fatto tutto ...purtroppo manualmente non si toglie ..faccio elimina ma poi è sempre lì...allego il log di findAWF

le cartelle bak rimaste le puoi cancellare manualmente quando vuoi :)

scusatemi .prima di fare qualche guaio voelvo sapere se con ccleaner devo selezionare anche advanced e pulire tutto.. vorrei la conferma prima di procedere...

si puoi spuntarle tutte

mi potreste speigare come posso eliminarlo manualmente?
scusate ma non sono esperta

mi potreste speigare come posso eliminarlo manualmente?
scusate ma non sono esperta

le directory le cancelli cercandole prima nel tuo hardisk, la selezioni e poi premi "canc" da tastiera o selezioni con il tasto destro la voce "elimina" :)
le cartele da cancellare sono:

C:\WINDOWS\system32\bak
C:\Programmi\Alice ti aiuta\SmartBridge\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak

:)

mi potreste speigare come posso eliminarlo manualmente?
scusate ma non sono esperta

Clicchi Start -> Pannello di controllo -> Rete e connesisoni internet -> Connessioni di rete.

Individua la connessione, clicchi col destro e selezioni "elimina".;)

le directory le cancelli cercandole prima nel tuo hardisk, la selezioni e poi premi "canc" da tastiera o selezioni con il tasto destro la voce "elimina" :)
le cartele da cancellare sono:

C:\WINDOWS\system32\bak
C:\Programmi\Alice ti aiuta\SmartBridge\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak

:)

Credo si riferisse alla connessione...;)

opszz :stordita:

francizio ho fatto elimina ma niente non se ne va..è sempre lì! e non si tolgono neanche i file come consiglia xcdegasp..mi appare una finestra di errore ..impossibile eliminare file:impossibile leggere dal file o dal disco di origine

francizio ho fatto elimina ma niente non se ne va..è sempre lì! e non si tolgono neanche i file come consiglia xcdegasp..mi appare una finestra di errore ..impossibile eliminare file:impossibile leggere dal file o dal disco di origine

Hai provato a spegnere/riaccendere il pc e a provare dopo a eliminarli?
E' possibile che qualche processo li stia "utilizzando" e per questo non te li faccia cancellare.

:doh: che confusionaria che sono non avevo letto quanto scritto da francizio su xcdegas ...è che le sto provando tutte ...si mi riferisco sempre alla connessione pensavo ci fosse qualche altro modo per toglierla manualmente oltre a cliccare su elimina che avevo già provato a fare ma non si toglie !!!:muro:

:doh: che confusionaria che sono non avevo letto quanto scritto da francizio su xcdegas ...è che le sto provando tutte ...si mi riferisco sempre alla connessione pensavo ci fosse qualche altro modo per toglierla manualmente oltre a cliccare su elimina che avevo già provato a fare ma non si toglie !!!:muro:

Mmmh...:what:

Prova ed entrare in modalità provvisoria.

Con la modalità provvisoria tanti processi non vengono aperti e c'è la possibilità che riesca ad eliminare il tutto.

I percorsi per i file e per la connessione sono sempre quelli che ti abbiamo postato sopra.

Magari segnateli...

:doh: che confusionaria che sono non avevo letto quanto scritto da francizio su xcdegas ...è che le sto provando tutte ...si mi riferisco sempre alla connessione pensavo ci fosse qualche altro modo per toglierla manualmente oltre a cliccare su elimina che avevo già provato a fare ma non si toglie !!!:muro:

In alternativa ti rimando a questa discussione:

http://www.hwupgrade.it/forum/showthread.php?t=861857

dove dovresti trovare ottimi consigli per chi ha problemi ad eliminare i files...;)

quei file sono riuscita a toglierli...ma la internet connection è sempre presente nelle connessioni di rete!!:cry:

ragazzi mi aiutate? ho notato che nelle connessioni di rete ce internet connection il dialer, oggi ho fatto una scansione con zone alarm che ha trovato 6 dialer e dopo averli eliminati internet connection rimane li dovè. vi linko il txt di find awf.
inoltre ho un adsl flat libero con modem adsl usb volevo sapere se ce rischio che mi arrivi una bolletta salata. grazie a tutti per l'aiuto :cry:

quei file sono riuscita a toglierli...ma la internet connection è sempre presente nelle connessioni di rete!!:cry:

per le directory usa questo script:
Folders to delete:
C:\WINDOWS\system32\bak
C:\Programmi\Alice ti aiuta\SmartBridge\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak

poi fammi un log di HiJackThis e di a-squared.. scusa se teli richiedo ma vorrei accertarmi :)

ragazzi mi aiutate? ho notato che nelle connessioni di rete ce internet connection il dialer, oggi ho fatto una scansione con zone alarm che ha trovato 6 dialer e dopo averli eliminati internet connection rimane li dovè. vi linko il txt di find awf.
inoltre ho un adsl flat libero con modem adsl usb volevo sapere se ce rischio che mi arrivi una bolletta salata. grazie a tutti per l'aiuto :cry:

scarica avengere e carica questo script:
Files to move:
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe | C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe | C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe | C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Sony\SonicStage\bak\SsAAD.exe | C:\Programmi\Sony\SonicStage\SsAAD.exe
C:\Programmi\Thrustmaster\FunAccess\bak\PSPAP.exe | C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\bak\Communications_Helper.exe | C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\bak\LVComSX.exe | C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\monitor.exe | C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

Folders to delete:
C:\WINDOWS\system32\bak
C:\Programmi\Analog Devices\SoundMAX\bak
C:\Programmi\ATI Technologies\ATI Control Panel\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Sony\SonicStage\bak
C:\Programmi\Thrustmaster\FunAccess\bak
C:\Programmi\Adobe\Reader 8.0\Reader\bak
C:\Programmi\File comuni\Ahead\Lib\bak
C:\Programmi\File comuni\LogiShrd\LComMgr\bak
C:\Programmi\File comuni\Real\Update_OB\bak
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak
C:\Programmi\Java\jre1.6.0_02\bin\bak

così ti faccio fare in una sola passata lo spostamento dei file e cancellazione delle directories :)
poi segui la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3, rispettandone l'ordine di esecuzione, e anche un log HiJackThis :)

ho fatto tutto quello che dite x togliere quel dialer ma il log che mi viene fuori è senza duplicati cosa devo fare?

ho fatto tutto quello che dite x togliere quel dialer ma il log che mi viene fuori è senza duplicati cosa devo fare?
segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato a d oggi e poi alleghi il log

devo scaricare prevxcsi? o fare solo punto 2 e 3? grazie

questo è il mio log grazie x l'aiuto

allora dopo che ho fatto il procedimento con cc cleaner , allego il log di avenger e la seconda scansione con awf. e aspetto vostre notizie perchè non ho capito cos'altro devo fare :confused: grazie aspetto una vostra risposta

allora dopo che ho fatto il procedimento con cc cleaner , allego il log di avenger e la seconda scansione con awf. e aspetto vostre notizie perchè non ho capito cos'altro devo fare :confused: grazie aspetto una vostra risposta
Ti manca di fare:

Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

ecco i log richiesti

ecco il log di Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.50.40, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
leggere le Regole di Sezione

--
End of file - 10339 bytes

Ti manca di fare:

Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log




dunque ho fatto le due scansioni ti posto i log. nella scansione con a squared mi ha trovato 5 cookie e li ho messi in quarantena aspetto notizie per saper cosa fare. grazie ciao

x therichwarrior
mi pare che a-squared non abbia intercettato nulla.... prosegui con la guida

x rosa39
vedi come consiglio qui sopra, poi per piacere riedita il tuo post precedente caricando il log con la funzione gestisci allegati

ciao

x rosa39
vedi come consiglio qui sopra, poi per piacere riedita il tuo post precedente caricando il log con la funzione gestisci allegati

ciao[/QUOTE]

non so perche ma non me lo fa caricare come allegato

li ho inseriti così i log spero vada bene

http://wikisend.com/download/517726/hijackthis.log
http://wikisend.com/download/517752/a2scan_080524-225359.txt

Gentili Moderatori e Utenti di questo forum,

il mio computer è infestato dal dialer del titolo e girando per la rete credo che qui soltanto qualcuno possa aiutarmi seriamente.
Ho già provato a seguire da solo le indicazioni delle guida ma purtroppo dopo alcuni successi iniziali la connessione è ricomparsa ad ogni riavvio.
Vi segnalo subito che il log AWF non segnala cartelle o files duplicati, mentre vi allego, sperando di fare cosa giusta, il log di hijackthis.

Sarei davvero grato se qualcuno di voi potesse aiutarmi.
Un grazie anticipato e mi scuso per eventuali inesattezze o errori nel postare.
sam

Gentili Moderatori e Utenti di questo forum,

il mio computer è infestato dal dialer del titolo e girando per la rete credo che qui soltanto qualcuno possa aiutarmi seriamente.
Ho già provato a seguire da solo le indicazioni delle guida ma purtroppo dopo alcuni successi iniziali la connessione è ricomparsa ad ogni riavvio.
Vi segnalo subito che il log AWF non segnala cartelle o files duplicati, mentre vi allego, sperando di fare cosa giusta, il log di hijackthis.

Sarei davvero grato se qualcuno di voi potesse aiutarmi.
Un grazie anticipato e mi scuso per eventuali inesattezze o errori nel postare.
sam

prima del log hijackthis fai la scansione con ADSScanner eseguendo la pulizia e a-squared :)
li trovi nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737)

prima del log hijackthis fai la scansione con ADSScanner eseguendo la pulizia e a-squared :)
li trovi nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737)

Li ho già provati:

- adsscanner mi segnala questa stringa (no Ntfs found in your computer ...) e non mi permette lo scan

- a-squared l'ho usato oggi più volte ma mi ha rilevato solo 4 cookies traccianti rischio basso.


Altre indicazioni:
- nella cronologia internet compare www.download787.com, fenomeno riscontrabile in reta anche ad altri utenti;
- non riesco più ad accedere alla modalità provvisoria.

Grazie per l'interessamento, pronto a seguire ogni indicazione;)

Li ho già provati:

- adsscanner mi segnala questa stringa (no Ntfs found in your computer ...) e non mi permette lo scan

- a-squared l'ho usato oggi più volte ma mi ha rilevato solo 4 cookies traccianti rischio basso.


Altre indicazioni:
- nella cronologia internet compare www.download787.com, fenomeno riscontrabile in reta anche ad altri utenti;
- non riesco più ad accedere alla modalità provvisoria.

Grazie per l'interessamento, pronto a seguire ogni indicazione;)
e allora procedi con il resto dela guida :)

Salve a tutti.
Anche io sono del Club..:(
Ogni tanto mentre sono connesso mi parte la internet connection..
Vi allego i log che ho fatto anche se sicuramente non basteranno per fare l'analisi, ma da qualche parte devo iniziare...:)

Grazie!
Ciao

Salve a tutti.
Anche io sono del Club..:(
Ogni tanto mentre sono connesso mi parte la internet connection..
Vi allego i log che ho fatto anche se sicuramente non basteranno per fare l'analisi, ma da qualche parte devo iniziare...:)

Grazie!
Ciao

Ciao il tuo log è pulito seguit questa Guida http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

x therichwarrior
mi pare che a-squared non abbia intercettato nulla.... prosegui con la guida

x rosa39
vedi come consiglio qui sopra, poi per piacere riedita il tuo post precedente caricando il log con la funzione gestisci allegati

ciao

allora ho proseguito con la lista dr web non ha trovato nulla, allego sys inspector gmer non si apre e prevxcsi non so come allegarvi il file xml. comunque anche se non trovano nulla nelle risorse di rete ce smepre internet connection è normale? aspetto risposta grazie

jpeg sys inspector:
http://img165.imageshack.us/img165/3368/prevxcsiec8.jpg (http://imageshack.us)

il log di f-secure o kaspersky?
la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli

il log di f-secure o kaspersky?
la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli

kasperski l'avevo fatto con hijackthis era nella guida e anche f secure forse non li ho postati li posto?

kasperski l'avevo fatto con hijackthis era nella guida e anche f secure forse non li ho postati li posto?
si posta tutti i log richiesti che ti mancano

la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli


ho provato anche io a cancellarla manualmente ma non si toglie!:muro:

si posta tutti i log richiesti che ti mancano

allego file f secure, kaspersky è a pagamento per il resto te li ho postati e nn trova nulla
internet connection lho cancellato manualmente. devo far altro?
C:\Documents and Settings\PC\Desktop\F-Secure Online Scanner 3_3_1 - Scanning Report - Monday, May 26, 2008 195917.mht

la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli


ho provato anche io a cancellarla manualmente ma non si toglie!:muro:
Per questo forse ti posso aiutare io dato che la manovra l'ho imparata praticamente a memoria..:(
Start/impostazioni/Connessioni di rete.
Tasto destro sulla Mer*@#a "internet connection" e poi Disconnetti.
A questo punto puoi rifare tasto destro sulla "internet connection" ed Elimina.

Spero di essere stato di aiuto..:)

allego file f secure, kaspersky è a pagamento per il resto te li ho postati e nn trova nulla
internet connection lho cancellato manualmente. devo far altro?
C:\Documents and Settings\PC\Desktop\F-Secure Online Scanner 3_3_1 - Scanning Report - Monday, May 26, 2008 195917.mht
riallega f-secure che non è corretto il link

ragazzi ho fatto le varie scansioni come dice la guida vi allego i vari log spero che mi aiutate ad eliminare quella connessione ( non mi dite di toglierla manualmente perchè non si toglie)
DrWeb non ha rilevato nulla
PREVXcsi:System status :clean

http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/SysInspector--080526-1507.xml

finalemente ho capito perchè non si toglieva manualmente!!
avevo messo rasphone come file di sola lettura...ora ho tolto la spunta e finalemtne l'ho eliminata!!spero non ritorni!

ragazzi ho fatto le varie scansioni come dice la guida vi allego i vari log spero che mi aiutate ad eliminare quella connessione ( non mi dite di toglierla manualmente perchè non si toglie)
DrWeb non ha rilevato nulla
PREVXcsi:System status :clean

http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/SysInspector--080526-1507.xml
rosa39 mi sembra manchi la scansione con f-secure o kaspersky

finalemente ho capito perchè non si toglieva manualmente!!
avevo messo rasphone come file di sola lettura...ora ho tolto la spunta e finalemtne l'ho eliminata!!spero non ritorni!

Non ha più senso mettere rasphone in sola lettura

ecco anche il log di kaspersky

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

Non ha più senso mettere rasphone in sola lettura
qualcuno mi aveva consigliato di metterlo in sola lettura .. in questo modo internet connection non si toglieva dalle connessioni... poi mi sono ricordata e ho tolto la spunta a solo lettura ...e ho provato a togliere la connessione facendo elimina...e così è sparita

qualcuno mi aveva consigliato di metterlo in sola lettura .. in questo modo internet connection non si toglieva dalle connessioni... poi mi sono ricordata e ho tolto la spunta a solo lettura ...e ho provato a togliere la connessione facendo elimina...e così è sparita

Infatti, lascialo cosi com'è non ha senso metterlo in sola lettura

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report
Ciao benvenuto nel pronto soccorso di HU.
Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento, se poi l'infezione non sarà intercettata da a-squared, dovrai seguirla fino in fondo.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

qualcuno mi aveva consigliato di metterlo in sola lettura .. in questo modo internet connection non si toglieva dalle connessioni... poi mi sono ricordata e ho tolto la spunta a solo lettura ...e ho provato a togliere la connessione facendo elimina...e così è sparita
un utente ti aveva consigliato di fare disconnetti e poi elimina mi pare. ma ora come sei messa??

Ciao benvenuto nel pronto soccorso di HU.
Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento, se poi l'infezione non sarà intercettata da a-squared, dovrai seguirla fino in fondo.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log
sera
a-squared Free - Version 3.5
Last update: 27/05/2008 16.30.09

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 27/05/2008 16.30.27

c:\windows\system32\searchx.htm rilevati: Trace.File.MaxSpeed
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> Changed rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> SlowInfoCache rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayName rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayVersion rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> HelpLink rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> InstallLocation rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoModify rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoRepair rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> Publisher rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> UninstallString rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed rilevati: Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache rilevati: Trace.Registry.Warez P2P Faster Accelerator
C:\AlbumDesign\Droplet\Dimension\' Custom Size.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 20x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 24x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 25x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 30x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x45 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x40 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 50x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover Custom Resize.exe rilevati: Trojan.Win32.Agent.ho
C:\Documents and Settings\alfino\Desktop\perfederica\mirc62.exe rilevati: Riskware.Client-IRC.Win32.mIRC.62

Scansionati

Files: 13112
Tracce: 406297
Cookies: 22
Processi: 34

Rilevato

Files: 46
Tracce: 13
Cookies: 0
Processi: 0
Chiavi registro: 0

Fine scansione: 27/05/2008 16.43.39
Tempo scansione: 0:13:12

C:\Documents and Settings\alfino\Desktop\perfederica\mirc62.exe In quarantena Riskware.Client-IRC.Win32.mIRC.62
C:\AlbumDesign\Droplet\Dimension\' Custom Size.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 20x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 24x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 25x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 30x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x45 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x40 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 50x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover Custom Resize.exe In quarantena Trojan.Win32.Agent.ho
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed In quarantena Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache In quarantena Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> Changed In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> SlowInfoCache In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayName In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayVersion In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> HelpLink In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> InstallLocation In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoModify In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoRepair In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> Publisher In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> UninstallString In quarantena Trace.Registry.ClickSpring.Oinadserver
c:\windows\system32\searchx.htm In quarantena Trace.File.MaxSpeed

In quarantena

Files: 46
Tracce: 13
Cookies: 0

un utente ti aveva consigliato di fare disconnetti e poi elimina mi pare. ma ora come sei messa??

no qualcuno in precedenza(ora non ricordo chi dovrei rileggere i post) mi aveva consigliato di metter rasphone come solo lettura e cosi ho fatto..ma internet connection rimaneva tra le connessioni..e non si toglieva manualmente..poi ho tolto la spunta di solo lettura e ho fatto elimina e ora non c'è più..comunque ho postato i vari log delle scansioni ..mi dite se è il mio pc è ripulito? e poi vorrei anche sapere gentilmente se i vari programmi di scansione scaricati li devo togliere o no

no qualcuno in precedenza(ora non ricordo chi dovrei rileggere i post) mi aveva consigliato di metter rasphone come solo lettura e cosi ho fatto..ma internet connection rimaneva tra le connessioni..e non si toglieva manualmente..poi ho tolto la spunta di solo lettura e ho fatto elimina e ora non c'è più..comunque ho postato i vari log delle scansioni ..mi dite se è il mio pc è ripulito? e poi vorrei anche sapere gentilmente se i vari programmi di scansione scaricati li devo togliere o no
se vuoi la sicurezza finisci la guida che lo vediamo
Quando avremo la conferma dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.

Pensavo di averla debellata la maledetta internet connection ma è ritornata anche sul mio nuovo computer! :muro: Mi avete salvato il portatile e vi chiedo aiuto ancora una volta per il mio pc... GRAZIE!!!!!!!!

Pensavo di averla debellata la maledetta internet connection ma è ritornata anche sul mio nuovo computer! :muro: Mi avete salvato il portatile e vi chiedo aiuto ancora una volta per il mio pc... GRAZIE!!!!!!!!

sembra ci sia solo:
Files to move:
D:\Programmi\Microsoft Encarta 2007 - Premium DVD\bak\EDICT.EXE | D:\Programmi\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE

grazie x la tempestività... :D

riallega f-secure che non è corretto il link

ecco il log di f secure

se vuoi la sicurezza finisci la guida che lo vediamo
Quando avremo la conferma dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.
scusami ma dopo aver postato i log delle scansioni che altro devo fare ?(pardon la mia ignoranza)

scusami ma dopo aver postato i log delle scansioni che altro devo fare ?(pardon la mia ignoranza)

log di A-squared scansione deep aggiornato ad oggi
log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
log di Dr.Web CureIT scaricato ed aggiornato ad oggi
log di ESET SysInspector
log di HiJackThis
log di Gmer
immagine della schermata di PrevxCSI in caso di rilevazioni

ti mancano quelli segnati in rosso, se passi questi sei a posto ;)

ecco il log di f secure
manca quello di sys inspector
caricalo su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.
il problema persiste??

log di A-squared scansione deep aggiornato ad oggi
log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
log di Dr.Web CureIT scaricato ed aggiornato ad oggi
log di ESET SysInspector
log di HiJackThis
log di Gmer
immagine della schermata di PrevxCSI in caso di rilevazioni

ti mancano quelli segnati in rosso, se passi questi sei a posto ;)

ma li ho mandati nei post precedenti!!

ora te li rimando
DrWeb non ha rilevato nulla
PREVXcsi:system status :clean
http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/...80526-1507.xml
http://wikisend.com/download/594990/kasp.txt

ora te li rimando
DrWeb non ha rilevato nulla
PREVXcsi:system status :clean
http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/...80526-1507.xml
http://wikisend.com/download/594990/kasp.txt
volevo che li rifacessi dopo kaspersky, ma non avendo trovato nulla cambia poco....

da gmer vedo questo...
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior
chill mi confermi che c'è dell'altro?

manca quello di sys inspector
caricalo su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.
il problema persiste??

ecco il link SysInspector-PC00-080526-1500.xml (http://wikisend.com/download/514968/SysInspector-PC00-080526-1500.xml)

per quanto riguarda internet connection lho cancellato manualmente e non è spuntato piu però ogni tanto in explorer mi da un errore che non apre le pagine e mi spunta la finestra di errore enon so se è legato al dialer. è possibile?

volevo che li rifacessi dopo kaspersky, ma non avendo trovato nulla cambia poco....

da gmer vedo questo...
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior
chill mi confermi che c'è dell'altro?

No tranquillo niente MBR Rootkit

Ciao il tuo log è pulito seguit questa Guida http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Ciao,
grazie alle Vs. preziose indicazioni per ora sono riuscito a togliere la famigerata "internet connection":) ... almeno per ora non mi compare più da ieri...però mi rimane da capire perchè ritorna fuori nella cartella cronologia "download787 (www.download797.com) "sanity.php?1=1266671-10053" :confused:
ho girato i seguenti programmi:
ADS SCANNER 2.0 (spuntato find ads windows folder + find ads all ntfs driver)
e ha risposto FOUND 0 ITEM(S)
A-SQUARE
allego il LOG
F-SECURE
allego il LOG
DR.WEB CUREIT!
allego il LOG
GMER
allego il LOG

Come vi pare? devo fare anche le altre procedure per togliere questo download787 dalla cronologia?

Ciao,
grazie alle Vs. preziose indicazioni per ora sono riuscito a togliere la famigerata "internet connection":) ... almeno per ora non mi compare più da ieri...però mi rimane da capire perchè ritorna fuori nella cartella cronologia "download787 (vvv.download797.com) "sanity.php?1=1266671-10053" :confused:
ho girato i seguenti programmi:
ADS SCANNER 2.0 (spuntato find ads windows folder + find ads all ntfs driver)
e ha risposto FOUND 0 ITEM(S)
A-SQUARE
allego il LOG
F-SECURE
allego il LOG
DR.WEB CUREIT!
allego il LOG
GMER
allego il LOG

Come vi pare? devo fare anche le altre procedure per togliere questo download787 dalla cronologia?

Forse hai dimenticato di allegare il log di CureIt e Gmer visto che li hai fatti, poi allega un log di HijackThis

Edita il link vvv.download797.com

Ops, mancano due LOG...
dr.web è gigantesco allego quello che mi sembra importante
==========================================================
Dr.Web® Scanner per Windows v4.44.5 (4.44.5.05200)
© Igor Daniloff, 1992-2008. All rights reserved.
Log generati su: 2008-05-27, 18:47:11 [USER][Marco]
Linea di Comando: "C:\DOCUME~1\Marco\IMPOST~1\Temp\RarSFX0\setup.exe" /lng:it-cureit.dwl /ini:setup_XP.ini
Sistema operativo:Windows XP Home Edition x86 (Build 2600), Service Pack 2
==========================================================
-----------------------------------------------------------------------------
Statistiche delle Scansioni
-----------------------------------------------------------------------------
Oggetti controllati: 179874
Trovati oggetti Infetti: 2
Trovato Oggetti modificati: 2
Trovato oggetti Sospetti: 0
Trovato Adware: 0
Trovato Dialer: 0
Trovato Joke: 0
Trovato Riskware: 0
Trovato Hacktool: 0
Oggetti curati: 0
Oggetti cancellati: 2
Oggetti rinominati: 0
Oggetti spostati: 2
Oggetti ignorati: 0
Velocità di scansione: 307 Kb/s
Durata scansione: 01:20:01
--------------------------------------------------------------------------


e poi GMER
Ciao

Forse hai dimenticato di allegare il log di CureIt e Gmer visto che li hai fatti, poi allega un log di HijackThis

Edita il link vvv.download797.com

Ecco il file di HijackThis..:)
Ciao

I log vanno allegati così non vedo cosa è stato cancellato/rinominato

Manca il log di HijackThis

Il log di hijackThis è pulito, fai pulizia con ATF Cleaner come indicato qui: http://www.hwupgrade.it/forum/showthread.php?t=1599737

e dimmi se il famigerato link salta ancora fuori

Il log di hijackThis è pulito, fai pulizia con ATF Cleaner come indicato qui: http://www.hwupgrade.it/forum/showthread.php?t=1599737

e dimmi se il famigerato link salta ancora fuori

Ci provo subito e faccio sapere! :)

ti ho corretto il titolo :)
Salve a tutti, sono un neofita di questo forum, vi chiedo un aiuto per liberarmi del dialer (??) hxxp://www.download787.com. Nonostante ho la connessione ADSL preferirei eliminare il fastidio di IE che parte ad ogni avvio del PC cercando di collegarsi al sito hxxp://www.downlod787.com. Vi segnalo che se attivo la connessione con il browser IE aperto a causa del dialer, AVAST mi segnala la presenza di WIN32: Dialer-1378[trj] e mi consiglia di chiudere la connesssione. Se però faccio uno scan con AVAST il PC risulta pulito. Comunque ho seguito le istruzioni del forum e vi posto il log di FindAWF. Spero che qualcuno di voi mi possa aiutare fornendomi lo script per Avenger. Un grazie in anticipo.

Salve a tutti, sono un neofita di questo forum, vi chiedo un aiuto per liberarmi del dialer (??) www.download787.com. Nonostante ho la connessione ADSL preferirei eliminare il fastidio di IE che parte ad ogni avvio del PC cercando di collegarsi al sito www.downlod787.com. Vi segnalo che se attivo la connessione con il browser IE aperto a causa del dialer, AVAST mi segnala la presenza di WIN32: Dialer-1378[trj] e mi consiglia di chiudere la connesssione. Se però faccio uno scan con AVAST il PC risulta pulito. Comunque ho seguito le istruzioni del forum e vi posto il log di FindAWF. Spero che qualcuno di voi mi possa aiutare fornendomi lo script per Avenger. Un grazie in anticipo.

questo vvv.download787.com sta facendo un a strage..:mad:
Ma non c'è maniera rintracciarli,...di denunciarli? o comunque fargliela pagare in qualche maniera?

Salve a tutti, sono un neofita di questo forum, vi chiedo un aiuto per liberarmi del dialer (??) www.download787.com. Nonostante ho la connessione ADSL preferirei eliminare il fastidio di IE che parte ad ogni avvio del PC cercando di collegarsi al sito www.downlod787.com. Vi segnalo che se attivo la connessione con il browser IE aperto a causa del dialer, AVAST mi segnala la presenza di WIN32: Dialer-1378[trj] e mi consiglia di chiudere la connesssione. Se però faccio uno scan con AVAST il PC risulta pulito. Comunque ho seguito le istruzioni del forum e vi posto il log di FindAWF. Spero che qualcuno di voi mi possa aiutare fornendomi lo script per Avenger. Un grazie in anticipo.

scarica avenger e carica questo script:
Files to move:
C:\Programmi\FaxTalk Communicator\bak\FTCtrl32.exe | C:\Programmi\FaxTalk Communicator\FTCtrl32.EXE
C:\Programmi\Lexmark X74-X75\bak\lxbbbmgr.exe | C:\Programmi\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\File comuni\Nero\Lib\nerocheck .exe | C:\Programmi\File comuni\Nero\Lib\nerocheck.exe
C:\WINDOWS\system32\bak\PSDrvCheck.exe | C:\WINDOWS\system32\PSDrvCheck.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe | C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe | C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Real\RealPlayer\bak\realplay.exe | C:\Programmi\Real\RealPlayer\realplay.exe
C:\Program Files\ASUS\Probe\bak\AsusProb.exe | C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Logitech\MouseWare\system\bak\EM_EXEC.EXE | C:\Programmi\Logitech\MouseWare\system\EM_EXEC.EXE

poi rifai un altro log con findawf e uno con a-squared e un log hijackthis :)

Ci provo subito e faccio sapere! :)

Il log di hijackThis è pulito, fai pulizia con ATF Cleaner come indicato qui: http://www.hwupgrade.it/forum/showthread.php?t=1599737

e dimmi se il famigerato link salta ancora fuori

Ho seguito le istruzioni e per ora non compare.. però per sicurezza provo a spengere e riaccendere il pc....speriamo in ben...:)
Per ora grazie infinite...
A dopo

O seguito le istruzioni e per ora non compare.. però per sicurezza provo a spengere e riaccendere il pc....speriamo in ben...:)

OK fammi sapere

OK fammi sapere

Niente da fare è ricomparso!
Ho riacceso, ho aperto IE, poi ho aperto la cronologia e non c'era...
Mi sono allontanato 3 minuti e sono tornato...ho riaperto la cronologia (senza "navigare" in nessuna pagina) ed eccolo di nuovo qua...:(

sto perdendo le speranze....:cry:

Niente da fare è ricomparso!
Ho riacceso, ho aperto IE, poi ho aperto la cronologia e non c'era...
Mi sono allontanato 3 minuti e sono tornato...ho riaperto la cronologia (senza "navigare" in nessuna pagina) ed eccolo di nuovo qua...:(

sto perdendo le speranze....:cry:

Scarica SDFix e salvalo sul Desktop
Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
Riavvia il sistema in modalità provvisoria F8
Apri la cartella SDFix in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
seleziona Y per avviare la pulizia
Quando richiesto premi un tasto per riavviare
(il sistema impiegherà più tempo in fase di avvio perchè lo script eseguirà l'eliminazione dei file trovati)
Finito il caricamento dovresti visualizzare il messaggio "Finished"
Premi un tasto per terminare lo script e ricaricare le icone del desktop
Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Scarica SDFix e salvalo sul Desktop
Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
Riavvia il sistema in modalità provvisoria F8
Apri la cartella SDFix in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
seleziona Y per avviare la pulizia
Quando richiesto premi un tasto per riavviare
(il sistema impiegherà più tempo in fase di avvio perchè lo script eseguirà l'eliminazione dei file trovati)
Finito il caricamento dovresti visualizzare il messaggio "Finished"
Premi un tasto per terminare lo script e ricaricare le icone del desktop
Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
riparto e poi faccio sapere..:)

riparto e poi faccio sapere..:)

OK

riparto e poi faccio sapere..:)

OK

Fatto SDFix come istruzioni!
Allego il file di LOG...

Fatto SDFix come istruzioni!
Allego il file di LOG...

Intanto è riapparso download787...:incazzed:

Intanto è riapparso download787...:incazzed:

Lo trovi in cronologia o si apre la pagina verso il famigerato

Lo trovi in cronologia o si apre la pagina verso il famigerato

Lo trovo solo in cronologia...:(
ora l'ho cancellato e per ora non c'è...

Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. Nella tabella seguente è disponibile un elenco completo delle impostazioni, insieme alle informazioni sulle impostazioni ripristinate o mantenute.

Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. Nella tabella seguente è disponibile un elenco completo delle impostazioni, insieme alle informazioni sulle impostazioni ripristinate o mantenute.

Quale tabella seguente?
Comunque provo....e poi ti faccio sapere..:)
grazie ancora per la pazienza:)

[QUOTE=Ebenezer;22645953]Quale tabella seguente?
QUOTE]

trovata...:)

[QUOTE=Ebenezer;22645953]Quale tabella seguente?
QUOTE]

trovata...:)

ti ho allegato la nota informativa, la sequenza è questa Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

riavvia e fammi sapere

Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. Nella tabella seguente è disponibile un elenco completo delle impostazioni, insieme alle informazioni sulle impostazioni ripristinate o mantenute.

allora ho fatto:

Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer cliccato su Reimposta - e quando viene fuori il messaggio di chiuderele altre finestre ho cliccato su ok.

Non da visibili segni di cambiamento...basta così?

allora ho fatto:

Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer cliccato su Reimposta - e quando viene fuori il messaggio di chiuderele altre finestre ho cliccato su ok.

Non da visibili segni di cambiamento...basta così?

si basta così cosa volevi vedere :D dimmi se risalta fuori quella rottura di download787

[QUOTE=Ebenezer;22645960]

ti ho allegato la nota informativa, la sequenza è questa Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

riavvia e fammi sapere

è ricomparsa...:(
Ho riacceso, ho aperto IE e non ho toccato altro....mi sono alzato per chiudere una finestra sono ritornato e nella cronologia è ricomparso...

download787 (vvv.download787.com)
sanity.php?1=1266671-10053

maledizione....

[QUOTE=Chill-Out;22645983]

è ricomparsa...:(
Ho riacceso, ho aperto IE e non ho toccato altro....mi sono alzato per chiudere una finestra sono ritornato e nella cronologia è ricomparso...

download787 (vvv.download787.com)
sanity.php?1=1266671-10053

maledizione....

comunque di buono c'è che non è più riapparsa oramai da ieri la "internet connection"...
forse la "cosa" nella cronologia è un rimasuglio innocuo...

Chill-Out ti ringrazio della pazienza..mi rifaccio vivo domani..

[QUOTE=Ebenezer;22646104]

comunque di buono c'è che non è più riapparsa oramai da ieri la "internet connection"...
forse la "cosa" nella cronologia è un rimasuglio innocuo...


E che cavolo :mad:

Di A-Squared non hai fatto la DEEP Scan sarebbe opportuno

Dr.Web® Scanner per Windows v4.44.5 (4.44.5.05200)
© Igor Daniloff, 1992-2008. All rights reserved.
Log generati su: 2008-05-27, 18:47:11 [USER][Marco]
Linea di Comando: "C:\DOCUME~1\Marco\IMPOST~1\Temp\RarSFX0\setup.exe" /lng:it-cureit.dwl /ini:setup_XP.ini
Sistema operativo:Windows XP Home Edition x86 (Build 2600), Service Pack 2
==========================================================
-----------------------------------------------------------------------------
Statistiche delle Scansioni
-----------------------------------------------------------------------------
Oggetti controllati: 179874
Trovati oggetti Infetti: 2
Trovato Oggetti modificati: 2
Trovato oggetti Sospetti: 0
Trovato Adware: 0
Trovato Dialer: 0
Trovato Joke: 0
Trovato Riskware: 0
Trovato Hacktool: 0
Oggetti curati: 0
Oggetti cancellati: 2
Oggetti rinominati: 0
Oggetti spostati: 2
Oggetti ignorati: 0
Velocità di scansione: 307 Kb/s
Durata scansione: 01:20:01



avrei bisogno di sapere il nome degli oggetti rilevati

[QUOTE=Ebenezer;22646121]


E che cavolo :mad:

Di A-Squared non hai fatto la DEEP Scan sarebbe opportuno



avrei bisogno di sapere il nome degli oggetti rilevati

se mi fai sapere cosa defo fare in A-Squared domani provo.
Di dr.Web non sono riuscito ad allegare il file completo era gigantesco (17.000 kb)...cosa ho sbagliato?

Se mi lasci istruzioni domani procedo e mi rifaccio vivo..
Ciao e buonanotte...:)

un ultima cosa...
15 min. fa circa ho eliminato dalla cronologia il download787 e ancora non riappare.... eppure è già passato molti minuti....probabilmente riparte solo quando riavvio il pc.

Ciao:)

ora te li rimando
DrWeb non ha rilevato nulla
PREVXcsi:system status :clean
http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/...80526-1507.xml
http://wikisend.com/download/594990/kasp.txt
rosa dai log sembri pulita, se non riscontri problemi dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.

rosa dai log sembri pulita, se non riscontri problemi dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.

ciao ti ho postato il log di sys inspector hai visto? pag 124 se non erro fammi sapere ciao

ciao ti ho postato il log di sys inspector hai visto? pag 124 se non erro fammi sapere ciao
visti i problemi avuti IE ti sconsiglio di usarlo, ma comunque dagli una resettata, verrà rimesso come appena uscito di fabbrica ;)

Strumenti -> Opzioni Internet -> Avanzate -> Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. .

un ultima cosa...
15 min. fa circa ho eliminato dalla cronologia il download787 e ancora non riappare.... eppure è già passato molti minuti....probabilmente riparte solo quando riavvio il pc.

Ciao:)

NB: ripristino configurazione sistema disattivato

Riesegui la pulizia con ATF Cleaner

Inserisci in Avenger questo Script

Files to delete:
C:\DOCUMENTS AND SETTINGS\MARCO\IMPOSTAZIONI LOCALI\TEMP\R1585287575.EXE
C:\DOCUMENTS AND SETTINGS\MARCO\IMPOSTAZIONI LOCALI\TEMP\R2656759356.EXE

Doppio click su A-Squared - Aggiorna ora terminato l'aGgiornamento clicca su Scansiona Pc e lanci una DEEP SCAN

Riepilogo log da allegare
Avenger
A-Squared
CureIt anche se di 17MB

hostali qui http://fileqube.com/ indica nel prossimo post il link dove prelevarli per il controllo
Ciao