View Full Version : [Guida] Eliminare il Dialer "Internet Connection" - leggere Regole di Sezione!!


Pagine : 1 2 3 4 5 6 7 8 9 [10] 11 12

xcdegasp
03-05-2008, 17:57
attraverso regedit? solo attraverso regedit? :)

Mikele87
03-05-2008, 17:58
Si x qst è strano.....ma poi xkè mi è riuscito? in regedit nn trovo nulla!

Mikele87
03-05-2008, 19:21
HiJackThis http://www.zshare.net/download/114725000962ef05/
Prevx CSI http://www.zshare.net/download/11472531ab1bfd5b/
A-Squared http://www.zshare.net/download/114725486a05c0a3/
Gmer http://www.zshare.net/download/1147256502015178/

Ho eseguito la guida alla disinfezione
Vi prego aiutatemi

xcdegasp
03-05-2008, 20:22
@ mikele87:
rifai la scansione con HiJackThis optando per "Scan Only", al termine il pulsante in basso a sinistra si chiamerà "Fix Checked", quindi seleziona le voci sugerite e premi tale tasto.


O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ASUS\IMPOST~1\Temp\DX9\SessionLauncher.exe (file missing)

fai esaminare C:\WINDOWS\system32\CTFMON.EXE su www.virustotal.com


log di prex:

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe InMem: 0 Det [B] MD5: E58A6C4C7EEE9263A8C5035B4324B410 PX5: B84AA90634BFBE5E31CA0033FFE0B400ACE6B199 Malware Group: Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe InMem: 0 Det [B] MD5: 2F741A0FC2EBD30170184C08719C1A58 PX5: B84AA90634BFBE5E31CA0033FFE0B4004E325E64 Malware Group: Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe InMem: 0 Det [B] MD5: EE49F6A4EEF8E05F7A7759AE4C2A8584 PX5: B84AA90634BFBE5E31CA0033FFE0B4005E2EFCCF Malware Group: Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe InMem: 0 Det [B] MD5: CAE9F0D99B2257CB6F516BD9DACE99EE PX5: B84AA90634BFBE5E31CA0033FFE0B400A9221682 Malware Group: Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe InMem: 0 Det [B] MD5: E9C8F0FEE2D3749498696FA0181BC64B PX5: B84AA90634BFBE5E31CA0033FFE0B400467E0D9E Malware Group: Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe InMem: 0 Det [B] MD5: 46F8B97828DE20DCD79DAAAE19694434 PX5: B84AA90634BFBE5E31CA0033FFE0B400226681CF Malware Group: Worm


Summary:

C:\Documents and Settings\ASUS\Desktop\runprevxcsi.exe - [G1] >> Hidden Process: 12148

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe - [B] >> Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe - [B] >> Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe - [B] >> Worm

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe - [B] >> Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe - [B] >> Malicious Software

C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe - [B] >> Worm

aggiorna a-squared-free e rifai la scansione con metodo DEEP Scan, metti tutto cio che trova in quarantena, poi esegui avenger e carica il seguente script:

Files to delete:
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe

Mikele87
03-05-2008, 20:31
Fatto!
Ora è tutto risolto?

xcdegasp
03-05-2008, 20:36
scusa, nel frattempo aggiornavo il mio messaggio con quello che vedevo :)
riguarda il mio precedente messaggio

Mikele87
03-05-2008, 20:41
DI CTFMON.EXE ce ne sono 2 poi altri con dei numeri quali devo prendere??

xcdegasp
03-05-2008, 20:42
quelli con i numeri tra loro sono uguali quindi ignorali... scansiona quei due e metti il link al risultato (basta che copi e incolli l'url del browser quando la scansione è finita)

Mikele87
03-05-2008, 20:46
Qst è il 1° http://www.virustotal.com/it/reanalisis.html?d0bba9959fa1eb08bce66df68c69c1bc

Qst il 2° http://www.virustotal.com/it/analisis/0d6b02738fe566f3c5add906a25ebb97

Mikele87
03-05-2008, 20:57
Ora continuo con le tue istruzioni?

xcdegasp
03-05-2008, 21:03
allora devi avviare avenger e caricare questo script:
Files to move:
C:\WINDOWS\system32\CTFMON.EXE | C:\WINDOWS\system32\CTFMON.EXE_vir
C:\WINDOWS\system32\CTFMON_.EXE | C:\WINDOWS\system32\CTFMON.EXE

Files to delete:
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1122048620.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r1208911340.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r2125386392.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r237087948.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r272809424.exe
C:\Documents and Settings\ASUS\Impostazioni locali\Temp\r3242504000.exe

Mikele87
03-05-2008, 21:09
Quando clicco su Execute mi dice Invalid Scripts
Come li inserisco con copia e incolla? xkè facendo cosi mi esce solo la prima linea il resto no
Leggendo ho notato ke qst advanger dovrebbe avere 1 lente di ingrandimento ma a me esce una finestra normale con 1 spazio bianco dove si inserisce qst scripts

Mikele87
03-05-2008, 21:49
L'ho copiato si è riavviato il pc ed è uscito qst
http://www.zshare.net/download/11478333bbaa1e18/

xò quella connessione maledetta c'è ankora

xcdegasp
03-05-2008, 22:09
ricontrolla in C:\WINDOWS\system32\ quanti ctfmon.exe esistano e poi

scarica ed esegui CCleaner (http://www.ccleaner.com/download/builds/downloading-portable) seguendo queste brevi indicazioni (non richiede installazione):
scompattare lo zip (possibilmente in una cartella creata solo per lui) e lanciare il file eseguibile ccleaner.exe, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
Avanzate e togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui;

Mikele87
03-05-2008, 22:12
ctfmon c'e ne sn 2 cn 2 icone diverse
poi ci sn i ctfmon con i numeri poi CTFMON.EXE_vir

xcdegasp
03-05-2008, 22:14
fammi un immagine (in formato jpg o png) o riporta gli esatti nomi dei due file :)

Mikele87
03-05-2008, 22:17
http://img181.imageshack.us/img181/3973/iuiiouh3.jpg

xcdegasp
03-05-2008, 22:22
fai "mostra come elenco" (pulsante estremo a destra mi sembra) ed espandi la colonna del nome se vedi che alcuni nomi non aparissero per intero :)
quindi rifai l'immagine, scusa ma come li visualizzavi non si capiva le differenze tra i due oggetti

Mikele87
03-05-2008, 22:24
skusa nn ho capito qst passaggio

Mikele87
03-05-2008, 22:28
Così?
http://img73.imageshack.us/img73/5200/iuiioae8.jpg

xcdegasp
03-05-2008, 22:35
perfeto, solo che manca ancora una cosa... devi visualizzare le "estensioni conosciute" quindi devi andare in opzioni cartella e nell'elenco togliere il fleghettino (segno di spunta) da "nascondi estensioni conosciute" :)

poi rifai l'immagine.. scusa ancora ma è una cosa che ti manca e prima non si vedeva :(

Mikele87
03-05-2008, 22:38
Non preoccuparti

http://img181.imageshack.us/img181/9632/iuiiorm9.jpg

xcdegasp
03-05-2008, 22:51
ok ora ci siamo!

carica questo script:
Files to move:
C:\WINDOWS\system32\CTFMON.EXE | C:\WINDOWS\system32\CTFMON.EXE_vir2
C:\WINDOWS\system32\CTFMON .EXE | C:\WINDOWS\system32\CTFMON.EXE

ma prima con HiJackThis fixa:

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Mikele87
03-05-2008, 22:53
skusa la tremenda ignoranza
il primo scripts con Avenger?
il secondo con HiJackThis? cm si fà?

quale dei 2 devo fare prima?

xcdegasp
03-05-2008, 23:05
prima hijackthis poi avenger

Mikele87
03-05-2008, 23:19
Fatto. qst è il log di avenger

http://www.zshare.net/download/114818135f982c4e/

xcdegasp
03-05-2008, 23:39
mi sa che hai incollato il log sbagliato e comunque cambia hoster perchè con zshare bisogna attendere ogni volta 1 minuto per scaricare il file...

Mikele87
03-05-2008, 23:43
Quando ho riavviato il pc mi è uscito quello.
ma ora è tt risolto?

http://www.sendspace.com/file/6q4gnn

xcdegasp
04-05-2008, 01:16
bene ora rifai un log con hijackthis e prevx :)
se puoi anche un log di findAWF

Mikele87
04-05-2008, 01:56
hijackthis http://www.sendspace.com/file/2b227
findAWF http://www.sendspace.com/file/4hmimp
prevx http://www.sendspace.com/file/xur61y

xcdegasp
04-05-2008, 03:03
il log hijackthis sembra irrangiungibile, ad ogni modo ora sembri pulito :)

Mikele87
05-05-2008, 17:08
http://www.sendspace.com/file/z90xww

Grazie 1000 davvero!

xcdegasp
05-05-2008, 17:16
http://www.sendspace.com/file/z90xww

Grazie 1000 davvero!

confermo sei pulito :)

Mikele87
05-05-2008, 21:07
NOOOOOOOOOOOOOOOOOOO
mi è riuscito!!!!:cry:

HijackThis http://www.sendspace.com/file/3r2d54

Qualke santo mi aiuti

Mikele87
05-05-2008, 22:19
Nn c'è nessuno????

wjmat
05-05-2008, 22:31
posta un nuovo log di findawf

Mikele87
05-05-2008, 22:33
http://www.sendspace.com/file/pp47uu

wjmat
05-05-2008, 22:48
Findawf è pulito, HjT segnala questo C:\WINDOWS\system32\ctfmon .exe
io seguirei qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

Mikele87
05-05-2008, 22:50
quindi devo ripetere le pocedure di disinfezione e ripostare i log qui?

wjmat
05-05-2008, 23:27
se segui la guida ti fai anche un controllo generale che non guasta mai, altrimenti aspetta il parere di qualcun'altro

xcdegasp
06-05-2008, 00:37
Fixa:

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmi\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

inoltre pensa seriamente a sostituire AcrobatReader con FoxitReader :)

laspapier
06-05-2008, 01:41
Ciao...ho un problema...il mio modem 56k dopo un pò si stacca e cerca di connetrsi con un'altra connessione che si crea automaticamente ma che vedendo le proprietà non chiama nessun numero..che cos'è?..comunque mando il log di awf... spero possiate aiutarmi. Grazie

xcdegasp
06-05-2008, 09:17
Ciao...ho un problema...il mio modem 56k dopo un pò si stacca e cerca di connetrsi con un'altra connessione che si crea automaticamente ma che vedendo le proprietà non chiama nessun numero..che cos'è?..comunque mando il log di awf... spero possiate aiutarmi. Grazie

eri stato infettato da questo dialer ma poi sei stato pulito.. controlla che il tuo antivirus sia settato correttamente se già lo fosse allora pensa ad un sostituto perchè hai fatto acqua ben due volte :)

segui questa semplice procedura pubblicando tutti i log:
http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

milan63
06-05-2008, 10:44
sorry

Francizio
06-05-2008, 10:59
Se possibile mi dai un occhio anche al mio dump ho un dialer ma non riesco a capire quale? certo che si divertono sti produttori...

....

grazie.

Scusa, dovresti editare il messaggio.
I log non si copiano come hai fatto tu. In prima pagina è spiegato a caratteri cubitali come inserire i log nelle discussioni.

wjmat
06-05-2008, 11:00
riedita il tuo post e CARICA CORRETTAMENTE I LOG SECONDO QUESTE REGOLE
Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comando Gestisci allegati nelle Opzioni aggiuntive
Clicca su Gestisci allegati -> Sfoglia -> Carica
Altrimenti caricali su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.

La tua versione di Hijackthis non è aggiornata....scarica da qui (http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip) l'ultima versione e mettila in una sua cartella dedicata, rifai la scansione e ricarica il nuovo log.

Poi anche il log di findawf

milan63
06-05-2008, 11:13
[QUOTE=milan63;22325864]Se possibile mi dai un occhio anche al mio dump ho un dialer ma non riesco a capire quale? certo che si divertono sti produttori...

wjmat
06-05-2008, 11:59
se non conosci queste voci fixale
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O2 - BHO: Class - {1101FE95-4E22-9B80-518E-EF505501739C} - C:\WINDOWS\qfllg1.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [rtwfc] "C:\DOCUME~1\giuseppe\IMPOST~1\Temp\1026312.exe"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Dati applicazioni\Proxy Long Chin Ping\four size.exe
O4 - HKCU\..\Run: [gmost.exe] C:\WINDOWS\system32\netdriver\service\gmost.exe
O4 - HKCU\..\Run: [Microsoft .Net Framework] C:\WINDOWS\system32\microsof\serv\servic.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

milan63
06-05-2008, 12:48
Grazie dopo provo e ti farò sapere.

xcdegasp
06-05-2008, 15:07
Se possibile mi dai un occhio anche al mio dump ho un dialer ma non riesco a capire quale? certo che si divertono sti produttori...

Fixa anche:

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN

milan63
06-05-2008, 22:07
Ho fixato tutti quelli consigliati e sembra a posto speriamo e grazie.

milan63
06-05-2008, 22:13
Parlato troppo presto si è aperto ancora qualcosa chi sa dirmi cosa devo ancora eliminare grazie anticipatamente.

milan63
06-05-2008, 22:21
avevo perso un pezzo

wjmat
07-05-2008, 00:06
allega il log di findawf come spiegato nella prima pagina

xcdegasp
07-05-2008, 00:30
avevo perso un pezzo
cambi sto antivirus, non è possibile che non è possibile infettarsi ogni 3 secondi... :muro:
mettiti Avira Antivir Classic che è free ed è efficacissimo :)

Fixa:

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - Global Startup: MediaChecker.lnk = C:\Programmi\HOTALBUMMyBOX\MediaChecker.exe
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab


dopo vai al link http://secunia.com/software_inspector/ e scansiona online il tuo pc, ti mostrerà l'elenco dei rpogrammi altamente critici da aggiornare assolutamente.
Valuta la possibilità di disinstallare Acrobat 7.0 in favore del più potente, leggero, veloce e sopratutto più sicuro FoxitReader (http://www.foxitsoftware.com/pdf/rd_intro.php) :)

alessio.computeria
07-05-2008, 17:07
aiuto

Nuz
09-05-2008, 10:29
aiuto

Questo è lo script che devi inserire in Avenger:

FIles to move:

C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\bak\bak\QTTask.exe | C:\Programmi\QuickTime\bak\QTTask.exe
C:\Programmi\QuickTime\bak\QTTask.exe | C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe | C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe | C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9HE.EXE | C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE



Al riavvio allega un nuovo log di findawf e il log di avenger.

jonpol
09-05-2008, 20:45
ecco il .txt fatto dal programma findAWF

rispondete al più presto

wjmat
09-05-2008, 20:58
ecco il .txt fatto dal programma findAWF

rispondete al più presto
è pulito quindi leggi qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

festaiolo
10-05-2008, 05:57
Ecco miei logs findawf and hijack.
Grazie mille per l'eventuale assistenza.

wjmat
10-05-2008, 09:29
devi seguire la guida, ma comincia a postare il log di a-squared scansione deep ( che è comunque il primo scan da fare anche in guida)
ciao

ziopeppe23
10-05-2008, 15:55
ciao, mi è comparsa tra le connessioni una nuova che si chiama internet connection. potete aiuarmi? grazie mille

wjmat
10-05-2008, 16:06
Leggi qui (http://www.hwupgrade.it/forum/showthread.php?t=1651594) e carica tutti i log richiesti secondo le modalità.

Modalità pubblicazione log
Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comando Gestisci allegati nelle Opzioni aggiuntive
Clicca su Gestisci allegati -> Sfoglia -> Carica
Altrimenti caricali su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.

ziopeppe23
10-05-2008, 16:18
Invio il mio log in allegato creato con FindAWF

festaiolo
10-05-2008, 20:34
devi seguire la guida, ma comincia a postare il log di a-squared scansione deep ( che è comunque il primo scan da fare anche in guida)
ciao

Non ho seguito la guida? Non ho visto che c'era da usare anche quest'altro programma. Ok prendo il log anche di questo.

jonpol
10-05-2008, 22:04
HO IL DIALER INTERNET CONNECTION E FACENDO LA SCANSIONE CON FINDAWF NON MI TROVA NIENTE! HO SEGUITO LA GUIDA X CHI HA QST TIPO PROBLEMA MA NIENTE: FINDAWF MI DA' SEMPRE LO STESSO TIPO PROBLEMA OVVERO NON TROVA NIENTE!

AIUTATEMI

Nuz
11-05-2008, 10:18
Invio il mio log in allegato creato con FindAWF

Hai le cartelle bak di una precedente infezione. Probabilmente hai il dialer Heuristic. Segui queste indicazioni:

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Nuz
11-05-2008, 10:22
HO IL DIALER INTERNET CONNECTION E FACENDO LA SCANSIONE CON FINDAWF NON MI TROVA NIENTE! HO SEGUITO LA GUIDA X CHI HA QST TIPO PROBLEMA MA NIENTE: FINDAWF MI DA' SEMPRE LO STESSO TIPO PROBLEMA OVVERO NON TROVA NIENTE!

AIUTATEMI

Scrivere in maiuscolo in un forum equivale ad urlare. Ti è stato già risposto qui:

http://www.hwupgrade.it/forum/showpost.php?p=22381286&postcount=2309

Devi eseguire questo:

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Fabryz60
12-05-2008, 14:45
questo è il mio log cosa devo fare?

wjmat
12-05-2008, 15:00
questo è il mio log cosa devo fare?
segui anche tu qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

ahriman666
12-05-2008, 18:28
Maledetto dialer infame,m'ha appestato di nuovo mi sa! :doh:
Chiedo nuovamente la vostra gentilissima assistenza :help:

Chill-Out
12-05-2008, 18:30
Maledetto dialer infame,m'ha appestato di nuovo mi sa! :doh:
Chiedo nuovamente la vostra gentilissima assistenza :help:

Segui questa Guida http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

jonpol
12-05-2008, 19:06
ho detto che ho seguito quella guida alla disinfezione ma niente! quindi fami sapere

wjmat
12-05-2008, 19:11
ho detto che ho seguito quella guida alla disinfezione ma niente! quindi fami sapere
ci servono i log per poter capire cos'hai....

Francizio
12-05-2008, 19:14
ho detto che ho seguito quella guida alla disinfezione ma niente! quindi fami sapere

Si ma se non posti i risultati delle scansioni nessuno potrà aiutarti...;)

jonpol
13-05-2008, 19:55
il log di findawf mi esce vuoto. ho eseguito la guida riguardo a qst problema ma niente il log esce vuoto.

AIUTO!

wjmat
13-05-2008, 20:03
aver seguito la guida vuol dire fornirci questi log:

-log di A-squared scansione deep aggiornato ad oggi
-log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
-log di Dr.Web CureIT scaricato oggi
-log di ESET SysInspector
-log di HiJackThis
-log di Gmer
-log di PrevxCSI

teoricamente basterebbe la scansione deep di a-squared ma se questa non ha trovato nulla è un buon motivo per seguire tutta la guida ;)

Francizio
13-05-2008, 20:07
il log di findawf mi esce vuoto. ho eseguito la guida riguardo a qst problema ma niente il log esce vuoto.

AIUTO!

Non riesco a capire cosa tu faccia, ma è impossibile che tutti i log delle scansioni di FindAWF e di quelle della Guida per Infetti ti escano completamente bianchi e privi di testo.

Francizio
13-05-2008, 20:09
aver seguito la guida vuol dire fornirci questi log:

-log di A-squared scansione deep aggiornato ad oggi
-log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
-log di Dr.Web CureIT scaricato oggi
-log di ESET SysInspector
-log di HiJackThis
-log di Gmer
-log di PrevxCSI

teoricamente basterebbe la scansione deep di a-squared ma se questa non ha trovato nulla è un buon motivo per seguire tutta la guida ;)

;)

E mi sembra alquanto strano che i log escano totalmente "vuoti"...

Una cosa è dire che escano puliti, un'altra è dire che siano vuoti...

fati
15-05-2008, 19:59
Salve..qualcuno può aiutarmi per favore? Mi riappare di continuo la connessione internet connection nonostante la rimuovo :-( Ho scaricato Findawf e questo è ciò che mi esce...................:-SSS
p.s. ci capisco ben poco

wjmat
15-05-2008, 21:04
x fati
segui qui (http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763)

robicisti
16-05-2008, 01:42
Ciao!!

Ho allefato il log di FindAWF

Attendo script da copiare

wjmat
16-05-2008, 02:32
Ciao!!

Ho allefato il log di FindAWF

Attendo script da copiare
questo è lo script
Files to move:
C:\Programmi\Grisoft\AVG7\bak\avgcc.exe | C:\Programmi\Grisoft\AVG7\avgcc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
poi log di avenger e nuovo di findawf
ciao

pulpfiction422
16-05-2008, 22:38
Ragazzi..ho sempre seguito i vostri consigli e sempre sono stati preziosissimi... purtroppo 'sto "internet connection" ora non va piu' via...sembro pulito ma ad ogni connessione il dialer maledetto ricompare...non so piu' che fare.

xcdegasp
16-05-2008, 23:48
Ragazzi..ho sempre seguito i vostri consigli e sempre sono stati preziosissimi... purtroppo 'sto "internet connection" ora non va piu' via...sembro pulito ma ad ogni connessione il dialer maledetto ricompare...non so piu' che fare.

è pulito, procedi con il seguire la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

pulpfiction422
17-05-2008, 02:09
è pulito, procedi con il seguire la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

non c'e' niente da fare ricompare sempre....sono ormai rassegnato...mi toccca fare una formattazione?

Francizio
17-05-2008, 03:58
non c'e' niente da fare ricompare sempre....sono ormai rassegnato...mi toccca fare una formattazione?

No, semplicemente devi attenerti a quanto ti ha detto xcdegasp:

è pulito, procedi con il seguire la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

Quindi pdevi eseguire tutte le scansioni della guida, e poi devi postare in questa discussione i risultati di ciascuna scansione, in modo che chi di competenza possa darti assistenza.

Se ti limit a dire che non c'è nulla da fare e non posti i log delle scansioni difficilmente qualcuno potrà aiutarti.;)

Lord Khaos
17-05-2008, 12:03
Ciao a tutti, sono nuovo di qui, vorrei sapere se potete aiutarmi a rimuovere dal pc questo fastidioso dialer che interrompe la mia connessione adsl.
Ho fatto la scansione con "FindAWF" come ho letto sul forum e allego il report che ne risulta, spero in un vostro aiuto perchè non so come fare.
Grazie a tutti e saluti.

Nuz
17-05-2008, 12:08
Ciao a tutti, sono nuovo di qui, vorrei sapere se potete aiutarmi a rimuovere dal pc questo fastidioso dialer che interrompe la mia connessione adsl.
Ho fatto la scansione con "FindAWF" come ho letto sul forum e allego il report che ne risulta, spero in un vostro aiuto perchè non so come fare.
Grazie a tutti e saluti.

E' necessario che tu esegua la guida alla disinfezione. Segui quanto suggerito in questo link:

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

:)

viviana85
17-05-2008, 13:00
awf.txt (http://wikisend.com/download/610738/awf.txt)

http://wikisend.com/download/610738/awf.txt

SAlve,
mi aiutate please?
aWF MI HA DATO un log vuoto e l'ho postato come avete scritto voi su wikisend...questi che ho scritto sopra sono i link (uno era download e uno forumlink) non so quale vi serva per aiutarmi e li scrivo entrambi.
Ora cosa dovrei fare?
Grazie. Ma questi dialer sono proprio rompi, perchè la gente si diverte a creare virus?????

xcdegasp
17-05-2008, 13:12
awf.txt (http://wikisend.com/download/610738/awf.txt)

http://wikisend.com/download/610738/awf.txt

SAlve,
mi aiutate please?
aWF MI HA DATO un log vuoto e l'ho postato come avete scritto voi su wikisend...questi che ho scritto sopra sono i link (uno era download e uno forumlink) non so quale vi serva per aiutarmi e li scrivo entrambi.
Ora cosa dovrei fare?
Grazie. Ma questi dialer sono proprio rompi, perchè la gente si diverte a creare virus?????

log puliti, segui la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nel'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

Francizio
17-05-2008, 13:13
awf.txt (http://wikisend.com/download/610738/awf.txt)

http://wikisend.com/download/610738/awf.txt

SAlve,
mi aiutate please?
aWF MI HA DATO un log vuoto e l'ho postato come avete scritto voi su wikisend...questi che ho scritto sopra sono i link (uno era download e uno forumlink) non so quale vi serva per aiutarmi e li scrivo entrambi.
Ora cosa dovrei fare?
Grazie. Ma questi dialer sono proprio rompi, perchè la gente si diverte a creare virus?????


Benvenuta.

Il log è pulito.

Clicca sul link che ti lascio sotto e segui le istruzioni.

http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Mi raccomando di postare tutti i log delle scansioni che devi fare seguendo la guida per infetti.

Chill-Out
17-05-2008, 13:19
Ciao il tuo log è pulito segui queste indicazioni http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Trustnt1
17-05-2008, 15:14
Ciao ragazzi ho postato qualche tempo fa i log di awf, ho ottenuto risposta e ho fatto tutte le operazioni.. ma credo di essere stato di nuovo contagiato da questo dialer.. quindi vi riposto i log di awf..
Grazie 1000, ciao!

Francizio
17-05-2008, 15:25
Ciao ragazzi ho postato qualche tempo fa i log di awf, ho ottenuto risposta e ho fatto tutte le operazioni.. ma credo di essere stato di nuovo contagiato da questo dialer.. quindi vi riposto i log di awf..
Grazie 1000, ciao!

Ciao.

Copia questo script in Avenger:



Files to move:

C:\Programmi\AntiVir PersonalEdition Classic\bak\avgnt.exe | C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Auto Power-on\bak\AutoPowerOn.exe | C:\Programmi\Auto Power-on\AutoPowerOn.exe
C:\Programmi\D-Tools\bak\daemon.exe | C:\Programmi\D-Tools\daemon.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\SB Drive Det\bak\SBDrvDet.exe | C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe
C:\Programmi\Creative\Shared Files\bak\CTSched.exe | C:\Programmi\Creative\Shared Files\CTSched.exe
C:\Programmi\Creative\Sync Manager Unicode\bak\CTSyncU.exe | C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe | C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\NVRTClk\bak\NVRTClk.exe | C:\WINDOWS\system32\NVRTClk\NVRTClk.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Creative\Creative ZEN\ZEN Media Explorer\bak\CTCheck.exe | C:\Programmi\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Programmi\Creative\MediaSource\Go\bak\CTCMSGo.exe | C:\Programmi\Creative\MediaSource\Go\CTCMSGo.exe
C:\Programmi\Creative\MediaSource\RemoteControl\bak\RcMan.exe | C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE | C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe | C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\Shared Files\Media Sniffer\bak\MtdAcq.EXE | C:\Programmi\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe



Dopo il riavvio del pc posta un nuovo log di FindAWF.

Trustnt1
17-05-2008, 16:10
Ciao! Grazie 1000 per la risposta velocissima.. ho fatto quello che mi hai detto e ho riavviato, ecco i nuovi log.
ancora grazie tante

xcdegasp
17-05-2008, 16:41
Ciao! Grazie 1000 per la risposta velocissima.. ho fatto quello che mi hai detto e ho riavviato, ecco i nuovi log.
ancora grazie tante

perfetto, ora le cartelle bak rimanenti le puoi eliminare manualmente :)

Lord Khaos
17-05-2008, 16:42
ciao ragazzi,
ho un' infezione del dialer internet connection, volevo mandare il txt con il report di AWF ma mi risultava vuoto (ma perchè poi mentre ad altri non succede?), quindi come mi è stato consigliato ho seguito la procedura per pc infetti che mi è stata suggerita qui da un utente che ringrazio, quindi pubblico i risultati dei vari controlli sperando che qualcuno ci capisca qualcosa e mi aiuti (non pubblico i controlli che non hanno dato riscontro), la prossima volta con tutti i virus che girano mi compro un MAC!
Grazie a tutti ragazzi.

xcdegasp
17-05-2008, 16:48
ciao ragazzi,
ho un' infezione del dialer internet connection, volevo mandare il txt con il report di AWF ma mi risultava vuoto (ma perchè poi mentre ad altri non succede?), quindi come mi è stato consigliato ho seguito la procedura per pc infetti che mi è stata suggerita qui da un utente che ringrazio, quindi pubblico i risultati dei vari controlli sperando che qualcuno ci capisca qualcosa e mi aiuti (non pubblico i controlli che non hanno dato riscontro), la prossima volta con tutti i virus che girano mi compro un MAC!
Grazie a tutti ragazzi.

non devi unire i file! rifai i log e lasciali singoli, inviali su uno dei server consigliati e incolla il solo link al download con magari affianco il nome del file :)

Lord Khaos
17-05-2008, 17:48
ok grazie, ho separato i log, posto i link:

scansione con:
_ F-Secure http://wikisend.com/download/793676/F-Secure.txt
_ HiJackThis http://wikisend.com/download/608574/HiJackThis.txt
_ A-Squared http://wikisend.com/download/538128/A-Squared free.txt

xcdegasp
17-05-2008, 17:51
manca dr.web, prevxCsi, SysInspector :)

xcdegasp
17-05-2008, 17:54
ok grazie, ho separato i log, posto i link:

scansione con:
_ F-Secure http://wikisend.com/download/793676/F-Secure.txt
_ HiJackThis http://wikisend.com/download/608574/HiJackThis.txt
_ A-Squared http://wikisend.com/download/538128/A-Squared free.txt
F-secure:
Trojan.Win32.Pakes.cup (virus)
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\HPHMON05.EXE
C:\WINDOWS\SYSTEM32\NEROCHECK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\PROGRAMMI\THRUSTMASTER\FUNACCESS\PSPAP .EXE (Renamed & Submitted)
C:\PROGRAMMI\MULTIMEDIA CARD READER\SHWICON2K.EXE
C:\PROGRAMMI\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\HPHUPD05 .EXE
C:\PROGRAMMI\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\HPHUPD05.EXE
C:\PROGRAMMI\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAMMI\HP\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAMMI\HP\DIGITAL IMAGING\BIN\BACKUPNOTIFY.EXE
C:\PROGRAMMI\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAMMI\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\HP\KBD\KBD.EXE

il log di a-squared è stranamente vuoto quindi rifallo e poi rifai anche quello di HiJackThis :)

Lord Khaos
18-05-2008, 13:32
ragazzi, mi consigliate un antivirus free che sia davvero efficace secondo voi e che magari sia in italiano?
grazie!:D

xcdegasp
18-05-2008, 13:55
ragazzi, mi consigliate un antivirus free che sia davvero efficace secondo voi e che magari sia in italiano?
grazie!:D

Avira Antivir Classic o chiedi nel thread specifico: Antivirus Free (http://www.hwupgrade.it/forum/showthread.php?t=1380769)

cusna
19-05-2008, 22:46
Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie

Chill-Out
19-05-2008, 23:06
Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie

Allegami un log di questo tool, grazie.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

cusna
20-05-2008, 00:24
Allegami un log di questo tool, grazie.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Intanto grazie a te...
allego qui perchè sono tre righe:


Ran on 19/05/2008 - 23.22.06,18

xcdegasp
20-05-2008, 00:24
Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie
Fixa:

O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S87.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Luca\IMPOST~1\Temp\{BE88B6E5-6562-43FB-B2F7-0912086DF8EF}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0010"
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck .exe


:)

cusna
20-05-2008, 00:29
Fixa:

O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S87.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Luca\IMPOST~1\Temp\{BE88B6E5-6562-43FB-B2F7-0912086DF8EF}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0010"
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck .exe


:)

Fixata... riprovo.. speriamo...

wjmat
20-05-2008, 00:55
Ciao,
ho eliminato i file copia creati dal dialer, sostituendoli con quelli originali
nella cartella \bak.
Pensavo di avere risolto in quanto il log di FindAWF è pulito ma purtroppo ogni tanto, specialmente se uso la connessione remota via modem si sconnette e appare la connessione remota chiamata "internet connection".:muro:
Ho eseguito la procedura senza file duplicati facendo varie scansioni con diversi programmi.
Posto alcuni log sperando in un aiuto prima di formattare..:(
Grazie
sbaglio o a-squared non l'hai fatto in scansione deep....

Chill-Out
20-05-2008, 00:55
Fixata... riprovo.. speriamo...

Allega un nuovo log c'è qualcosa che non mi convince

robicisti
20-05-2008, 01:30
Ve lo avevo già mandato un file Awf, voi mi avete mandato lo script, però al momento di eseguirlo mi dice "invalid script".
Mi potete inviare lo script aggiornato ed eventualmente dirmi come posso fare ad eseguirlo.
Grazie!!!

wjmat
20-05-2008, 01:37
Nel nuovo log di awf non ci sono duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

Se poi non bastasse la segui fino in fondo.

cusna
20-05-2008, 09:29
Allega un nuovo log c'è qualcosa che non mi convince

Nuovo log:

Chill-Out
20-05-2008, 10:33
Nuovo log:

In riferimento a questo post, hai messo RenV in una cartella dedicata sul Desktop?
http://www.hwupgrade.it/forum/showpost.php?p=22524992&postcount=2357 inoltre i dici che ci sono tre righe ma io ne vedo una.

Ran on 19/05/2008 - 23.22.06,18

cusna
20-05-2008, 11:38
@ Chill-Out, no non ho creato una cartella dedicata sul desktop...
devo creare una cartella e chiamarla con qualsiasi nome oppure come.
Le righe sono 3 perchè ci sono anche i tag [**code] e [**/code]
in realtà è solo 1 come vedi nel post
Grazie

xcdegasp
20-05-2008, 13:21
@ Chill-Out, no non ho creato una cartella dedicata sul desktop...
devo creare una cartella e chiamarla con qualsiasi nome oppure come.
Le righe sono 3 perchè ci sono anche i tag [**code] e [**/code]
in realtà è solo 1 come vedi nel post
Grazie

crea una directory e metticelo dentro :)

cusna
20-05-2008, 13:45
Creato la directory sul desktop
lanciato RenV.. allego il log che è come prima
allego anche il log della scansione deep di a-squared ma non ha trovato nulla
a parte VNC

Chill-Out
20-05-2008, 13:47
Creato la directory sul desktop
lanciato RenV.. allego il log che è come prima
allego anche il log della scansione deep di a-squared ma non ha trovato nulla
a parte VNC

Di recente hai percaso avuto problemi col Trojan Vundo?

cusna
20-05-2008, 14:22
Di recente hai percaso avuto problemi col Trojan Vundo?

Il pc è di un amico, non so se ha avuto problemi con vundo, provo a chiederlo, anche se credo non sappia rispondermi

festaiolo
21-05-2008, 02:22
devi seguire la guida, ma comincia a postare il log di a-squared scansione deep ( che è comunque il primo scan da fare anche in guida)
ciao

ecco il log chiestomi, grazie, ciao.

wjmat
21-05-2008, 09:06
ecco il log chiestomi, grazie, ciao.
non ha trovato nulla, a questo punto devi seguire tutta la guida.

Ricapitolando, dopo aver disabilitato il ripristino di sistema, fatto la pulizia dei file inutili e cancellato gli asd con ADS Scanner, vogliamo necessariamente in ordine (altrimenti dovrai comunque rifarli):

log di A-squared scansione deep aggiornato ad oggi già fatta
log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
log di Dr.Web CureIT scaricato oggi
log di ESET SysInspector
log di HiJackThis
log di Gmer
log di PrevxCSI

eureka63
21-05-2008, 11:35
Forse l'ho preso anch'io e sto seguendo tutte le guide on-line e lanciando tutti i tool possibili e immaginabili ma senza successo al momento.

Non ho però trovato descrizioni dettagliate su questo malware (ammesso che questa sia la denominazione esatta). Dov'è descritto? Che numero tenta di chiamare?

Anche a me compare sempre "Internet Connection 000"

xcdegasp
21-05-2008, 12:17
Forse l'ho preso anch'io e sto seguendo tutte le guide on-line e lanciando tutti i tool possibili e immaginabili ma senza successo al momento.

Non ho però trovato descrizioni dettagliate su questo malware (ammesso che questa sia la denominazione esatta). Dov'è descritto? Che numero tenta di chiamare?

Anche a me compare sempre "Internet Connection 000"
basta che segui il primo messaggio di questa discussione non serve altro :)

eureka63
21-05-2008, 12:49
basta che segui il primo messaggio di questa discussione non serve altro :)

Ho provato, ma FindAWF non mi trova niente. Stavo provando altra roba perchè l'antivirus presente non trovava niente fino a un momento fa.

Poi mi è venuta una illuminazione :winner:

Ho appena aggiornato il mio antivirus Avast (prendendo il DB tramite un'altro computer connesso a internet) e mi sta finalmente trovando i due malware:


win32: Dialer-1378
win32: Dropper-AII

È di questi due che si sta trattando in questo thread?

wjmat
21-05-2008, 14:13
vorremmo vedere il log ma se le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato a d oggi e poi alleghi il log

eureka63
21-05-2008, 18:37
vorremmo vedere il log ma se le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato a d oggi e poi alleghi il log
Son tutte cose che avevo già fatto ma senza concludere niente (purtoppo i log non ce li ho più).
Comunque con Avast sembra essere andato tutto a posto. Nessuno sa niente di quei due menzionati sopra? Qual'è il nome del malware di cui si parla in questo thread?

xcdegasp
21-05-2008, 18:47
Son tutte cose che avevo già fatto ma senza concludere niente (purtoppo i log non ce li ho più).
Comunque con Avast sembra essere andato tutto a posto. Nessuno sa niente di quei due menzionati sopra? Qual'è il nome del malware di cui si parla in questo thread?
quelli che hai te son tutt'altra cosa quindi segui la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737), rispettando l'ordine nell'esecuzione e pubblicando tutti i log usando uno dei metodi censiti nelle Regole di Sezione. :)

rosa39
22-05-2008, 20:42
ciao a tutti sono nuova di questo forum..qualche giorno fa ho scritto su un'altro forum perchè mi ritrovo internet connection tra le connessioni..io ho alice adsl ..ora non mi crea fastidi ma qualche giorno fa mi cadeva la connessione in continuazine..cmq nell'altro forum mi hanno dato delle indicazioni per come toglierlo...in questo indirizzo ci sono i vari passaggi
http://www.p2pforum.it/forum/showthread.php?t=305744&page=2
dopo aver fatto tutto quello che mi è stato consigliato internet connection la trovo ancora tra le connessioni ... qualcuno mi può aiutare tenendo presente la mia scarsa conoscenza in pc?

cla8686
22-05-2008, 20:47
da qualche giorno mi compare una internet connection
spero possiate aiutarmi a risolvere il problema e spero di aver postato bene i log

grazie


Dr.Web CureIT nessun virus rilevato

PrevxCSI rileva un virus ma non compare l'icone nella traybar e non riesco a spuntare l'opzione negli strumenti

a-squared Free - Version 3.5
Last update: N/A

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 20/05/2008 23.16.09

C:\Documents and Settings\Utente\Cookies\utente@190[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@atdmt[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@atdmt[3].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@bs.serving-sys[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@casalemedia[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@doubleclick[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@doubleclick[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@serving-sys[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Utente\Cookies\utente@serving-sys[3].txt rilevati: Trace.TrackingCookie

Scansionati

Files: 1705
Tracce: 397918
Cookies: 114
Processi: 37

Rilevato

Files: 0
Tracce: 0
Cookies: 9
Processi: 0
Chiavi registro: 0

Fine scansione: 20/05/2008 23.22.40
Tempo scansione: 0:06:31



Scan
----
Scanned: 664
Detected: 0
Untreated: 0
Start time: 20/05/2008 23.46.42
Duration: 00.08.41
Finish time: 20/05/2008 23.55.23


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
20/05/2008 23.46.54 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe ok scanned
20/05/2008 23.46.54 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe ok scanned
20/05/2008 23.46.54 Running module: C:\WINDOWS\system32\ntdll.dll ok scanned
20/05/2008 23.46.54 File: C:\WINDOWS\system32\ntdll.dll ok scanned
20/05/2008 23.46.54 Running module: C:\WINDOWS\system32\kernel32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\kernel32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prremote.dll ok scanned
20/05/2008 23.46.55 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prremote.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\RPCRT4.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\ADVAPI32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\Secur32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\Secur32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\USER32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\USER32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\system32\GDI32.dll ok scanned
20/05/2008 23.46.55 File: C:\WINDOWS\system32\GDI32.dll ok scanned
20/05/2008 23.46.55 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll ok scanned
20/05/2008 23.46.56 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll ok scanned
20/05/2008 23.46.56 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll ok scanned
20/05/2008 23.46.56 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll ok scanned
20/05/2008 23.46.56 Running module: C:\WINDOWS\system32\msvcrt.dll ok scanned
20/05/2008 23.46.56 File: C:\WINDOWS\system32\msvcrt.dll ok scanned
20/05/2008 23.46.56 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\FSSync.dll ok scanned
20/05/2008 23.46.56 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\FSSync.dll ok scanned
20/05/2008 23.46.56 Running module: C:\WINDOWS\system32\SHELL32.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\SHELL32.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\SHLWAPI.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\ole32.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\ole32.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\IMM32.DLL ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\system32\IMM32.DLL ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned
20/05/2008 23.46.58 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok scanned
20/05/2008 23.46.58 Running module: C:\WINDOWS\system32\uxtheme.dll ok scanned
20/05/2008 23.46.59 File: C:\WINDOWS\system32\uxtheme.dll ok scanned
20/05/2008 23.46.59 Running module: C:\WINDOWS\system32\MSCTF.dll ok scanned
20/05/2008 23.46.59 File: C:\WINDOWS\system32\MSCTF.dll ok scanned
20/05/2008 23.46.59 Running module: C:\WINDOWS\system32\msctfime.ime ok scanned
20/05/2008 23.46.59 File: C:\WINDOWS\system32\msctfime.ime ok scanned
20/05/2008 23.47.00 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\AVPGS.PPL ok scanned
20/05/2008 23.47.00 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\AVPGS.PPL ok scanned
20/05/2008 23.47.00 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prloader.dll ok scanned
20/05/2008 23.47.01 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prloader.dll ok scanned
20/05/2008 23.47.01 Running module: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prkernel.ppl ok scanned
20/05/2008 23.47.01 File: C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\prkernel.ppl ok scanned
20/05/2008 23.47.02 Running module: C:\WINDOWS\system32\userenv.dll ok scanned
20/05/2008 23.47.03 File: C:\WINDOWS\system32\userenv.dll ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\pxstub.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\pxstub.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\params.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\params.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\dtreg.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\dtreg.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\nfio.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\nfio.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\fsdrvplg.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\fsdrvplg.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\mkavio.ppl ok scanned
20/05/2008 23.47.03 File: c:\documents and settings\all users\desktop\kaspersky lab tool\mkavio.ppl ok scanned
20/05/2008 23.47.03 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\tempfile.ppl ok scanned
20/05/2008 23.47.04 File: c:\documents and settings\all users\desktop\kaspersky lab tool\tempfile.ppl ok scanned
20/05/2008 23.47.04 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\avpgui.ppl ok scanned
20/05/2008 23.47.04 File: c:\documents and settings\all users\desktop\kaspersky lab tool\avpgui.ppl ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\WININET.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch
20/05/2008 23.47.04 File: C:\WINDOWS\system32\WININET.dll//PE_Patch ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\WININET.dll ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\Normaliz.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\Normaliz.dll ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\iertutil.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\iertutil.dll ok scanned
20/05/2008 23.47.04 Running module: C:\WINDOWS\system32\OLEAUT32.dll ok scanned
20/05/2008 23.47.04 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned
20/05/2008 23.47.05 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\basegui.ppl ok scanned
20/05/2008 23.47.05 File: c:\documents and settings\all users\desktop\kaspersky lab tool\basegui.ppl ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\VERSION.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\VERSION.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\WS2_32.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\WS2_32.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\WS2HELP.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\COMRes.dll ok scanned
20/05/2008 23.47.05 File: C:\WINDOWS\system32\COMRes.dll ok scanned
20/05/2008 23.47.05 Running module: C:\WINDOWS\system32\xpsp2res.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned
20/05/2008 23.47.06 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\thpimpl.ppl ok scanned
20/05/2008 23.47.06 File: c:\documents and settings\all users\desktop\kaspersky lab tool\thpimpl.ppl ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\fltlib.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\fltlib.dll ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\wtsapi32.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\wtsapi32.dll ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\WINSTA.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\WINSTA.dll ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\NETAPI32.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned
20/05/2008 23.47.06 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\qb.ppl ok scanned
20/05/2008 23.47.06 File: c:\documents and settings\all users\desktop\kaspersky lab tool\qb.ppl ok scanned
20/05/2008 23.47.06 Running module: C:\WINDOWS\system32\appHelp.dll ok scanned
20/05/2008 23.47.06 File: C:\WINDOWS\system32\appHelp.dll ok scanned
20/05/2008 23.47.07 Running module: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL ok scanned
20/05/2008 23.47.07 File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL ok scanned
20/05/2008 23.47.07 Running module: C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL ok scanned
20/05/2008 23.47.07 File: C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL ok scanned
20/05/2008 23.47.07 Running module: C:\WINDOWS\system32\CRYPT32.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\system32\MSASN1.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\MSASN1.dll ok scanned
20/05/2008 23.47.08 Running module: C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL ok scanned
20/05/2008 23.47.08 File: C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\system32\rsaenh.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\rsaenh.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\system32\MSImg32.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\system32\MSImg32.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\System32\cscui.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\System32\cscui.dll ok scanned
20/05/2008 23.47.08 Running module: C:\WINDOWS\System32\CSCDLL.dll ok scanned
20/05/2008 23.47.08 File: C:\WINDOWS\System32\CSCDLL.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\SETUPAPI.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\winmm.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\winmm.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\wdmaud.drv ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\wdmaud.drv ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\WINTRUST.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned
20/05/2008 23.47.09 Running module: C:\WINDOWS\system32\msacm32.drv ok scanned
20/05/2008 23.47.09 File: C:\WINDOWS\system32\msacm32.drv ok scanned
20/05/2008 23.47.10 Running module: C:\WINDOWS\system32\MSACM32.dll ok scanned
20/05/2008 23.47.10 File: C:\WINDOWS\system32\MSACM32.dll ok scanned
20/05/2008 23.47.10 Running module: C:\WINDOWS\system32\midimap.dll ok scanned
20/05/2008 23.47.10 File: C:\WINDOWS\system32\midimap.dll ok scanned
20/05/2008 23.47.10 Running module: C:\Programmi\IncrediMail\bin\B4ImApp.dll ok scanned
20/05/2008 23.47.10 File: C:\Programmi\IncrediMail\bin\B4ImApp.dll ok scanned
20/05/2008 23.47.10 Running module: c:\documents and settings\all users\desktop\kaspersky lab tool\report.ppl ok scanned
20/05/2008 23.47.10 File: c:\documents and settings\all users\desktop\kaspersky lab tool\report.ppl ok scanned
20/05/2008 23.47.10 File: c:\windows\system32\mmdrv.dll ok scanned
20/05/2008 23.47.11 File: c:\windows\system\timer.drv ok scanned
20/05/2008 23.47.11 File: c:\windows\system32\mshta.exe ok scanned
20/05/2008 23.47.12 File: C:\WINDOWS\system32\notepad.exe ok scanned
20/05/2008 23.47.12 File: c:\windows\regedit.exe ok scanned
20/05/2008 23.47.14 File: c:\programmi\gretech\gomplayer\gom.exe ok scanned
20/05/2008 23.47.15 File: c:\programmi\microsoft office\office12\msaccess.exe ok scanned
20/05/2008 23.47.16 File: C:\WINDOWS\system32\accwiz.exe ok scanned
20/05/2008 23.47.16 File: c:\programmi\windows media player\wmplayer.exe ok scanned
20/05/2008 23.47.17 File: c:\windows\system32\rundll32.exe ok scanned
20/05/2008 23.47.17 File: c:\windows\system32\cryptext.dll ok scanned
20/05/2008 23.47.18 File: c:\programmi\outlook express\wab.exe ok scanned
20/05/2008 23.47.18 File: c:\windows\hh.exe ok scanned
20/05/2008 23.47.18 File: c:\windows\system32\clipbrd.exe ok scanned
20/05/2008 23.47.20 File: c:\progra~1\micros~2\office12\excel.exe ok scanned
20/05/2008 23.47.21 File: C:\WINDOWS\system32\rundll32.exe ok scanned
20/05/2008 23.47.21 File: c:\windows\system32\netshell.dll ok scanned
20/05/2008 23.47.21 File: c:\windows\system32\shimgvw.dll ok scanned
20/05/2008 23.47.21 File: c:\programmi\microsoft office\office12\excel.exe ok scanned
20/05/2008 23.47.22 File: C:\WINDOWS\explorer.exe ok scanned
20/05/2008 23.47.22 File: C:\WINDOWS\system32\fontview.exe ok scanned
20/05/2008 23.47.22 File: c:\programmi\internet explorer\iexplore.exe ok scanned
20/05/2008 23.47.24 File: c:\progra~1\micros~2\office12\groove.exe packed file PE_Patch
20/05/2008 23.47.24 File: c:\progra~1\micros~2\office12\groove.exe//PE_Patch ok scanned
20/05/2008 23.47.24 File: c:\progra~1\micros~2\office12\groove.exe ok scanned
20/05/2008 23.47.24 File: c:\windows\system32\msconf.dll ok scanned
20/05/2008 23.47.25 File: c:\windows\winhlp32.exe ok scanned
20/05/2008 23.47.25 File: C:\WINDOWS\system32\winhlp32.exe ok scanned
20/05/2008 23.47.25 File: c:\programmi\windows nt\hypertrm.exe ok scanned
20/05/2008 23.47.27 File: c:\programmi\java\jre1.6.0_05\bin\javaw.exe ok scanned
20/05/2008 23.47.27 File: c:\programmi\java\jre1.6.0_05\bin\javaws.exe ok scanned
20/05/2008 23.47.28 File: C:\WINDOWS\system32\wscript.exe ok scanned
20/05/2008 23.47.28 File: c:\programmi\microsoft office\office12\mstore.exe packed file PE_Patch
20/05/2008 23.47.28 File: c:\programmi\microsoft office\office12\mstore.exe//PE_Patch ok scanned
20/05/2008 23.47.29 File: c:\programmi\microsoft office\office12\mstore.exe ok scanned
20/05/2008 23.47.30 File: C:\WINDOWS\system32\ntbackup.exe ok scanned
20/05/2008 23.47.31 File: C:\WINDOWS\system32\mmc.exe ok scanned
20/05/2008 23.47.32 File: C:\WINDOWS\system32\shell32.dll ok scanned
20/05/2008 23.47.33 File: C:\WINDOWS\system32\desk.cpl ok scanned
20/05/2008 23.47.35 File: c:\progra~1\micros~2\office12\ois.exe packed file PE_Patch
20/05/2008 23.47.35 File: c:\progra~1\micros~2\office12\ois.exe//PE_Patch ok scanned
20/05/2008 23.47.35 File: c:\progra~1\micros~2\office12\ois.exe ok scanned
20/05/2008 23.47.36 File: C:\WINDOWS\system32\rasphone.exe ok scanned
20/05/2008 23.47.36 File: C:\WINDOWS\system32\perfmon.exe ok scanned
20/05/2008 23.47.38 File: c:\programmi\cyberlink\powerdvd\powerdvd.exe ok scanned
20/05/2008 23.47.38 File: c:\programmi\microsoft office\office12\powerpnt.exe ok scanned
20/05/2008 23.47.38 File: c:\windows\system32\msrating.dll ok scanned
20/05/2008 23.47.39 File: c:\programmi\windows nt\accessori\wordpad.exe ok scanned
20/05/2008 23.47.39 File: c:\windows\notepad.exe ok scanned
20/05/2008 23.47.39 File: c:\windows\explorer.exe ok scanned
20/05/2008 23.47.41 File: c:\programmi\cyberlink\common\updateipr.exe ok scanned
20/05/2008 23.47.42 File: C:\WINDOWS\system32\wpnpinst.exe ok scanned
20/05/2008 23.47.45 File: c:\programmi\microsoft office\office12\winword.exe ok scanned
20/05/2008 23.47.46 File: c:\windows\system32\shell32.dll ok scanned
20/05/2008 23.47.49 File: c:\windows\system32\drwtsn32.exe ok scanned
20/05/2008 23.47.49 File: c:\windows\system32\userinit.exe ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\crypt32.dll ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\cryptnet.dll ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\cscdll.dll ok scanned
20/05/2008 23.47.50 File: c:\windows\system32\wlnotify.dll ok scanned
20/05/2008 23.47.51 File: c:\windows\system32\sclgntfy.dll ok scanned
20/05/2008 23.47.51 File: c:\windows\system32\wgalogon.dll ok scanned
20/05/2008 23.47.51 File: c:\programmi\microsoft office\office12\groovemonitor.exe packed file PE_Patch
20/05/2008 23.47.51 File: c:\programmi\microsoft office\office12\groovemonitor.exe//PE_Patch ok scanned
20/05/2008 23.47.51 File: c:\programmi\microsoft office\office12\groovemonitor.exe ok scanned
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe packed file PE_Patch.UPX
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.52 File: c:\windows\system32\rmctrl.exe ok scanned
20/05/2008 23.47.52 File: c:\progra~1\grisoft\avg7\avgcc.exe ok scanned
20/05/2008 23.47.52 File: c:\programmi\quicktime\qttask.exe ok scanned
20/05/2008 23.47.53 File: c:\programmi\itunes\ituneshelper.exe ok scanned
20/05/2008 23.47.53 File: c:\windows\soundman.exe ok scanned
20/05/2008 23.47.53 File: c:\windows\system32\stmctrl.dll ok scanned
20/05/2008 23.47.53 File: c:\windows\system\cmicnfg.cpl ok scanned
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe packed file PE_Patch.UPX
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.54 File: c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe ok scanned
20/05/2008 23.47.54 File: c:\programmi\java\jre1.6.0_05\bin\jusched.exe//# ok scanned
20/05/2008 23.47.54 File: c:\programmi\java\jre1.6.0_05\bin\jusched.exe ok scanned
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe packed file PE_Patch.UPX
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\nortek keyboard application\ps2usbkbddrv.exe ok scanned
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe packed file PE_Patch.UPX
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe//PE_Patch.UPX ok scanned
20/05/2008 23.47.55 File: c:\programmi\file comuni\ahead\lib\nerocheck.exe ok scanned
20/05/2008 23.47.56 File: c:\documents and settings\all users\desktop\kaspersky lab tool\setup_7.0.0.180_18.05.2008_00-35.exe ok scanned
20/05/2008 23.47.57 File: c:\windows\system32\ctfmon.exe ok scanned
20/05/2008 23.47.58 File: c:\progra~1\grisoft\avg7\avgw.exe ok scanned
20/05/2008 23.47.58 File: c:\windows\system32\runonce.exe ok scanned
20/05/2008 23.48.00 File: c:\programmi\incredimail\bin\incmail.exe ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe packed file PE_Patch.PECompact
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact packed file PecBundle
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact//PecBundle packed file PECompact
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact//PecBundle//PECompact ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact//PecBundle ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe//PE_Patch.PECompact ok scanned
20/05/2008 23.48.01 File: c:\programmi\adobe\acrobat 7.0\reader\adobeupdatemanager.exe ok scanned
20/05/2008 23.48.03 File: C:\WINDOWS\system32\alrsvc.dll ok scanned
20/05/2008 23.48.03 File: C:\WINDOWS\system32\appmgmts.dll ok scanned
20/05/2008 23.48.03 File: C:\WINDOWS\system32\audiosrv.dll ok scanned
20/05/2008 23.48.04 File: c:\windows\system32\qmgr.dll ok scanned
20/05/2008 23.48.04 File: C:\WINDOWS\system32\browser.dll ok scanned
20/05/2008 23.48.05 File: C:\WINDOWS\system32\cryptsvc.dll ok scanned
20/05/2008 23.48.05 File: C:\WINDOWS\system32\rpcss.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\dhcpcsvc.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\dmserver.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\dnsrslvr.dll ok scanned
20/05/2008 23.48.06 File: C:\WINDOWS\system32\ersvc.dll ok scanned
20/05/2008 23.48.07 File: c:\windows\system32\es.dll ok scanned
20/05/2008 23.48.07 File: C:\WINDOWS\system32\shsvcs.dll ok scanned
20/05/2008 23.48.07 File: C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll ok scanned
20/05/2008 23.48.08 File: C:\WINDOWS\system32\hidserv.dll ok scanned
20/05/2008 23.48.08 File: C:\WINDOWS\system32\w3ssl.dll ok scanned
20/05/2008 23.48.08 File: C:\WINDOWS\system32\srvsvc.dll ok scanned
20/05/2008 23.48.09 File: C:\WINDOWS\system32\wkssvc.dll ok scanned
20/05/2008 23.48.09 File: C:\WINDOWS\system32\lmhsvc.dll ok scanned
20/05/2008 23.48.09 File: C:\WINDOWS\system32\msgsvc.dll ok scanned
20/05/2008 23.48.10 File: C:\WINDOWS\system32\netman.dll ok scanned
20/05/2008 23.48.11 File: C:\WINDOWS\system32\mswsock.dll ok scanned
20/05/2008 23.48.12 File: C:\WINDOWS\system32\ntmssvc.dll ok scanned
20/05/2008 23.48.13 File: C:\WINDOWS\system32\rasauto.dll ok scanned
20/05/2008 23.48.14 File: C:\WINDOWS\system32\rasmans.dll ok scanned
20/05/2008 23.48.14 File: C:\WINDOWS\system32\mprdim.dll ok scanned
20/05/2008 23.48.14 File: C:\WINDOWS\system32\regsvc.dll ok scanned
20/05/2008 23.48.15 File: C:\WINDOWS\system32\schedsvc.dll ok scanned
20/05/2008 23.48.15 File: C:\WINDOWS\system32\seclogon.dll ok scanned
20/05/2008 23.48.15 File: C:\WINDOWS\system32\sens.dll ok scanned
20/05/2008 23.48.16 File: C:\WINDOWS\system32\ipnathlp.dll ok scanned
20/05/2008 23.48.16 File: c:\windows\system32\srsvc.dll ok scanned
20/05/2008 23.48.17 File: C:\WINDOWS\system32\ssdpsrv.dll ok scanned
20/05/2008 23.48.17 File: C:\WINDOWS\system32\wiaservc.dll ok scanned
20/05/2008 23.48.18 File: C:\WINDOWS\system32\tapisrv.dll ok scanned
20/05/2008 23.48.19 File: C:\WINDOWS\system32\termsrv.dll ok scanned
20/05/2008 23.48.19 File: C:\WINDOWS\system32\trkwks.dll ok scanned
20/05/2008 23.48.19 File: C:\WINDOWS\system32\upnphost.dll ok scanned
20/05/2008 23.48.20 File: c:\windows\system32\w32time.dll ok scanned
20/05/2008 23.48.20 File: C:\WINDOWS\system32\webclnt.dll ok scanned
20/05/2008 23.48.21 File: C:\WINDOWS\system32\wbem\wmisvc.dll ok scanned
20/05/2008 23.48.21 File: c:\windows\system32\mspmsnsv.dll ok scanned
20/05/2008 23.48.22 File: C:\WINDOWS\system32\advapi32.dll ok scanned
20/05/2008 23.48.22 File: C:\WINDOWS\system32\wscsvc.dll ok scanned
20/05/2008 23.48.22 File: c:\windows\system32\wuauserv.dll ok scanned
20/05/2008 23.48.23 File: C:\WINDOWS\system32\wudfsvc.dll ok scanned
20/05/2008 23.48.23 File: C:\WINDOWS\system32\wzcsvc.dll ok scanned
20/05/2008 23.48.23 File: C:\WINDOWS\system32\xmlprov.dll ok scanned
20/05/2008 23.48.27 File: c:\windows\system32\drivers\61883.sys ok scanned
20/05/2008 23.48.28 File: c:\programmi\a-squared free\a2service.exe packed file PE_Patch.UPX
20/05/2008 23.48.29 File: c:\programmi\a-squared free\a2service.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.48.30 File: c:\programmi\a-squared free\a2service.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.48.32 File: c:\programmi\a-squared free\a2service.exe//PE_Patch.UPX ok scanned
20/05/2008 23.48.32 File: c:\programmi\a-squared free\a2service.exe ok scanned
20/05/2008 23.48.33 File: c:\windows\system32\drivers\acpi.sys ok scanned
20/05/2008 23.48.33 File: c:\windows\system32\drivers\aec.sys ok scanned
20/05/2008 23.48.33 File: C:\WINDOWS\system32\drivers\afd.sys ok scanned
20/05/2008 23.48.34 File: c:\windows\system32\drivers\alcxwdm.sys ok scanned
20/05/2008 23.48.35 File: C:\WINDOWS\system32\svchost.exe ok scanned
20/05/2008 23.48.36 File: C:\WINDOWS\system32\alg.exe ok scanned
20/05/2008 23.48.36 File: c:\windows\system32\drivers\arp1394.sys ok scanned
20/05/2008 23.48.37 File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe packed file PE_Patch
20/05/2008 23.48.37 File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe//PE_Patch ok scanned
20/05/2008 23.48.37 File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\asyncmac.sys ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\atapi.sys ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\atmarpc.sys ok scanned
20/05/2008 23.48.38 File: c:\windows\system32\drivers\audstub.sys ok scanned
20/05/2008 23.48.39 File: c:\windows\system32\drivers\avc.sys ok scanned
20/05/2008 23.48.39 File: c:\progra~1\grisoft\avg7\avgamsvr.exe ok scanned
20/05/2008 23.48.39 File: C:\WINDOWS\system32\drivers\avg7core.sys ok scanned
20/05/2008 23.48.40 File: C:\WINDOWS\system32\drivers\avg7rsw.sys ok scanned
20/05/2008 23.48.40 File: C:\WINDOWS\system32\drivers\avg7rsxp.sys ok scanned
20/05/2008 23.48.40 File: c:\progra~1\grisoft\avg7\avgupsvc.exe ok scanned
20/05/2008 23.48.41 File: C:\WINDOWS\system32\drivers\avgclean.sys ok scanned
20/05/2008 23.48.41 File: c:\progra~1\grisoft\avg7\avgemc.exe ok scanned
20/05/2008 23.48.41 File: C:\WINDOWS\system32\drivers\avgtdi.sys ok scanned
20/05/2008 23.48.42 File: c:\windows\system32\drivers\ccdecode.sys ok scanned
20/05/2008 23.48.42 File: c:\windows\system32\drivers\cdrom.sys ok scanned
20/05/2008 23.48.42 File: C:\WINDOWS\system32\cisvc.exe ok scanned
20/05/2008 23.48.42 File: C:\WINDOWS\system32\clipsrv.exe ok scanned
20/05/2008 23.48.43 File: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe ok scanned
20/05/2008 23.48.44 File: c:\windows\system32\drivers\cmuda.sys ok scanned
20/05/2008 23.48.44 File: c:\windows\system32\dllhost.exe ok scanned
20/05/2008 23.48.45 File: c:\programmi\prevxcsi\prevxcsi.exe packed file UPX
20/05/2008 23.48.46 File: c:\programmi\prevxcsi\prevxcsi.exe//UPX ok scanned
20/05/2008 23.48.53 File: c:\programmi\prevxcsi\prevxcsi.exe ok scanned
20/05/2008 23.48.54 File: c:\windows\system32\drivers\disk.sys ok scanned
20/05/2008 23.48.55 File: C:\WINDOWS\system32\dmadmin.exe ok scanned
20/05/2008 23.48.55 File: c:\windows\system32\drivers\dmboot.sys packed file PE_Patch
20/05/2008 23.48.58 File: c:\windows\system32\drivers\dmboot.sys//PE_Patch ok scanned
20/05/2008 23.48.58 File: c:\windows\system32\drivers\dmboot.sys ok scanned
20/05/2008 23.48.58 File: c:\windows\system32\drivers\dmio.sys ok scanned
20/05/2008 23.48.59 File: c:\windows\system32\drivers\dmload.sys ok scanned
20/05/2008 23.49.00 File: c:\windows\system32\drivers\dmusic.sys ok scanned
20/05/2008 23.49.00 File: c:\windows\system32\drivers\drmkaud.sys ok scanned
20/05/2008 23.49.01 File: C:\WINDOWS\system32\services.exe ok scanned
20/05/2008 23.49.01 File: c:\windows\system32\svchost.exe ok scanned
20/05/2008 23.49.02 File: c:\windows\system32\drivers\fdc.sys ok scanned
20/05/2008 23.49.03 File: c:\windows\system32\drivers\flpydisk.sys ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\fltmgr.sys packed file PE_Patch
20/05/2008 23.49.04 File: c:\windows\system32\drivers\fltmgr.sys//PE_Patch ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\fltmgr.sys ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\ftdisk.sys ok scanned
20/05/2008 23.49.04 File: c:\windows\system32\drivers\gameenum.sys ok scanned
20/05/2008 23.49.05 File: c:\windows\system32\drivers\gearaspiwdm.sys ok scanned
20/05/2008 23.49.05 File: c:\windows\system32\drivers\msgpc.sys ok scanned
20/05/2008 23.49.05 File: c:\windows\system32\drivers\hidusb.sys ok scanned
20/05/2008 23.49.06 File: c:\windows\system32\drivers\http.sys ok scanned
20/05/2008 23.49.06 File: c:\windows\system32\drivers\i8042prt.sys ok scanned
20/05/2008 23.49.07 File: c:\windows\system32\drivers\imapi.sys ok scanned
20/05/2008 23.49.08 File: c:\windows\system32\imapi.exe ok scanned
20/05/2008 23.49.09 File: c:\windows\system32\drivers\ip6fw.sys ok scanned
20/05/2008 23.49.10 File: c:\windows\system32\drivers\ipfltdrv.sys ok scanned
20/05/2008 23.49.10 File: c:\windows\system32\drivers\ipinip.sys ok scanned
20/05/2008 23.49.11 File: c:\windows\system32\drivers\ipnat.sys ok scanned
20/05/2008 23.49.14 File: c:\programmi\ipod\bin\ipodservice.exe ok scanned
20/05/2008 23.49.15 File: c:\windows\system32\drivers\ipsec.sys ok scanned
20/05/2008 23.49.15 File: c:\windows\system32\drivers\irenum.sys ok scanned
20/05/2008 23.49.16 File: c:\windows\system32\drivers\isapnp.sys ok scanned
20/05/2008 23.49.16 File: c:\windows\system32\drivers\kbdclass.sys ok scanned
20/05/2008 23.49.17 File: c:\windows\system32\drivers\kbdhid.sys ok scanned
20/05/2008 23.49.17 File: c:\windows\system32\drivers\klif.sys ok scanned
20/05/2008 23.49.18 File: c:\windows\system32\drivers\kmixer.sys ok scanned
20/05/2008 23.49.19 File: c:\programmi\file comuni\microsoft shared\vs7debug\mdm.exe ok scanned
20/05/2008 23.49.19 File: c:\programmi\microsoft office\office12\grooveauditservice.exe ok scanned
20/05/2008 23.49.19 File: c:\windows\system32\mnmsrvc.exe ok scanned
20/05/2008 23.49.19 File: c:\windows\system32\drivers\motmodem.sys ok scanned
20/05/2008 23.49.20 File: c:\windows\system32\drivers\mouclass.sys ok scanned
20/05/2008 23.49.20 File: c:\windows\system32\drivers\mouhid.sys ok scanned
20/05/2008 23.49.21 File: c:\windows\system32\drivers\mrxdav.sys packed file PE_Patch
20/05/2008 23.49.22 File: c:\windows\system32\drivers\mrxdav.sys//PE_Patch ok scanned
20/05/2008 23.49.23 File: c:\windows\system32\drivers\mrxdav.sys ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\drivers\mrxsmb.sys packed file PE_Patch
20/05/2008 23.49.24 File: c:\windows\system32\drivers\mrxsmb.sys//PE_Patch ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\drivers\mrxsmb.sys ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\msdtc.exe ok scanned
20/05/2008 23.49.24 File: c:\windows\system32\drivers\msdv.sys ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\msiexec.exe ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\drivers\mskssrv.sys ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\drivers\mspclock.sys ok scanned
20/05/2008 23.49.25 File: c:\windows\system32\drivers\mspqm.sys ok scanned
20/05/2008 23.49.26 File: c:\windows\system32\drivers\mssmbios.sys ok scanned
20/05/2008 23.49.26 File: c:\windows\system32\drivers\mstee.sys ok scanned
20/05/2008 23.49.26 File: c:\windows\system32\drivers\msmpu401.sys ok scanned
20/05/2008 23.49.27 File: c:\windows\system32\drivers\nabtsfec.sys ok scanned
20/05/2008 23.49.29 File: c:\programmi\nero\nero 7\nero backitup\nbservice.exe ok scanned
20/05/2008 23.49.29 File: c:\windows\system32\drivers\nchssvad.sys ok scanned
20/05/2008 23.49.29 File: c:\windows\system32\drivers\ndisip.sys ok scanned
20/05/2008 23.49.29 File: c:\windows\system32\drivers\ndistapi.sys ok scanned
20/05/2008 23.49.30 File: c:\windows\system32\drivers\ndisuio.sys ok scanned
20/05/2008 23.49.30 File: c:\windows\system32\drivers\ndiswan.sys ok scanned
20/05/2008 23.49.31 File: c:\windows\system32\drivers\netbios.sys ok scanned
20/05/2008 23.49.32 File: c:\windows\system32\drivers\netbt.sys ok scanned
20/05/2008 23.49.33 File: C:\WINDOWS\system32\netdde.exe ok scanned
20/05/2008 23.49.33 File: C:\WINDOWS\system32\lsass.exe ok scanned
20/05/2008 23.49.34 File: c:\windows\system32\drivers\nic1394.sys ok scanned
20/05/2008 23.49.34 File: c:\programmi\file comuni\ahead\lib\nmindexingservice.exe ok scanned
20/05/2008 23.49.35 File: c:\windows\system32\drivers\nwlnkflt.sys ok scanned
20/05/2008 23.49.35 File: c:\windows\system32\drivers\nwlnkfwd.sys ok scanned
20/05/2008 23.49.35 File: c:\programmi\file comuni\microsoft shared\office12\odserv.exe packed file PE_Patch
20/05/2008 23.49.36 File: c:\programmi\file comuni\microsoft shared\office12\odserv.exe//PE_Patch ok scanned
20/05/2008 23.49.36 File: c:\programmi\file comuni\microsoft shared\office12\odserv.exe ok scanned
20/05/2008 23.49.36 File: c:\windows\system32\drivers\ohci1394.sys ok scanned
20/05/2008 23.49.37 File: c:\programmi\file comuni\microsoft shared\source engine\ose.exe ok scanned
20/05/2008 23.49.37 File: c:\windows\system32\drivers\parport.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\pci.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\pciide.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\pcouffin.sys ok scanned
20/05/2008 23.49.38 File: c:\windows\system32\drivers\raspptp.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\processr.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\psched.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\ptilink.sys ok scanned
20/05/2008 23.49.39 File: c:\windows\system32\drivers\pxark.sys ok scanned
20/05/2008 23.49.40 File: c:\windows\system32\drivers\rasacd.sys ok scanned
20/05/2008 23.49.40 File: c:\windows\system32\drivers\rasl2tp.sys ok scanned
20/05/2008 23.49.40 File: c:\windows\system32\drivers\raspppoe.sys ok scanned
20/05/2008 23.49.41 File: c:\windows\system32\drivers\raspti.sys ok scanned
20/05/2008 23.49.41 File: c:\windows\system32\drivers\rdbss.sys ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\drivers\rdpcdd.sys ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\drivers\rdpdr.sys ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\sessmgr.exe ok scanned
20/05/2008 23.49.42 File: c:\windows\system32\drivers\redbook.sys ok scanned
20/05/2008 23.49.43 File: C:\WINDOWS\system32\locator.exe ok scanned
20/05/2008 23.49.43 File: c:\windows\system32\rpcss.dll ok scanned
20/05/2008 23.49.43 File: C:\WINDOWS\system32\rsvp.exe ok scanned
20/05/2008 23.49.43 File: c:\windows\system32\drivers\s3mt3d.sys ok scanned
20/05/2008 23.49.43 File: C:\WINDOWS\system32\scardsvr.exe ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\secdrv.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\serenum.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\serial.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\sisagp.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\sisnic.sys ok scanned
20/05/2008 23.49.44 File: c:\windows\system32\drivers\slip.sys ok scanned
20/05/2008 23.49.45 File: c:\windows\system32\drivers\sonypvu1.sys ok scanned
20/05/2008 23.49.45 File: c:\windows\system32\drivers\splitter.sys ok scanned
20/05/2008 23.49.45 File: C:\WINDOWS\system32\spoolsv.exe ok scanned
20/05/2008 23.49.45 File: C:\WINDOWS\system32\drivers\sr.sys packed file PE_Patch
20/05/2008 23.49.45 File: C:\WINDOWS\system32\drivers\sr.sys//PE_Patch ok scanned
20/05/2008 23.49.45 File: C:\WINDOWS\system32\drivers\sr.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\srv.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\stmatm.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\streamip.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\swenum.sys ok scanned
20/05/2008 23.49.46 File: c:\windows\system32\drivers\swmidi.sys ok scanned
20/05/2008 23.49.47 File: c:\windows\system32\drivers\sysaudio.sys ok scanned
20/05/2008 23.49.47 File: C:\WINDOWS\system32\smlogsvc.exe ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\drivers\torususb.sys ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\drivers\tcpip.sys ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\drivers\termdd.sys ok scanned
20/05/2008 23.49.48 File: c:\windows\system32\tlntsvr.exe ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\update.sys ok scanned
20/05/2008 23.49.49 File: C:\WINDOWS\system32\ups.exe ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\usbccgp.sys ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\usbehci.sys ok scanned
20/05/2008 23.49.49 File: c:\windows\system32\drivers\usbhub.sys ok scanned
20/05/2008 23.49.50 File: c:\windows\system32\drivers\usbohci.sys ok scanned
20/05/2008 23.49.50 File: c:\windows\system32\drivers\usbscan.sys ok scanned
20/05/2008 23.49.50 File: c:\windows\system32\drivers\usbstor.sys ok scanned
20/05/2008 23.49.50 File: c:\programmi\windows live\messenger\usnsvc.exe ok scanned
20/05/2008 23.49.50 File: C:\WINDOWS\system32\drivers\vga.sys ok scanned
20/05/2008 23.49.51 File: C:\WINDOWS\system32\vssvc.exe ok scanned
20/05/2008 23.49.51 File: c:\windows\system32\drivers\wanarp.sys ok scanned
20/05/2008 23.49.51 File: c:\windows\system32\drivers\wdf01000.sys ok scanned
20/05/2008 23.49.52 File: c:\windows\system32\drivers\wdmaud.sys ok scanned
20/05/2008 23.49.52 File: c:\programmi\windows live\installer\wlsetupsvc.exe ok scanned
20/05/2008 23.49.52 File: c:\windows\system32\wbem\wmiapsrv.exe ok scanned
20/05/2008 23.49.53 File: c:\programmi\windows media player\wmpnetwk.exe ok scanned
20/05/2008 23.49.53 File: c:\windows\system32\drivers\wstcodec.sys ok scanned
20/05/2008 23.49.53 File: c:\windows\system32\drivers\wudfpf.sys ok scanned
20/05/2008 23.49.53 File: c:\windows\system32\drivers\wudfrd.sys ok scanned
20/05/2008 23.49.55 File: c:\windows\system32\autochk.exe ok scanned
20/05/2008 23.49.56 File: c:\windows\system32\ieudinit.exe ok scanned
20/05/2008 23.49.57 File: c:\windows\inf\unregmp2.exe ok scanned
20/05/2008 23.49.58 File: c:\windows\system32\ie4uinit.exe ok scanned
20/05/2008 23.49.58 File: c:\windows\system32\iedkcs32.dll ok scanned
20/05/2008 23.49.58 File: C:\WINDOWS\system32\shmgrate.exe ok scanned
20/05/2008 23.49.59 File: C:\WINDOWS\system32\regsvr32.exe ok scanned
20/05/2008 23.49.59 File: C:\WINDOWS\system32\themeui.dll ok scanned
20/05/2008 23.50.00 File: C:\Programmi\outlook express\setup50.exe//# ok scanned
20/05/2008 23.50.00 File: C:\Programmi\outlook express\setup50.exe ok scanned
20/05/2008 23.50.00 File: c:\windows\system32\user.exe ok scanned
20/05/2008 23.50.00 File: c:\windows\system32\advpack.dll ok scanned
20/05/2008 23.50.01 File: c:\windows\inf\msnetmtg.inf ok scanned
20/05/2008 23.50.01 File: c:\windows\inf\wmp11.inf ok scanned
20/05/2008 23.50.01 File: c:\windows\system32\regsvr32.exe ok scanned
20/05/2008 23.50.02 File: c:\windows\system32\mscories.dll ok scanned
20/05/2008 23.50.02 File: c:\windows\system32\comm.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\vga.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\mmsystem.dll ok scanned
20/05/2008 23.50.02 File: c:\windows\system\keyboard.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\mouse.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system\wfwnet.drv ok scanned
20/05/2008 23.50.02 File: c:\windows\system32\progman.exe ok scanned
20/05/2008 23.50.03 File: c:\windows\system\sound.drv ok scanned
20/05/2008 23.50.03 File: c:\windows\system\system.drv ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\midimap.dll ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\imaadp32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msadp32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msg711.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msgsm32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\tssoft32.acm ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\iccvid.dll ok scanned
20/05/2008 23.50.03 File: c:\windows\system32\msh263.drv ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\ir32_32.dll ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\ir41_32.ax ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\iyuv_32.dll ok scanned
20/05/2008 23.50.04 File: c:\windows\system32\msrle32.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msvidc32.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msyuv.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\tsbyuv.dll ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msacm32.drv ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\wdmaud.drv ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msg723.acm ok scanned
20/05/2008 23.50.05 File: c:\windows\system32\msh261.drv ok scanned
20/05/2008 23.50.06 File: c:\windows\system32\msaud32.acm ok scanned
20/05/2008 23.50.06 File: c:\windows\system32\sl_anet.acm ok scanned
20/05/2008 23.50.06 File: c:\windows\system32\iac25_32.ax ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\ir50_32.dll ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\l3codeca.acm ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\sirenacm.dll ok scanned
20/05/2008 23.50.07 File: c:\windows\system32\msaud32_divx.acm packed file PECompact
20/05/2008 23.50.08 File: c:\windows\system32\msaud32_divx.acm//PECompact ok scanned
20/05/2008 23.50.08 File: c:\windows\system32\msaud32_divx.acm ok scanned
20/05/2008 23.50.09 File: c:\windows\system32\xvidvfw.dll ok scanned
20/05/2008 23.50.09 File: c:\windows\system32\vfwwdm32.dll ok scanned
20/05/2008 23.50.09 File: c:\windows\system32\webcheck.dll ok scanned
20/05/2008 23.50.10 File: c:\windows\system32\stobject.dll ok scanned
20/05/2008 23.50.11 File: c:\windows\system32\wpdshserviceobj.dll ok scanned
20/05/2008 23.50.11 File: c:\windows\system32\logon.scr ok scanned
20/05/2008 23.50.12 File: C:\WINDOWS\system32\logon.scr ok scanned
20/05/2008 23.50.12 File: c:\windows\system32\ssflwbox.scr ok scanned
20/05/2008 23.50.12 File: C:\WINDOWS\system32\browseui.dll ok scanned
20/05/2008 23.50.13 File: c:\progra~1\micros~2\office12\gra8e1~1.dll ok scanned
20/05/2008 23.50.14 File: c:\windows\system32\mmsys.cpl ok scanned
20/05/2008 23.50.15 File: c:\windows\system32\icmui.dll ok scanned
20/05/2008 23.50.15 File: c:\windows\system32\rshx32.dll ok scanned
20/05/2008 23.50.17 File: c:\windows\system32\docprop.dll ok scanned
20/05/2008 23.50.19 File: c:\windows\system32\ntshrui.dll ok scanned
20/05/2008 23.50.20 File: c:\windows\system32\deskadp.dll ok scanned
20/05/2008 23.50.21 File: c:\windows\system32\deskmon.dll ok scanned
20/05/2008 23.50.24 File: c:\windows\system32\dssec.dll ok scanned
20/05/2008 23.50.24 File: c:\windows\system32\slayerxp.dll ok scanned
20/05/2008 23.50.24 File: c:\windows\system32\shscrap.dll ok scanned
20/05/2008 23.50.25 File: c:\windows\system32\diskcopy.dll ok scanned
20/05/2008 23.50.27 File: c:\windows\system32\ntlanui2.dll ok scanned
20/05/2008 23.50.31 File: C:\WINDOWS\system32\icmui.dll ok scanned
20/05/2008 23.50.46 File: c:\windows\system32\printui.dll ok scanned
20/05/2008 23.50.46 File: c:\windows\system32\dskquoui.dll ok scanned
20/05/2008 23.50.48 File: c:\windows\system32\syncui.dll ok scanned
20/05/2008 23.50.51 File: c:\windows\system32\hticons.dll ok scanned
20/05/2008 23.50.51 File: c:\windows\system32\fontext.dll ok scanned
20/05/2008 23.50.53 File: c:\windows\system32\deskperf.dll ok scanned
20/05/2008 23.50.56 File: c:\windows\system32\wiashext.dll ok scanned
20/05/2008 23.50.58 File: c:\windows\system32\remotepg.dll ok scanned
20/05/2008 23.50.58 File: c:\windows\system32\wshext.dll ok scanned
20/05/2008 23.51.00 File: c:\programmi\file comuni\system\ole db\oledb32.dll ok scanned
20/05/2008 23.51.02 File: c:\windows\system32\mstask.dll ok scanned
20/05/2008 23.51.03 File: C:\WINDOWS\system32\shdocvw.dll ok scanned
20/05/2008 23.51.03 File: c:\windows\system32\wuaucpl.cpl ok scanned
20/05/2008 23.51.05 File: C:\WINDOWS\system32\twext.dll ok scanned
20/05/2008 23.51.06 File: C:\WINDOWS\system32\shmedia.dll ok scanned
20/05/2008 23.51.17 File: c:\windows\system32\ieframe.dll ok scanned
20/05/2008 23.51.23 File: c:\windows\system32\sendmail.dll ok scanned
20/05/2008 23.51.23 File: c:\windows\system32\occache.dll ok scanned
20/05/2008 23.51.25 File: C:\WINDOWS\system32\webcheck.dll ok scanned
20/05/2008 23.51.27 File: C:\WINDOWS\system32\appwiz.cpl ok scanned
20/05/2008 23.51.29 File: C:\WINDOWS\system32\shimgvw.dll ok scanned
20/05/2008 23.51.31 File: C:\WINDOWS\system32\netplwiz.dll ok scanned
20/05/2008 23.51.32 File: C:\WINDOWS\system32\zipfldr.dll ok scanned
20/05/2008 23.51.34 File: c:\windows\system32\extmgr.dll ok scanned
20/05/2008 23.51.34 File: c:\windows\system32\msieftp.dll ok scanned
20/05/2008 23.51.34 File: c:\windows\system32\docprop2.dll ok scanned
20/05/2008 23.51.39 File: C:\WINDOWS\system32\dsquery.dll ok scanned
20/05/2008 23.51.41 File: C:\WINDOWS\system32\dsuiext.dll ok scanned
20/05/2008 23.51.41 File: C:\WINDOWS\system32\mydocs.dll ok scanned
20/05/2008 23.51.43 File: C:\WINDOWS\system32\cscui.dll ok scanned
20/05/2008 23.51.45 File: c:\windows\msagent\agentpsh.dll ok scanned
20/05/2008 23.51.48 File: c:\windows\system32\dfsshlex.dll ok scanned
20/05/2008 23.51.49 File: C:\WINDOWS\system32\photowiz.dll ok scanned
20/05/2008 23.51.50 File: C:\WINDOWS\system32\mmcshext.dll ok scanned
20/05/2008 23.51.51 File: c:\windows\system32\cabview.dll ok scanned
20/05/2008 23.51.51 File: c:\programmi\outlook express\wabfind.dll ok scanned
20/05/2008 23.51.52 File: c:\windows\system32\wmpshell.dll ok scanned
20/05/2008 23.51.55 File: c:\programmi\winrar\rarext.dll ok scanned
20/05/2008 23.51.56 File: c:\programmi\file comuni\microsoft shared\web folders\msonsext.dll ok scanned
20/05/2008 23.51.58 File: c:\progra~1\micros~2\office12\onfilter.dll ok scanned
20/05/2008 23.51.59 File: c:\programmi\microsoft office\office12\msohevi.dll ok scanned
20/05/2008 23.52.01 File: c:\progra~1\fileco~1\micros~1\office12\msoshext.dll ok scanned
20/05/2008 23.52.01 File: c:\windows\system32\dfshim.dll ok scanned
20/05/2008 23.52.02 File: C:\WINDOWS\system32\audiodev.dll ok scanned
20/05/2008 23.52.03 File: C:\WINDOWS\system32\wpdshext.dll ok scanned
20/05/2008 23.52.04 File: c:\programmi\grisoft\avg7\avgse.dll ok scanned
20/05/2008 23.52.05 File: c:\programmi\itunes\itunesminiplayer.dll ok scanned
20/05/2008 23.52.05 File: c:\programmi\windows live\messenger\fsshext.8.5.1302.1018.dll ok scanned
20/05/2008 23.52.07 File: c:\programmi\avi2dvd\programs\filters\haali media splitter\mmfinfo.dll ok scanned
20/05/2008 23.52.10 File: c:\programmi\nero\nero 7\nero coverdesigner\coveredextension.dll ok scanned
20/05/2008 23.52.12 File: c:\programmi\file comuni\ahead\lib\nerodigitalext.dll ok scanned
20/05/2008 23.52.12 File: c:\programmi\adobe\acrobat 7.0\activex\acroiehelper.dll ok scanned
20/05/2008 23.52.13 File: c:\programmi\java\jre1.6.0_05\bin\ssv.dll ok scanned
20/05/2008 23.52.14 File: c:\programmi\file comuni\microsoft shared\windows live\windowslivelogin.dll ok scanned
20/05/2008 23.52.15 File: c:\programmi\adobe\acrobat 7.0\reader\acrord32.exe ok scanned
20/05/2008 23.52.15 File: c:\progra~1\grisoft\avg7\avgse.dll ok scanned
20/05/2008 23.52.23 File: c:\programmi\avi2dvd\avi2dvd.exe ok scanned
20/05/2008 23.52.45 File: c:\programmi\nero\nero 7\nero backitup\backitup.exe ok scanned
20/05/2008 23.52.48 File: c:\programmi\netmeeting\conf.exe ok scanned
20/05/2008 23.52.50 File: c:\programmi\windows nt\dialer.exe ok scanned
20/05/2008 23.52.51 File: c:\programmi\microsoft encarta\microsoft encarta 2008 - premium dvd\edict.exe ok scanned
20/05/2008 23.52.52 File: c:\programmi\microsoft encarta\microsoft encarta 2008 - premium dvd\encarta.exe ok scanned
20/05/2008 23.52.54 File: c:\windows\pchealth\helpctr\binaries\helpctr.exe ok scanned
20/05/2008 23.52.56 File: c:\programmi\trend micro\hijackthis\hijackthis.exe packed file PE_Patch.UPX
20/05/2008 23.52.56 File: c:\programmi\trend micro\hijackthis\hijackthis.exe//PE_Patch.UPX packed file UPX
20/05/2008 23.52.56 File: c:\programmi\trend micro\hijackthis\hijackthis.exe//PE_Patch.UPX//UPX ok scanned
20/05/2008 23.52.59 File: c:\programmi\trend micro\hijackthis\hijackthis.exe//PE_Patch.UPX ok scanned
20/05/2008 23.52.59 File: c:\programmi\trend micro\hijackthis\hijackthis.exe ok scanned
20/05/2008 23.53.00 File: c:\programmi\internet explorer\connection wizard\icwconn1.exe ok scanned
20/05/2008 23.53.00 File: c:\programmi\internet explorer\connection wizard\icwconn2.exe ok scanned
20/05/2008 23.53.02 File: c:\progra~1\incred~1\bin\imlc.exe ok scanned
20/05/2008 23.53.03 File: c:\progra~1\incred~1\bin\impackr.exe ok scanned
20/05/2008 23.53.03 File: c:\progra~1\incred~1\bin\impcnt.exe ok scanned
20/05/2008 23.53.04 File: c:\progra~1\incred~1\bin\incmail.exe ok scanned
20/05/2008 23.53.05 File: c:\programmi\internet explorer\connection wizard\inetwiz.exe ok scanned
20/05/2008 23.53.06 File: c:\progra~1\micros~2\office12\infopath.exe ok scanned
20/05/2008 23.53.07 File: c:\programmi\internet explorer\connection wizard\isignup.exe ok scanned
20/05/2008 23.53.11 File: c:\programmi\itunes\itunes.exe ok scanned
20/05/2008 23.53.12 File: C:\WINDOWS\system32\usmt\migwiz.exe ok scanned
20/05/2008 23.53.24 File: c:\programmi\movie maker\moviemk.exe ok scanned
20/05/2008 23.53.26 File: c:\programmi\motorola phone tools\mphonetools.exe ok scanned
20/05/2008 23.53.27 File: c:\programmi\windows media player\mplayer2.exe ok scanned
20/05/2008 23.53.33 File: c:\progra~1\micros~2\office12\msaccess.exe ok scanned
20/05/2008 23.53.34 File: c:\windows\pchealth\helpctr\binaries\msconfig.exe ok scanned
20/05/2008 23.53.34 File: C:\Programmi\outlook express\msimn.exe ok scanned
20/05/2008 23.53.35 File: c:\programmi\file comuni\microsoft shared\msinfo\msinfo32.exe ok scanned
20/05/2008 23.53.37 File: c:\programmi\windows live\messenger\msnmsgr.exe ok scanned
20/05/2008 23.53.37 File: c:\programmi\file comuni\microsoft shared\office12\msoxmled.exe packed file PE_Patch
20/05/2008 23.53.37 File: c:\programmi\file comuni\microsoft shared\office12\msoxmled.exe//PE_Patch ok scanned
20/05/2008 23.53.37 File: c:\programmi\file comuni\microsoft shared\office12\msoxmled.exe ok scanned
20/05/2008 23.53.42 File: c:\progra~1\micros~2\office12\mspub.exe ok scanned
20/05/2008 23.53.42 File: c:\progra~1\fileco~1\micros~1\modi\12.0\mspview.exe packed file PE_Patch
20/05/2008 23.53.43 File: c:\progra~1\fileco~1\micros~1\modi\12.0\mspview.exe//PE_Patch ok scanned
20/05/2008 23.53.43 File: c:\progra~1\fileco~1\micros~1\modi\12.0\mspview.exe ok scanned
20/05/2008 23.53.49 File: c:\programmi\nero\nero 7\nero coverdesigner\coverdes.exe ok scanned
20/05/2008 23.54.24 File: c:\programmi\nero\nero 7\core\nero.exe ok scanned
20/05/2008 23.54.26 File: c:\programmi\nero\nero 7\nero toolkit\neroburnrights.exe ok scanned
20/05/2008 23.54.27 File: c:\programmi\nero\nero 7\nero home\nerohome.exe ok scanned
20/05/2008 23.54.31 File: c:\programmi\nero\nero 7\nero mediahome\neromediahome.exe ok scanned
20/05/2008 23.54.33 File: c:\programmi\nero\nero 7\nero vision\nerovision.exe ok scanned
20/05/2008 23.54.35 File: c:\progra~1\micros~2\office12\onenote.exe ok scanned
20/05/2008 23.54.36 File: C:\WINDOWS\system32\mspaint.exe ok scanned
20/05/2008 23.54.37 File: c:\programmi\nero\nero 7\nero photosnap\photosnapviewer.exe ok scanned
20/05/2008 23.54.38 File: c:\programmi\quicktime\pictureviewer.exe ok scanned
20/05/2008 23.54.39 File: c:\programmi\windows nt\pinball\pinball.exe ok scanned
20/05/2008 23.54.40 File: c:\progra~1\micros~2\office12\powerpnt.exe ok scanned
20/05/2008 23.54.44 File: c:\programmi\quicktime\quicktimeplayer.exe ok scanned
20/05/2008 23.54.48 File: c:\programmi\nero\nero 7\nero recode\recode.exe ok scanned
20/05/2008 23.54.49 File: c:\programmi\vanbasco's karaoke player\vmidi.exe ok scanned
20/05/2008 23.54.49 File: C:\Programmi\outlook express\wab.exe ok scanned
20/05/2008 23.54.50 File: C:\Programmi\outlook express\wabmig.exe ok scanned
20/05/2008 23.54.52 File: c:\programmi\winrar\winrar.exe ok scanned
20/05/2008 23.54.54 File: c:\progra~1\micros~2\office12\winword.exe ok scanned
20/05/2008 23.54.55 File: C:\Programmi\windows nt\accessori\wordpad.exe ok scanned
20/05/2008 23.54.56 File: c:\windows\system32\ntsd.exe ok scanned
20/05/2008 23.54.57 File: c:\windows\system32\java.exe ok scanned
20/05/2008 23.54.58 File: c:\windows\system32\console.dll ok scanned
20/05/2008 23.54.59 File: c:\programmi\java\jre1.6.0_05\bin\npjpi160_05.dll ok scanned
20/05/2008 23.55.00 File: c:\progra~1\micros~2\office12\onbttnie.dll ok scanned
20/05/2008 23.55.01 File: c:\progra~1\micros~2\office12\refbar.ico ok scanned
20/05/2008 23.55.01 File: c:\progra~1\micros~2\office12\refbarh.ico ok scanned
20/05/2008 23.55.01 File: c:\progra~1\micros~2\office12\refiebar.dll ok scanned
20/05/2008 23.55.02 File: c:\programmi\file comuni\microsoft shared\encarta search bar\encsbar.dll ok scanned
20/05/2008 23.55.03 File: c:\windows\downloaded program files\conflict.1\puren-us.dll ok scanned
20/05/2008 23.55.04 File: c:\windows\downloaded program files\conflict.1\msnpupld.dll ok scanned
20/05/2008 23.55.04 File: c:\windows\downloaded program files\puren-us.dll ok scanned
20/05/2008 23.55.04 File: c:\windows\downloaded program files\msnpupld.dll ok scanned
20/05/2008 23.55.05 File: c:\windows\downloaded program files\fp_ax_cab_installer.exe ok scanned
20/05/2008 23.55.06 File: c:\programmi\java\jre1.6.0_03\bin\npjpi160_03.dll ok scanned
20/05/2008 23.55.12 File: c:\windows\system32\macromed\flash\flash9e.ocx ok scanned
20/05/2008 23.55.17 File: c:\programmi\apple software update\softwareupdate.exe ok scanned
20/05/2008 23.55.17 File: C:\WINDOWS\system32\rsvpsp.dll ok scanned
20/05/2008 23.55.17 File: C:\WINDOWS\system32\winrnr.dll ok scanned
20/05/2008 23.55.20 Logical disk sector: C ok scanned
20/05/2008 23.55.20 Logical disk sector: D ok scanned
20/05/2008 23.55.21 Physical disk sector: \Device\HarddiskVolume2 ok scanned
20/05/2008 23.55.22 Physical disk sector: \Device\HarddiskVolume1 ok scanned
20/05/2008 23.55.22 Physical disk sector: \Device\Harddisk0\DR0 ok scanned
20/05/2008 23.55.23 Physical disk sector: \Device\Harddisk1\DR1 ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 664 0 0 0 0 0 31 0 0
System memory 143 0 0 0 0 0 1 0 0
Startup objects 515 0 0 0 0 0 30 0 0
Disk boot sectors 6 0 0 0 0 0 0 0 0


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----



<?xml version="1.0" encoding="utf-8" ?>
- <SYSTEMSTATUS EVAL="6" ITEMS_TOTAL="11044" STRIPPED="FALSE" START="080521-000809" END="080521-001457">
- <NODE NAME="SECTION" VALUE="Running Processes" NAME_CAPTION="Type" VALUE_CAPTION="Path" EXTRA_CAPTION="User Name" TR="V=4000;n=4001;v=4002;e=4006" TREE_ICON="1" PARENTS_ONLY="1" EVAL="6">
- <NODE NAME="Process" VALUE="system (0)" TR="N=4003" EXTRA="" EVAL="1">
<NODE EMPTY="1" EVAL="1" />
</NODE>
- <NODE NAME="Process" VALUE="system (4)" TR="N=4003" EXTRA="" EVAL="1">
<NODE EMPTY="1" EVAL="1" />
</NODE>
- <NODE NAME="Process" VALUE="smss.exe (420)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="619" EVAL="1" F="2">
<NODE NAME="Module" VALUE="\SystemRoot\System32\smss.exe" L="F" TR="N=4004" LINK="619" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="csrss.exe (476)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="222" EVAL="1" F="2">
<NODE NAME="Module" VALUE="\??\C:\WINDOWS\system32\csrss.exe" L="F" TR="N=4004" LINK="222" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CSRSRV.dll" L="F" TR="N=4004" LINK="221" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\basesrv.dll" L="F" TR="N=4004" LINK="192" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\winsrv.dll" L="F" TR="N=4004" LINK="696" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\KERNEL32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sxs.dll" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="winlogon.exe (500)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="691" EVAL="1" F="2">
<NODE NAME="Module" VALUE="\??\C:\WINDOWS\system32\winlogon.exe" L="F" TR="N=4004" LINK="691" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NDdeApi.dll" L="F" TR="N=4004" LINK="514" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PROFMAP.dll" L="F" TR="N=4004" LINK="557" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\REGAPI.dll" L="F" TR="N=4004" LINK="573" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSGINA.dll" L="F" TR="N=4004" LINK="480" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ODBC32.dll" L="F" TR="N=4004" LINK="539" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\odbcint.dll" L="F" TR="N=4004" LINK="540" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHSVCS.dll" L="F" TR="N=4004" LINK="616" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sfc.dll" L="F" TR="N=4004" LINK="605" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sfc_os.dll" L="F" TR="N=4004" LINK="606" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSCARD.DLL" L="F" TR="N=4004" LINK="694" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cscdll.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WlNotify.dll" L="F" TR="N=4004" LINK="701" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WgaLogon.dll" L="F" TR="N=4004" LINK="682" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sxs.dll" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Cabinet.dll" L="F" TR="N=4004" LINK="197" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemprox.dll" L="F" TR="N=4004" LINK="672" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemcomn.dll" L="F" TR="N=4004" LINK="669" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemsvc.dll" L="F" TR="N=4004" LINK="673" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\fastprox.dll" L="F" TR="N=4004" LINK="666" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="services.exe (544)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="602" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\services.exe" L="F" TR="N=4004" LINK="602" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SCESRV.dll" L="F" TR="N=4004" LINK="593" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\umpnpmgr.dll" L="F" TR="N=4004" LINK="645" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NCObjAPI.DLL" L="F" TR="N=4004" LINK="513" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcAdProc.dll" L="F" TR="N=4004" LINK="161" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\eventlog.dll" L="F" TR="N=4004" LINK="407" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="lsass.exe (556)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="450" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\lsass.exe" L="F" TR="N=4004" LINK="450" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LSASRV.dll" L="F" TR="N=4004" LINK="449" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMSRV.dll" L="F" TR="N=4004" LINK="590" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptdll.dll" L="F" TR="N=4004" LINK="214" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msprivs.dll" L="F" TR="N=4004" LINK="495" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kerberos.dll" L="F" TR="N=4004" LINK="440" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netlogon.dll" L="F" TR="N=4004" LINK="519" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\w32time.dll" L="F" TR="N=4004" LINK="663" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\schannel.dll" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdigest.dll" L="F" TR="N=4004" LINK="678" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\scecli.dll" L="F" TR="N=4004" LINK="592" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ipsecsvc.dll" L="F" TR="N=4004" LINK="437" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\oakley.DLL" L="F" TR="N=4004" LINK="537" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINIPSEC.DLL" L="F" TR="N=4004" LINK="690" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pstorsvc.dll" L="F" TR="N=4004" LINK="560" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psbase.dll" L="F" TR="N=4004" LINK="559" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dssenh.dll" L="F" TR="N=4004" LINK="399" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Process" VALUE="imapp.exe (560)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="142" EVAL="5" F="4">
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImApp.exe" L="F" TR="N=4004" LINK="142" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImUtilsU.dll" L="F" TR="N=4004" LINK="147" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImNtUtilU.dll" L="F" TR="N=4004" LINK="145" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42u.DLL" L="F" TR="N=4004" LINK="456" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\INCRED~1\bin\ImLookU.dll" L="F" TR="N=4004" LINK="144" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42LOC.DLL" L="F" TR="N=4004" LINK="455" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DbgHelp.dll" L="F" TR="N=4004" LINK="227" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImAppRU.dll" L="F" TR="N=4004" LINK="46" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OleAcc.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImComUtlU.dll" L="F" TR="N=4004" LINK="47" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImSpoolU.dll" L="F" TR="N=4004" LINK="52" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCIRT.dll" L="F" TR="N=4004" LINK="501" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImFoldrsU.dll" L="F" TR="N=4004" LINK="48" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImServU.dll" L="F" TR="N=4004" LINK="51" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImJunkU.dll" L="F" TR="N=4004" LINK="49" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\ImNotfyU.dll" L="F" TR="N=4004" LINK="50" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sensapi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (704)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\rpcss.dll" L="F" TR="N=4004" LINK="582" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\termsrv.dll" L="F" TR="N=4004" LINK="639" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ICAAPI.dll" L="F" TR="N=4004" LINK="422" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\mstlsapi.dll" L="F" TR="N=4004" LINK="498" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\REGAPI.dll" L="F" TR="N=4004" LINK="573" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (768)" TR="N=4003" EXTRA="NT AUTHORITY\NetworkService" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\rpcss.dll" L="F" TR="N=4004" LINK="582" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (804)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\shsvcs.dll" L="F" TR="N=4004" LINK="616" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\dhcpcsvc.dll" L="F" TR="N=4004" LINK="236" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="c:\windows\system32\wzcsvc.dll" L="F" TR="N=4004" LINK="722" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WMI.dll" L="F" TR="N=4004" LINK="703" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ESENT.dll" L="F" TR="N=4004" LINK="406" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rastls.dll" L="F" TR="N=4004" LINK="572" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPTUI.dll" L="F" TR="N=4004" LINK="218" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MPRAPI.dll" L="F" TR="N=4004" LINK="467" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SCHANNEL.dll" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WinSCard.dll" L="F" TR="N=4004" LINK="694" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\raschap.dll" L="F" TR="N=4004" LINK="565" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\schedsvc.dll" L="F" TR="N=4004" LINK="595" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSIDLE.DLL" L="F" TR="N=4004" LINK="486" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\audiosrv.dll" L="F" TR="N=4004" LINK="189" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wkssvc.dll" L="F" TR="N=4004" LINK="699" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\qmgr.dll" L="F" TR="N=4004" LINK="561" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\cryptsvc.dll" L="F" TR="N=4004" LINK="217" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\certcli.dll" L="F" TR="N=4004" LINK="199" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\dmserver.dll" L="F" TR="N=4004" LINK="241" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\srvsvc.dll" L="F" TR="N=4004" LINK="626" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\pchealth\helpctr\binaries\pchsvc.dll" L="F" TR="N=4004" LINK="174" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\es.dll" L="F" TR="N=4004" LINK="405" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ersvc.dll" L="F" TR="N=4004" LINK="404" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\srsvc.dll" L="F" TR="N=4004" LINK="625" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\POWRPROF.dll" L="F" TR="N=4004" LINK="555" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\seclogon.dll" L="F" TR="N=4004" LINK="597" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\netman.dll" L="F" TR="N=4004" LINK="520" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\netshell.dll" L="F" TR="N=4004" LINK="523" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\credui.dll" L="F" TR="N=4004" LINK="212" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WZCSAPI.DLL" L="F" TR="N=4004" LINK="721" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wuauserv.dll" L="F" TR="N=4004" LINK="719" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wbem\wmisvc.dll" L="F" TR="N=4004" LINK="676" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VSSAPI.DLL" L="F" TR="N=4004" LINK="661" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wuaueng.dll" L="F" TR="N=4004" LINK="718" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Cabinet.dll" L="F" TR="N=4004" LINK="197" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\mspatcha.dll" L="F" TR="N=4004" LINK="493" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\w32time.dll" L="F" TR="N=4004" LINK="663" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\trkwks.dll" L="F" TR="N=4004" LINK="642" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\sens.dll" L="F" TR="N=4004" LINK="600" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\browser.dll" L="F" TR="N=4004" LINK="195" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wscsvc.dll" L="F" TR="N=4004" LINK="712" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\msi.dll" L="F" TR="N=4004" LINK="485" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ipnathlp.dll" L="F" TR="N=4004" LINK="436" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\AUTHZ.dll" L="F" TR="N=4004" LINK="190" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemcomn.dll" L="F" TR="N=4004" LINK="669" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\sfc.dll" L="F" TR="N=4004" LINK="605" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\sfc_os.dll" L="F" TR="N=4004" LINK="606" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Wbem\wbemcore.dll" L="F" TR="N=4004" LINK="670" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Wbem\esscli.dll" L="F" TR="N=4004" LINK="665" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\Wbem\FastProx.dll" L="F" TR="N=4004" LINK="666" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\upnp.dll" L="F" TR="N=4004" LINK="648" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SSDPAPI.dll" L="F" TR="N=4004" LINK="627" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comsvcs.dll" L="F" TR="N=4004" LINK="211" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\colbact.DLL" L="F" TR="N=4004" LINK="207" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MTXCLU.DLL" L="F" TR="N=4004" LINK="510" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WSOCK32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CLUSAPI.DLL" L="F" TR="N=4004" LINK="205" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\RESUTILS.DLL" L="F" TR="N=4004" LINK="576" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wmiutils.dll" L="F" TR="N=4004" LINK="677" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\repdrvfs.dll" L="F" TR="N=4004" LINK="668" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wmiprvsd.dll" L="F" TR="N=4004" LINK="675" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NCObjAPI.DLL" L="F" TR="N=4004" LINK="513" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemess.dll" L="F" TR="N=4004" LINK="671" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netcfgx.dll" L="F" TR="N=4004" LINK="517" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasmans.dll" L="F" TR="N=4004" LINK="568" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINIPSEC.DLL" L="F" TR="N=4004" LINK="690" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\ncprov.dll" L="F" TR="N=4004" LINK="667" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\tapisrv.dll" L="F" TR="N=4004" LINK="637" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rastapi.dll" L="F" TR="N=4004" LINK="571" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\unimdm.tsp" L="F" TR="N=4004" LINK="646" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\uniplat.dll" L="F" TR="N=4004" LINK="647" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\kmddsp.tsp" L="F" TR="N=4004" LINK="442" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ndptsp.tsp" L="F" TR="N=4004" LINK="515" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ipconf.tsp" L="F" TR="N=4004" LINK="434" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\h323.tsp" L="F" TR="N=4004" LINK="414" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\hidphone.tsp" L="F" TR="N=4004" LINK="417" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\HID.DLL" L="F" TR="N=4004" LINK="416" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\rasppp.dll" L="F" TR="N=4004" LINK="570" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ntlsapi.dll" L="F" TR="N=4004" LINK="533" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kerberos.dll" L="F" TR="N=4004" LINK="440" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cryptdll.dll" L="F" TR="N=4004" LINK="214" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\RASDLG.dll" L="F" TR="N=4004" LINK="566" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\dssenh.dll" L="F" TR="N=4004" LINK="399" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemsvc.dll" L="F" TR="N=4004" LINK="673" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (856)" TR="N=4003" EXTRA="NT AUTHORITY\NetworkService" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\dnsrslvr.dll" L="F" TR="N=4004" LINK="243" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (908)" TR="N=4003" EXTRA="NT AUTHORITY\LocalService" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\lmhsvc.dll" L="F" TR="N=4004" LINK="445" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\webclnt.dll" L="F" TR="N=4004" LINK="681" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\regsvc.dll" L="F" TR="N=4004" LINK="574" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\ssdpsrv.dll" L="F" TR="N=4004" LINK="628" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ipodservice.exe (944)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="56" EVAL="5" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\iPod\bin\iPodService.exe" L="F" TR="N=4004" LINK="56" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CFGMGR32.dll" L="F" TR="N=4004" LINK="200" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\setupapi.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.DLL" L="F" TR="N=4004" LINK="58" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\iPod\bin\iPodService.Resources\iPodService.DLL" L="F" TR="N=4004" LINK="57" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="explorer.exe (1148)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="163" EVAL="5" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\Explorer.EXE" L="F" TR="N=4004" LINK="163" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\BROWSEUI.dll" L="F" TR="N=4004" LINK="196" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHDOCVW.dll" L="F" TR="N=4004" LINK="608" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPTUI.dll" L="F" TR="N=4004" LINK="218" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CSCDLL.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\themeui.dll" L="F" TR="N=4004" LINK="640" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msutb.dll" L="F" TR="N=4004" LINK="499" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LINKINFO.dll" L="F" TR="N=4004" LINK="444" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntshrui.dll" L="F" TR="N=4004" LINK="536" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ieframe.dll" L="F" TR="N=4004" LINK="425" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MLANG.dll" L="F" TR="N=4004" LINK="460" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\webcheck.dll" L="F" TR="N=4004" LINK="680" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\stobject.dll" L="F" TR="N=4004" LINK="632" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\BatMeter.dll" L="F" TR="N=4004" LINK="193" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\POWRPROF.dll" L="F" TR="N=4004" LINK="555" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WPDShServiceObj.dll" L="F" TR="N=4004" LINK="707" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msi.dll" L="F" TR="N=4004" LINK="485" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mydocs.dll" L="F" TR="N=4004" LINK="512" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PortableDeviceTypes.dll" L="F" TR="N=4004" LINK="554" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PortableDeviceApi.dll" L="F" TR="N=4004" LINK="553" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETSHELL.dll" L="F" TR="N=4004" LINK="523" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\credui.dll" L="F" TR="N=4004" LINK="212" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\drprov.dll" L="F" TR="N=4004" LINK="394" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ntlanman.dll" L="F" TR="N=4004" LINK="531" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI0.dll" L="F" TR="N=4004" LINK="524" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI1.dll" L="F" TR="N=4004" LINK="525" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETRAP.dll" L="F" TR="N=4004" LINK="522" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\davclnt.dll" L="F" TR="N=4004" LINK="226" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\browselc.dll" L="F" TR="N=4004" LINK="194" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll" L="F" TR="N=4004" LINK="70" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSFTEDIT.DLL" L="F" TR="N=4004" LINK="479" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL" L="F" TR="N=4004" LINK="150" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASDLG.dll" L="F" TR="N=4004" LINK="566" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPRAPI.dll" L="F" TR="N=4004" LINK="467" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DUSER.dll" L="F" TR="N=4004" LINK="401" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSAPI.DLL" L="F" TR="N=4004" LINK="721" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netman.dll" L="F" TR="N=4004" LINK="520" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSvc.DLL" L="F" TR="N=4004" LINK="722" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WMI.dll" L="F" TR="N=4004" LINK="703" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DHCPCSVC.DLL" L="F" TR="N=4004" LINK="236" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ESENT.dll" L="F" TR="N=4004" LINK="406" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll" L="F" TR="N=4004" LINK="91" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\MFC71U.DLL" L="F" TR="N=4004" LINK="87" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\MSVCR71.dll" L="F" TR="N=4004" LINK="89" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero BackItUp\MSVCP71.dll" L="F" TR="N=4004" LINK="88" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC71ITA.DLL" L="F" TR="N=4004" LINK="458" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\WinRAR\rarext.dll" L="F" TR="N=4004" LINK="117" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgse.dll" L="F" TR="N=4004" LINK="42" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" L="F" TR="N=4004" LINK="93" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL" L="F" TR="N=4004" LINK="94" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll" L="F" TR="N=4004" LINK="731" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVFW32.dll" L="F" TR="N=4004" LINK="506" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Faultrep.dll" L="F" TR="N=4004" LINK="409" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RICHED32.DLL" L="F" TR="N=4004" LINK="578" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RICHED20.dll" L="F" TR="N=4004" LINK="577" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shimgvw.dll" L="F" TR="N=4004" LINK="612" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" L="F" TR="N=4004" LINK="8" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" L="F" TR="N=4004" LINK="78" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" L="F" TR="N=4004" LINK="13" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll" L="F" TR="N=4004" LINK="12" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" L="F" TR="N=4004" LINK="18" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" L="F" TR="N=4004" LINK="9" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wmvcore.dll" L="F" TR="N=4004" LINK="705" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WMASF.DLL" L="F" TR="N=4004" LINK="702" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSGINA.dll" L="F" TR="N=4004" LINK="480" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ODBC32.dll" L="F" TR="N=4004" LINK="539" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\odbcint.dll" L="F" TR="N=4004" LINK="540" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shdoclc.dll" L="F" TR="N=4004" LINK="607" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dfshim.dll" L="F" TR="N=4004" LINK="234" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mscoree.dll" L="F" TR="N=4004" LINK="475" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll" L="F" TR="N=4004" LINK="171" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll" L="F" TR="N=4004" LINK="167" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll" L="F" TR="N=4004" LINK="166" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\it\ShFusRes.dll" L="F" TR="N=4004" LINK="168" EVAL="5" F="512" />
</NODE>
- <NODE NAME="Process" VALUE="spoolsv.exe (1204)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="624" EVAL="1" F="1">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\spoolsv.exe" L="F" TR="N=4004" LINK="624" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SPOOLSS.DLL" L="F" TR="N=4004" LINK="623" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\localspl.dll" L="F" TR="N=4004" LINK="446" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sfc_os.dll" L="F" TR="N=4004" LINK="606" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\winspool.drv" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cnbjmon.dll" L="F" TR="N=4004" LINK="206" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hpzlnt04.dll" L="F" TR="N=4004" LINK="420" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mdimon.dll" L="F" TR="N=4004" LINK="453" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msi.dll" L="F" TR="N=4004" LINK="485" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pjlmon.dll" L="F" TR="N=4004" LINK="551" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msonpmon.dll" L="F" TR="N=4004" LINK="492" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\tcpmon.dll" L="F" TR="N=4004" LINK="638" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\usbmon.dll" L="F" TR="N=4004" LINK="653" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll" L="F" TR="N=4004" LINK="621" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll" L="F" TR="N=4004" LINK="622" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\win32spl.dll" L="F" TR="N=4004" LINK="686" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETRAP.dll" L="F" TR="N=4004" LINK="522" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\inetpp.dll" L="F" TR="N=4004" LINK="433" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgamsvr.exe (1352)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="123" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" L="F" TR="N=4004" LINK="123" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgklib.dll" L="F" TR="N=4004" LINK="129" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP71.dll" L="F" TR="N=4004" LINK="503" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" L="F" TR="N=4004" LINK="130" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcfg.dll" L="F" TR="N=4004" LINK="34" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemprox.dll" L="F" TR="N=4004" LINK="672" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemcomn.dll" L="F" TR="N=4004" LINK="669" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\wbemsvc.dll" L="F" TR="N=4004" LINK="673" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wbem\fastprox.dll" L="F" TR="N=4004" LINK="666" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTDSAPI.dll" L="F" TR="N=4004" LINK="530" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avglng.dll" L="F" TR="N=4004" LINK="37" EVAL="5" />
</NODE>
- <NODE NAME="Process" VALUE="groovemonitor.exe (1440)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="73" EVAL="1" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" L="F" TR="N=4004" LINK="73" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="75" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="74" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgcc.exe (1460)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="124" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" L="F" TR="N=4004" LINK="124" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgTMgr.dll" L="F" TR="N=4004" LINK="134" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgCtrl.dll" L="F" TR="N=4004" LINK="125" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC71.DLL" L="F" TR="N=4004" LINK="457" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVFW32.dll" L="F" TR="N=4004" LINK="506" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP71.dll" L="F" TR="N=4004" LINK="503" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgAbout.dll" L="F" TR="N=4004" LINK="122" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgTest.dll" L="F" TR="N=4004" LINK="133" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgTRes.dll" L="F" TR="N=4004" LINK="135" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\AvgSet.dll" L="F" TR="N=4004" LINK="132" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC71ITA.DLL" L="F" TR="N=4004" LINK="458" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" L="F" TR="N=4004" LINK="130" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcfg.dll" L="F" TR="N=4004" LINK="34" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgklib.dll" L="F" TR="N=4004" LINK="36" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avglng.dll" L="F" TR="N=4004" LINK="37" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgresf.dll" L="F" TR="N=4004" LINK="131" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgf.dll" L="F" TR="N=4004" LINK="35" EVAL="5" F="64" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\AVGRES.DLL" L="F" TR="N=4004" LINK="40" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcckrn.dll" L="F" TR="N=4004" LINK="33" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgvault.dll" L="F" TR="N=4004" LINK="44" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgrep.dll" L="F" TR="N=4004" LINK="39" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgunarc.dll" L="F" TR="N=4004" LINK="43" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll" L="F" TR="N=4004" LINK="128" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll" L="F" TR="N=4004" LINK="127" EVAL="5" />
</NODE>
- <NODE NAME="Process" VALUE="qttask.exe (1468)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="107" EVAL="5">
<NODE NAME="Module" VALUE="C:\Programmi\QuickTime\qttask.exe" L="F" TR="N=4004" LINK="107" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ituneshelper.exe (1492)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="60" EVAL="5" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\iTunes\iTunesHelper.exe" L="F" TR="N=4004" LINK="60" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalized.DLL" L="F" TR="N=4004" LINK="61" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\iTunes\iTunesHelper.Resources\iTunesHelper.DLL" L="F" TR="N=4004" LINK="62" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgupsvc.exe (1520)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="136" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" L="F" TR="N=4004" LINK="136" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="avgemc.exe (1564)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="126" EVAL="5">
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" L="F" TR="N=4004" LINK="126" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\libsasl.dll" L="F" TR="N=4004" LINK="137" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WSOCK32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP71.dll" L="F" TR="N=4004" LINK="503" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHFOLDER.dll" L="F" TR="N=4004" LINK="610" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" L="F" TR="N=4004" LINK="130" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgcfg.dll" L="F" TR="N=4004" LINK="34" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgklib.dll" L="F" TR="N=4004" LINK="36" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avglng.dll" L="F" TR="N=4004" LINK="37" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgscan.dll" L="F" TR="N=4004" LINK="41" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgunarc.dll" L="F" TR="N=4004" LINK="43" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.DLL" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SCHANNEL.DLL" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\saslcrammd5.dll" L="F" TR="N=4004" LINK="138" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\sasldigestmd5.dll" L="F" TR="N=4004" LINK="139" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\sasllogin.dll" L="F" TR="N=4004" LINK="140" EVAL="5" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\saslplain.dll" L="F" TR="N=4004" LINK="141" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Grisoft\AVG7\avgmail.dll" L="F" TR="N=4004" LINK="38" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensAPI.DLL" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll" L="F" TR="N=4004" LINK="127" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="prevxcsi.exe (1608)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="105" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\PrevxCSI\prevxcsi.exe" L="F" TR="N=4004" LINK="105" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMDLG32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IPHLPAPI.DLL" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LINKINFO.dll" L="F" TR="N=4004" LINK="444" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntshrui.dll" L="F" TR="N=4004" LINK="536" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="rundll32.exe (1624)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="588" EVAL="5" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rundll32.exe" L="F" TR="N=4004" LINK="588" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\stmctrl.dll" L="F" TR="N=4004" LINK="631" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="rundll32.exe (1652)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="588" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RunDll32.exe" L="F" TR="N=4004" LINK="588" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system\cmicnfg.cpl" L="F" TR="N=4004" LINK="727" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\udaprop.dll" L="F" TR="N=4004" LINK="644" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dsound.dll" L="F" TR="N=4004" LINK="396" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\KsUser.dll" L="F" TR="N=4004" LINK="443" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="prevxcsi.exe (1700)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="105" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\PrevxCSI\prevxcsi.exe" L="F" TR="N=4004" LINK="105" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMDLG32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IPHLPAPI.DLL" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wtsapi32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Process" VALUE="mdm.exe (1736)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="26" EVAL="5" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe" L="F" TR="N=4004" LINK="26" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\mdmui.dll" L="F" TR="N=4004" LINK="25" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="jusched.exe (1776)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="66" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" L="F" TR="N=4004" LINK="66" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="alg.exe (1808)" TR="N=4003" EXTRA="NT AUTHORITY\LocalService" LINK="182" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\alg.exe" L="F" TR="N=4004" LINK="182" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WSOCK32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSWSOCK.DLL" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="svchost.exe (1848)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="633" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\svchost.exe" L="F" TR="N=4004" LINK="633" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\wiaservc.dll" L="F" TR="N=4004" LINK="684" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\CFGMGR32.dll" L="F" TR="N=4004" LINK="200" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\setupapi.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\mscms.dll" L="F" TR="N=4004" LINK="473" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="c:\windows\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sti.dll" L="F" TR="N=4004" LINK="630" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="sysinspector.exe (1872)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="733" EVAL="2">
<NODE NAME="Module" VALUE="D:\Documenti\Claudia\SysInspector.exe" L="F" TR="N=4004" LINK="733" EVAL="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMCTL32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMDLG32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ctfmon.exe (1944)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="223" EVAL="1" F="2">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ctfmon.exe" L="F" TR="N=4004" LINK="223" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSUTB.dll" L="F" TR="N=4004" LINK="499" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="a2service.exe (2124)" TR="N=4003" EXTRA="NT AUTHORITY\SYSTEM" LINK="7" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\Programmi\a-squared Free\a2service.exe" L="F" TR="N=4004" LINK="7" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\advapi32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\oleaut32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\version.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wsock32.dll" L="F" TR="N=4004" LINK="715" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="iexplore.exe (2420)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="55" EVAL="5" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\iexplore.exe" L="F" TR="N=4004" LINK="55" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEFRAME.dll" L="F" TR="N=4004" LINK="425" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEUI.dll" L="F" TR="N=4004" LINK="427" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSIMG32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll" L="F" TR="N=4004" LINK="731" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xmllite.dll" L="F" TR="N=4004" LINK="723" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msimtf.dll" L="F" TR="N=4004" LINK="490" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" L="F" TR="N=4004" LINK="78" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\ieproxy.dll" L="F" TR="N=4004" LINK="54" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MLANG.dll" L="F" TR="N=4004" LINK="460" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ws2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" L="F" TR="N=4004" LINK="8" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll" L="F" TR="N=4004" LINK="70" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSFTEDIT.DLL" L="F" TR="N=4004" LINK="479" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL" L="F" TR="N=4004" LINK="150" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll" L="F" TR="N=4004" LINK="67" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" L="F" TR="N=4004" LINK="29" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\msidcrl40.dll" L="F" TR="N=4004" LINK="28" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEACC.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NETAPI32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\userenv.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtml.dll" L="F" TR="N=4004" LINK="483" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msls31.dll" L="F" TR="N=4004" LINK="491" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ieapfltr.dll" L="F" TR="N=4004" LINK="424" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ImgUtil.dll" L="F" TR="N=4004" LINK="430" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USP10.dll" L="F" TR="N=4004" LINK="657" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx" L="F" TR="N=4004" LINK="452" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\wdmaud.drv" L="F" TR="N=4004" LINK="679" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msacm32.drv" L="F" TR="N=4004" LINK="470" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\midimap.dll" L="F" TR="N=4004" LINK="459" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\schannel.dll" L="F" TR="N=4004" LINK="594" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dssenh.dll" L="F" TR="N=4004" LINK="399" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtmled.dll" L="F" TR="N=4004" LINK="484" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Dxtrans.dll" L="F" TR="N=4004" LINK="403" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ddrawex.dll" L="F" TR="N=4004" LINK="230" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DDRAW.dll" L="F" TR="N=4004" LINK="229" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DCIMAN32.dll" L="F" TR="N=4004" LINK="228" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Dxtmsft.dll" L="F" TR="N=4004" LINK="402" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\vbscript.dll" L="F" TR="N=4004" LINK="659" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mscoree.dll" L="F" TR="N=4004" LINK="475" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll" L="F" TR="N=4004" LINK="169" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mscms.dll" L="F" TR="N=4004" LINK="473" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSRATING.dll" L="F" TR="N=4004" LINK="496" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntshrui.dll" L="F" TR="N=4004" LINK="536" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\LINKINFO.dll" L="F" TR="N=4004" LINK="444" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPR.dll" L="F" TR="N=4004" LINK="466" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\drprov.dll" L="F" TR="N=4004" LINK="394" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\ntlanman.dll" L="F" TR="N=4004" LINK="531" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI0.dll" L="F" TR="N=4004" LINK="524" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETUI1.dll" L="F" TR="N=4004" LINK="525" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\NETRAP.dll" L="F" TR="N=4004" LINK="522" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\davclnt.dll" L="F" TR="N=4004" LINK="226" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PortableDeviceApi.dll" L="F" TR="N=4004" LINK="553" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSGINA.dll" L="F" TR="N=4004" LINK="480" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ODBC32.dll" L="F" TR="N=4004" LINK="539" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\odbcint.dll" L="F" TR="N=4004" LINK="540" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\sti.dll" L="F" TR="N=4004" LINK="630" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CFGMGR32.dll" L="F" TR="N=4004" LINK="200" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\dispex.dll" L="F" TR="N=4004" LINK="238" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\D3DIM700.DLL" L="F" TR="N=4004" LINK="225" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" L="F" TR="N=4004" LINK="13" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll" L="F" TR="N=4004" LINK="12" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pngfilt.dll" L="F" TR="N=4004" LINK="552" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shmedia.dll" L="F" TR="N=4004" LINK="614" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVFW32.dll" L="F" TR="N=4004" LINK="506" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\AVIFIL32.dll" L="F" TR="N=4004" LINK="191" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\browseui.dll" L="F" TR="N=4004" LINK="196" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHDOCVW.dll" L="F" TR="N=4004" LINK="608" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPTUI.dll" L="F" TR="N=4004" LINK="218" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="rmctrl .exe (2588)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="579" EVAL="6" F="768">
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rmctrl .exe" L="F" TR="N=4004" LINK="579" EVAL="6" F="768" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ctrldll.dll" L="F" TR="N=4004" LINK="224" EVAL="5" F="512" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\HID.DLL" L="F" TR="N=4004" LINK="416" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="iexplore.exe (2624)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="55" EVAL="2" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\IEXPLORE.EXE" L="F" TR="N=4004" LINK="55" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEFRAME.dll" L="F" TR="N=4004" LINK="425" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IEUI.dll" L="F" TR="N=4004" LINK="427" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSIMG32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll" L="F" TR="N=4004" LINK="731" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xmllite.dll" L="F" TR="N=4004" LINK="723" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msimtf.dll" L="F" TR="N=4004" LINK="490" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CSCDLL.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" L="F" TR="N=4004" LINK="78" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Internet Explorer\ieproxy.dll" L="F" TR="N=4004" LINK="54" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MLANG.dll" L="F" TR="N=4004" LINK="460" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ws2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" L="F" TR="N=4004" LINK="8" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCR71.dll" L="F" TR="N=4004" LINK="504" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll" L="F" TR="N=4004" LINK="70" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSFTEDIT.DLL" L="F" TR="N=4004" LINK="479" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" L="F" TR="N=4004" LINK="151" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL" L="F" TR="N=4004" LINK="150" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll" L="F" TR="N=4004" LINK="67" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" L="F" TR="N=4004" LINK="29" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\msidcrl40.dll" L="F" TR="N=4004" LINK="28" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEACC.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\userenv.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mswsock.dll" L="F" TR="N=4004" LINK="508" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hnetcfg.dll" L="F" TR="N=4004" LINK="419" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\wshtcpip.dll" L="F" TR="N=4004" LINK="714" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RASAPI32.dll" L="F" TR="N=4004" LINK="563" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasman.dll" L="F" TR="N=4004" LINK="567" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\TAPI32.dll" L="F" TR="N=4004" LINK="636" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rtutils.dll" L="F" TR="N=4004" LINK="587" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msv1_0.dll" L="F" TR="N=4004" LINK="500" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iphlpapi.dll" L="F" TR="N=4004" LINK="435" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\actxprxy.dll" L="F" TR="N=4004" LINK="179" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rasadhlp.dll" L="F" TR="N=4004" LINK="562" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DNSAPI.dll" L="F" TR="N=4004" LINK="242" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\winrnr.dll" L="F" TR="N=4004" LINK="693" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\DHCPCSVC.DLL" L="F" TR="N=4004" LINK="236" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netman.dll" L="F" TR="N=4004" LINK="520" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MPRAPI.dll" L="F" TR="N=4004" LINK="467" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ACTIVEDS.dll" L="F" TR="N=4004" LINK="178" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\adsldpc.dll" L="F" TR="N=4004" LINK="180" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ATL.DLL" L="F" TR="N=4004" LINK="187" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SAMLIB.dll" L="F" TR="N=4004" LINK="589" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netshell.dll" L="F" TR="N=4004" LINK="523" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\credui.dll" L="F" TR="N=4004" LINK="212" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSAPI.DLL" L="F" TR="N=4004" LINK="721" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WZCSvc.DLL" L="F" TR="N=4004" LINK="722" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WMI.dll" L="F" TR="N=4004" LINK="703" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WTSAPI32.dll" L="F" TR="N=4004" LINK="716" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSTA.dll" L="F" TR="N=4004" LINK="697" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ESENT.dll" L="F" TR="N=4004" LINK="406" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtml.dll" L="F" TR="N=4004" LINK="483" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msls31.dll" L="F" TR="N=4004" LINK="491" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ieapfltr.dll" L="F" TR="N=4004" LINK="424" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\NTMARTA.DLL" L="F" TR="N=4004" LINK="534" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\jscript.dll" L="F" TR="N=4004" LINK="439" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ImgUtil.dll" L="F" TR="N=4004" LINK="430" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\pngfilt.dll" L="F" TR="N=4004" LINK="552" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mshtmled.dll" L="F" TR="N=4004" LINK="484" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="ps2usbkbddrv .exe (2684)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="100" EVAL="5">
<NODE NAME="Module" VALUE="C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv .exe" L="F" TR="N=4004" LINK="100" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nortek Keyboard Application\DLLMKKBD.dll" L="F" TR="N=4004" LINK="98" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\user32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\advapi32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\oleaut32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\version.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\shell32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\winmm.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\Nortek Keyboard Application\keydll.dll" L="F" TR="N=4004" LINK="99" EVAL="5" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\HID.DLL" L="F" TR="N=4004" LINK="416" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42.DLL" L="F" TR="N=4004" LINK="454" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\olepro32.dll" L="F" TR="N=4004" LINK="546" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MFC42LOC.DLL" L="F" TR="N=4004" LINK="455" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="wlloginproxy.exe (2764)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="30" EVAL="1" F="1">
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe" L="F" TR="N=4004" LINK="30" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\msidcrl40.dll" L="F" TR="N=4004" LINK="28" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEACC.dll" L="F" TR="N=4004" LINK="542" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSVCP60.dll" L="F" TR="N=4004" LINK="502" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SensApi.dll" L="F" TR="N=4004" LINK="601" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\PSAPI.DLL" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINTRUST.dll" L="F" TR="N=4004" LINK="698" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMAGEHLP.dll" L="F" TR="N=4004" LINK="428" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\xpsp2res.dll" L="F" TR="N=4004" LINK="725" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\userenv.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\cryptnet.dll" L="F" TR="N=4004" LINK="216" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WLDAP32.dll" L="F" TR="N=4004" LINK="700" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINHTTP.dll" L="F" TR="N=4004" LINK="688" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msxml3.dll" L="F" TR="N=4004" LINK="509" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ws2_32.dll" L="F" TR="N=4004" LINK="709" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WS2HELP.dll" L="F" TR="N=4004" LINK="710" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SXS.DLL" L="F" TR="N=4004" LINK="634" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="_start.exe (3032)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="4" EVAL="2" F="4">
<NODE NAME="Module" VALUE="C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\_start.exe" L="F" TR="N=4004" LINK="4" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comctl32.dll" L="F" TR="N=4004" LINK="208" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Apphelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="launch.exe (3800)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="732" EVAL="2" F="4">
<NODE NAME="Module" VALUE="D:\Documenti\Claudia\launch.exe" L="F" TR="N=4004" LINK="732" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.DLL" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.DLL" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLE32.DLL" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\riched32.dll" L="F" TR="N=4004" LINK="578" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RICHED20.dll" L="F" TR="N=4004" LINK="577" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\uxtheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\netapi32.dll" L="F" TR="N=4004" LINK="516" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\urlmon.dll" L="F" TR="N=4004" LINK="652" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Process" VALUE="setup.exe (3824)" TR="N=4003" EXTRA="UTENTE-E4C976D8\Utente" LINK="6" EVAL="5" F="260">
<NODE NAME="Module" VALUE="C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\setup.exe" L="F" TR="N=4004" LINK="6" EVAL="2" F="260" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ntdll.dll" L="F" TR="N=4004" LINK="529" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\kernel32.dll" L="F" TR="N=4004" LINK="441" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINMM.dll" L="F" TR="N=4004" LINK="692" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USER32.dll" L="F" TR="N=4004" LINK="654" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\GDI32.dll" L="F" TR="N=4004" LINK="412" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ADVAPI32.dll" L="F" TR="N=4004" LINK="181" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\RPCRT4.dll" L="F" TR="N=4004" LINK="581" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Secur32.dll" L="F" TR="N=4004" LINK="598" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\comdlg32.dll" L="F" TR="N=4004" LINK="209" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHLWAPI.dll" L="F" TR="N=4004" LINK="613" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msvcrt.dll" L="F" TR="N=4004" LINK="505" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll" L="F" TR="N=4004" LINK="730" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SHELL32.dll" L="F" TR="N=4004" LINK="609" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WINSPOOL.DRV" L="F" TR="N=4004" LINK="695" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\OLEAUT32.dll" L="F" TR="N=4004" LINK="543" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ole32.dll" L="F" TR="N=4004" LINK="541" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\VERSION.dll" L="F" TR="N=4004" LINK="660" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\ShimEng.dll" L="F" TR="N=4004" LINK="611" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\AppPatch\AcGenral.DLL" L="F" TR="N=4004" LINK="162" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSACM32.dll" L="F" TR="N=4004" LINK="469" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\USERENV.dll" L="F" TR="N=4004" LINK="655" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\UxTheme.dll" L="F" TR="N=4004" LINK="658" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\IMM32.DLL" L="F" TR="N=4004" LINK="431" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\hhctrl.ocx" L="F" TR="N=4004" LINK="415" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\mui\0010\hhctrlui.dll" L="F" TR="N=4004" LINK="511" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSCTF.dll" L="F" TR="N=4004" LINK="476" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\msctfime.ime" L="F" TR="N=4004" LINK="477" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\appHelp.dll" L="F" TR="N=4004" LINK="184" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CLBCATQ.DLL" L="F" TR="N=4004" LINK="202" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\COMRes.dll" L="F" TR="N=4004" LINK="210" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" L="F" TR="N=4004" LINK="152" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL" L="F" TR="N=4004" LINK="155" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\WININET.dll" L="F" TR="N=4004" LINK="689" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\Normaliz.dll" L="F" TR="N=4004" LINK="526" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\iertutil.dll" L="F" TR="N=4004" LINK="426" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\CRYPT32.dll" L="F" TR="N=4004" LINK="213" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSASN1.dll" L="F" TR="N=4004" LINK="472" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll" L="F" TR="N=4004" LINK="729" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL" L="F" TR="N=4004" LINK="154" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL" L="F" TR="N=4004" LINK="728" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\rsaenh.dll" L="F" TR="N=4004" LINK="583" EVAL="1" F="1" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\MSImg32.dll" L="F" TR="N=4004" LINK="489" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\cscui.dll" L="F" TR="N=4004" LINK="220" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\System32\CSCDLL.dll" L="F" TR="N=4004" LINK="219" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\SETUPAPI.dll" L="F" TR="N=4004" LINK="604" EVAL="1" F="2" />
<NODE NAME="Module" VALUE="C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\dwebllio.dll" L="F" TR="N=4004" LINK="5" EVAL="5" />
<NODE NAME="Module" VALUE="C:\Programmi\IncrediMail\bin\B4ImApp.dll" L="F" TR="N=4004" LINK="45" EVAL="2" F="4" />
<NODE NAME="Module" VALUE="C:\WINDOWS\system32\psapi.dll" L="F" TR="N=4004" LINK="558" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SECTION" VALUE="Network Connections" TREE_ICON="2" TR="V=4400" EVAL="6">
- <NODE NAME="SUBSECTION" VALUE="TCP Connections" NAME_CAPTION="Program" VALUE_CAPTION="Connection (local-remote)" EXTRA_CAPTION="Translation" TR="V=4401;n=4403;v=4404;e=4405" EVAL="5">
<NODE NAME="svchost.exe (768)" VALUE="0.0.0.0:135|0.0.0.0:22733|LISTEN" EXTRA="utente-e4c976d8:135|utente-e4c976d8:22733|LISTEN" LINK="633" EVAL="1" F="1026" />
<NODE NAME="System (4)" VALUE="0.0.0.0:445|0.0.0.0:2188|LISTEN" EXTRA="utente-e4c976d8:445|utente-e4c976d8:2188|LISTEN" EVAL="1" F="1024" />
<NODE NAME="iexplore.exe (2420)" VALUE="79.11.69.109:2309|89.202.157.198:80|CLOSE_WAIT" EXTRA="utente-e4c976d8:2309|dl3.eset.com:80|CLOSE_WAIT" EVAL="5" F="1024" />
<NODE NAME="alg.exe (1808)" VALUE="127.0.0.1:1028|0.0.0.0:41|LISTEN" EXTRA="localhost:1028|utente-e4c976d8:41|LISTEN" LINK="182" EVAL="1" F="1026" />
<NODE NAME="avgemc.exe (1564)" VALUE="127.0.0.1:10110|0.0.0.0:2080|LISTEN" EXTRA="localhost:10110|utente-e4c976d8:2080|LISTEN" EVAL="5" F="1024" />
<NODE NAME="System (0)" VALUE="127.0.0.1:10110|127.0.0.1:2311|TIME_WAIT" EXTRA="localhost:10110|localhost:2311|TIME_WAIT" EVAL="1" F="1024" />
</NODE>
- <NODE NAME="SUBSECTION" VALUE="UDP Connections" NAME_CAPTION="Program" VALUE_CAPTION="Connection (local-remote)" EXTRA_CAPTION="Translation" TR="V=4402;n=4403;v=4404;e=4405" EVAL="5">
<NODE NAME="System (4)" VALUE="0.0.0.0:445" EXTRA="utente-e4c976d8:445" EVAL="1" F="1024" />
<NODE NAME="lsass.exe (556)" VALUE="0.0.0.0:500" EXTRA="utente-e4c976d8:500" LINK="450" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1045" EXTRA="utente-e4c976d8:1045" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1061" EXTRA="utente-e4c976d8:1061" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1286" EXTRA="utente-e4c976d8:1286" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1696" EXTRA="utente-e4c976d8:1696" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1758" EXTRA="utente-e4c976d8:1758" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1761" EXTRA="utente-e4c976d8:1761" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (856)" VALUE="0.0.0.0:1777" EXTRA="utente-e4c976d8:1777" LINK="633" EVAL="1" F="1026" />
<NODE NAME="lsass.exe (556)" VALUE="0.0.0.0:4500" EXTRA="utente-e4c976d8:4500" LINK="450" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (804)" VALUE="79.11.69.109:123" EXTRA="utente-e4c976d8:123" LINK="633" EVAL="1" F="1026" />
<NODE NAME="svchost.exe (804)" VALUE="127.0.0.1:123" EXTRA="localhost:123" LINK="633" EVAL="1" F="1026" />
<NODE NAME="IEXPLORE.EXE (2624)" VALUE="127.0.0.1:1033" EXTRA="localhost:1033" EVAL="2" F="1024" />
<NODE NAME="ImApp.exe (560)" VALUE="127.0.0.1:1044" EXTRA="localhost:1044" EVAL="5" F="1024" />
<NODE NAME="iexplore.exe (2420)" VALUE="127.0.0.1:1548" EXTRA="localhost:1548" EVAL="5" F="1024" />
<NODE NAME="svchost.exe (908)" VALUE="127.0.0.1:1900" EXTRA="localhost:1900" LINK="633" EVAL="1" F="1026" />
</NODE>
- <NODE NAME="SUBSECTION" VALUE="DNS Servers" NAME_CAPTION="IGNORE" VALUE_CAPTION="IP Address" TR="V=4406;v=4405" EVAL="6" F="4096">
<NODE NAME="" VALUE="85.255.113.195" EXTRA="" EVAL="6" />
<NODE NAME="" VALUE="85.255.112.64" EXTRA="" EVAL="6" />
</NODE>
</NODE>
- <NODE NAME="SECTION" VALUE="Important Registry Entries" NAME_CAPTION="Key" VALUE_CAPTION="Value" TR="V=4600;n=4601;v=4602" TREE_ICON="3" EVAL="6" F="1">
- <NODE NAME="SUBSECTION" VALUE="Standard Autostart" TR="V=4603" EVAL="6" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" EVAL="6" F="1">
<NODE NAME="AVG7_CC" VALUE="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" LINK="124" EVAL="5" />
<NODE NAME="AVP" VALUE=""C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe"" LINK="1" EVAL="5" />
<NODE NAME="AdslTaskBar" VALUE="rundll32.exe stmctrl.dll,TaskBar" LINK="631" EVAL="5" F="512" />
<NODE NAME="Cmaudio" VALUE="RunDll32 cmicnfg.cpl,CMICtrlWnd" EVAL="1" F="1" />
<NODE NAME="GrooveMonitor" VALUE=""C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"" LINK="73" EVAL="1" F="1" />
<NODE NAME="HPDJ Taskbar Utility" VALUE="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" LINK="620" EVAL="6" F="768" />
<NODE NAME="NeroFilterCheck" VALUE="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" LINK="17" EVAL="5" F="256" />
<NODE NAME="QuickTime Task" VALUE=""C:\Programmi\QuickTime\qttask.exe" -atboottime" LINK="107" EVAL="5" />
<NODE NAME="RemoteControl" VALUE="C:\WINDOWS\system32\rmctrl.exe" LINK="580" EVAL="6" F="768" />
<NODE NAME="SoundMan" VALUE="SOUNDMAN.EXE" LINK="176" EVAL="5" F="512" />
<NODE NAME="SunJavaUpdateSched" VALUE=""C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"" LINK="66" EVAL="2" F="4" />
<NODE NAME="WireLessKeyboard" VALUE="C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe" LINK="101" EVAL="5" F="256" />
<NODE NAME="iTunesHelper" VALUE=""C:\Programmi\iTunes\iTunesHelper.exe"" LINK="60" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" EVAL="2" F="1">
<NODE NAME="CTFMON.EXE" VALUE="C:\WINDOWS\system32\ctfmon.exe" LINK="223" EVAL="1" F="2" />
<NODE NAME="IncrediMail" VALUE="C:\Programmi\IncrediMail\bin\IncMail.exe /c" LINK="53" EVAL="2" F="4" />
<NODE NAME="updateMgr" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1" LINK="11" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" R="1" EVAL="1" F="1">
<NODE NAME="Shell" VALUE="Explorer.exe" LINK="163" EVAL="1" F="2" />
<NODE NAME="UIHost" VALUE="logonui.exe" LINK="448" EVAL="1" F="2" />
<NODE NAME="Userinit" VALUE="C:\WINDOWS\system32\userinit.exe," LINK="656" EVAL="1" F="2" />
<NODE NAME="VmApplet" VALUE="rundll32 shell32,Control_RunDLL "sysdm.cpl"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" R="1" EVAL="1" F="1">
<NODE NAME="AppInit_DLLs" VALUE="" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs" EVAL="1" F="1">
<NODE NAME="DllDirectory" VALUE="%SystemRoot%\system32" EVAL="1" F="1" />
<NODE NAME="advapi32" VALUE="advapi32.dll" LINK="181" EVAL="1" F="2" />
<NODE NAME="comdlg32" VALUE="comdlg32.dll" LINK="209" EVAL="1" F="2" />
<NODE NAME="gdi32" VALUE="gdi32.dll" LINK="412" EVAL="1" F="2" />
<NODE NAME="imagehlp" VALUE="imagehlp.dll" LINK="428" EVAL="1" F="2" />
<NODE NAME="kernel32" VALUE="kernel32.dll" LINK="441" EVAL="1" F="2" />
<NODE NAME="lz32" VALUE="lz32.dll" LINK="451" EVAL="1" F="2" />
<NODE NAME="ole32" VALUE="ole32.dll" LINK="541" EVAL="1" F="2" />
<NODE NAME="oleaut32" VALUE="oleaut32.dll" LINK="543" EVAL="1" F="2" />
<NODE NAME="olecli32" VALUE="olecli32.dll" LINK="544" EVAL="1" F="2" />
<NODE NAME="olecnv32" VALUE="olecnv32.dll" LINK="545" EVAL="1" F="2" />
<NODE NAME="olesvr32" VALUE="olesvr32.dll" LINK="547" EVAL="1" F="2" />
<NODE NAME="olethk32" VALUE="olethk32.dll" LINK="548" EVAL="1" F="2" />
<NODE NAME="rpcrt4" VALUE="rpcrt4.dll" LINK="581" EVAL="1" F="2" />
<NODE NAME="shell32" VALUE="shell32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="url" VALUE="url.dll" LINK="651" EVAL="1" F="2" />
<NODE NAME="urlmon" VALUE="urlmon.dll" LINK="652" EVAL="1" F="2" />
<NODE NAME="user32" VALUE="user32.dll" LINK="654" EVAL="1" F="2" />
<NODE NAME="version" VALUE="version.dll" LINK="660" EVAL="1" F="2" />
<NODE NAME="wininet" VALUE="wininet.dll" LINK="689" EVAL="1" F="2" />
<NODE NAME="wldap32" VALUE="wldap32.dll" LINK="700" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" R="1" EVAL="1" F="1">
<NODE NAME="ShellFolder per la masterizzazione CD" VALUE="%SystemRoot%\system32\SHELL32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="Oggetto PostBootReminder" VALUE="%SystemRoot%\system32\SHELL32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="SysTray" VALUE="C:\WINDOWS\system32\stobject.dll" LINK="632" EVAL="1" F="2" />
<NODE NAME="WPDShServiceObj Class" VALUE="C:\WINDOWS\system32\WPDShServiceObj.dll" LINK="707" EVAL="1" F="1" />
<NODE NAME="WebCheck" VALUE="C:\WINDOWS\system32\webcheck.dll" LINK="680" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" R="1" EVAL="1" F="1">
<NODE NAME="Precaricatore Browseui" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Daemon di cache delle categorie di componenti" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Winlogon Notify" TR="V=4604" EVAL="1" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="crypt32.dll" LINK="213" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="cryptnet.dll" LINK="216" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="cscdll.dll" LINK="219" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="sclgntfy.dll" LINK="596" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="WlNotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon" EVAL="1" F="1">
<NODE NAME="DllName" VALUE="WgaLogon.dll" LINK="682" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon" EVAL="1" F="1">
<NODE NAME="DLLName" VALUE="wlnotify.dll" LINK="701" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Browser Helper Objects" TR="V=4605" EVAL="2" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" EVAL="2" F="1">
<NODE NAME="Adobe PDF Reader Link Helper" VALUE="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" LINK="8" EVAL="1" F="1" />
<NODE NAME="Groove GFS Browser Helper" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="SSVHelper Class" VALUE="C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll" LINK="67" EVAL="2" F="4" />
<NODE NAME="Guida per l'accesso a Windows Live" VALUE="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" LINK="29" EVAL="1" F="1" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Internet Explorer" TR="V=4606" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKLM\Software\Microsoft\Internet Explorer\Main" R="1" EVAL="1" F="1">
<NODE NAME="Default_Page_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=69157" EVAL="1" F="1" />
<NODE NAME="Default_Search_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Local Page" VALUE="%SystemRoot%\system32\blank.htm" EVAL="1" F="1" />
<NODE NAME="Search Page" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Start Page" VALUE="http://go.microsoft.com/fwlink/?LinkId=69157" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKCU\Software\Microsoft\Internet Explorer\Main" R="1" EVAL="5" F="1">
<NODE NAME="Default_Page_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=69157" EVAL="1" F="1" />
<NODE NAME="Default_Search_URL" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Local Page" VALUE="C:\WINDOWS\system32\blank.htm" EVAL="1" F="1" />
<NODE NAME="Search Page" VALUE="http://go.microsoft.com/fwlink/?LinkId=54896" EVAL="1" F="1" />
<NODE NAME="Start Page" VALUE="http://www.virgilio.it/" />
</NODE>
<NODE NAME="Key" VALUE="HKLM\Software\Microsoft\Internet Explorer\Extensions" R="1" EVAL="1" F="1" />
- <NODE NAME="Key" VALUE="HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" EVAL="1" F="1">
<NODE NAME="Microsoft Url Search Hook" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Shell Open Commands" PARENTS_ONLY="1" EXTRA_CAPTION="Extension" TR="V=4607;e=4615" L="F" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDAExtension.12\shell\open\command" R="1" EXTRA="accda" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP "%1"" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDCFile.12\shell\open\command" R="1" EXTRA="accdc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDEFile.12\shell\open\command" R="1" EXTRA="accde" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDRFile.12\shell\open\command" R="1" EXTRA="accdr" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /RUNTIME "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ACCDTFile.12\shell\open\command" R="1" EXTRA="accdt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.ADEFile.12\shell\open\command" R="1" EXTRA="ade" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Application.12\shell\open\command" R="1" EXTRA="accdb" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.BlankDatabaseTemplate.12\shell\open\command" R="1" EXTRA="mdn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.BlankProjectTemplate.12\shell\open\command" R="1" EXTRA="adn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Extension.12\shell\open\command" R="1" EXTRA="mda" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP "%1"" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.MDBFile\shell\open\command" R="1" EXTRA="mdb" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.MDEFile.12\shell\open\command" R="1" EXTRA="mde" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Project.12\shell\open\command" R="1" EXTRA="adp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1" %2 %3 %4 %5 %6 %7 %8 %9" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.DataAccessPage.1\shell\open\command" R="1" EXTRA="maw" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Diagram.1\shell\open\command" R="1" EXTRA="mag" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Form.1\shell\open\command" R="1" EXTRA="maf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Function.1\shell\open\command" R="1" EXTRA="mau" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Macro.1\shell\open\command" R="1" EXTRA="mam" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Module.1\shell\open\command" R="1" EXTRA="mad" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Query.1\shell\open\command" R="1" EXTRA="maq" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1"]" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Report.1\shell\open\command" R="1" EXTRA="mar" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1", 2]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.StoredProcedure.1\shell\open\command" R="1" EXTRA="mas" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.Table.1\shell\open\command" R="1" EXTRA="mat" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%1"]" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Shortcut.View.1\shell\open\command" R="1" EXTRA="mav" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.WizardDataFile.12\shell\open\command" R="1" EXTRA="mdt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.WizardUserDataFile.12\shell\open\command" R="1" EXTRA="accdu" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="156" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Access.Workgroup.12\shell\open\command" R="1" EXTRA="mdw" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE" /NOSTARTUP "%1"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\accesshtmlfile\shell\open\command" R="1" EXTRA="mdbhtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\accessthmltemplate\shell\open\command" R="1" EXTRA="wizhtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSACCESS.EXE"" LINK="77" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.Document\shell\open\command" R="1" EXTRA="pdf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.FDFDoc\shell\open\command" R="1" EXTRA="fdf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.XDPDoc\shell\open\command" R="1" EXTRA="xdp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AcroExch.XFDFDoc\shell\open\command" R="1" EXTRA="xfdf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\acwfile\shell\open\command" R="1" EXTRA="acw" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\accwiz.exe %1" LINK="177" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AIFFFile\shell\open\command" R="1" EXTRA="aifc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Application.Manifest\shell\open\command" R="1" EXTRA="application" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe dfshim.dll,ShOpenVerbApplication %1" LINK="234" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Application.Reference\shell\open\command" R="1" EXTRA="appref-ms" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1" LINK="234" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\AUFile\shell\open\command" R="1" EXTRA="au, snd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\batfile\shell\open\command" R="1" EXTRA="bat" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Briefcase\shell\open\command" R="1" EXTRA="bfc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="explorer.exe %1" LINK="163" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CATFile\shell\open\command" R="1" EXTRA="cat" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCAT %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CERFile\shell\open\command" R="1" EXTRA="cer, crt, der" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCER %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CertificateStoreFile\shell\open\command" R="1" EXTRA="sst" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenSTR %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\certificate_wab_auto_file\shell\open\command" R="1" EXTRA="p7c" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\wab.exe" /certificate %1" LINK="103" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\chm.file\shell\open\command" R="1" EXTRA="chm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\WINDOWS\hh.exe" %1" LINK="164" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\clpfile\shell\open\command" R="1" EXTRA="clp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="clipbrd.exe %1" LINK="203" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\cmdfile\shell\open\command" R="1" EXTRA="cmd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\comfile\shell\open\command" R="1" EXTRA="com" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ConferenceLink\shell\open\command" R="1" EXTRA="cnf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe msconf.dll,OpenConfLink %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\CRLFile\shell\open\command" R="1" EXTRA="crl" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCRL %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\DocShortcut\shell\open\command" R="1" EXTRA="shb" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1" LINK="615" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\dqyfile\shell\open\command" R="1" EXTRA="dqy" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE" LINK="149" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\dunfile\shell\open\command" R="1" EXTRA="dun" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1" LINK="523" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\EBXTransfer\shell\open\command" R="1" EXTRA="etd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\EDNActivation\shell\open\command" R="1" EXTRA="edn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" "%1"" LINK="10" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\emffile\shell\open\command" R="1" EXTRA="emf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1" LINK="612" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\eMule\shell\open\command" R="1" EXTRA="emulecollection" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\eMule\eMule.exe" "%1"" LINK="16" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Addin\shell\open\command" R="1" EXTRA="xla" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.AddInMacroEnabled\shell\open\command" R="1" EXTRA="xlam" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Backup\shell\open\command" R="1" EXTRA="xlk" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.CSV\shell\open\command" R="1" EXTRA="csv" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Macrosheet\shell\open\command" R="1" EXTRA="xlm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Sheet.12\shell\open\command" R="1" EXTRA="xlsx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Sheet.8\shell\open\command" R="1" EXTRA="xls" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.SheetBinaryMacroEnabled.12\shell\open\command" R="1" EXTRA="xlsb" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.SheetMacroEnabled.12\shell\open\command" R="1" EXTRA="xlsm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.SLK\shell\open\command" R="1" EXTRA="slk" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Template\shell\open\command" R="1" EXTRA="xltx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Template.8\shell\open\command" R="1" EXTRA="xlt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.TemplateMacroEnabled\shell\open\command" R="1" EXTRA="xltm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.Workspace\shell\open\command" R="1" EXTRA="xlw" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excel.XLL\shell\open\command" R="1" EXTRA="xll" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE" /e" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excelhtmlfile\shell\open\command" R="1" EXTRA="xlshtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE"" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Excelhtmltemplate\shell\open\command" R="1" EXTRA="xlthtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\EXCEL.EXE"" LINK="71" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\exefile\shell\open\command" R="1" EXTRA="exe" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\fndfile\shell\open\command" R="1" EXTRA="fnd" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\Explorer.exe" LINK="163" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\fonfile\shell\open\command" R="1" EXTRA="fon" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.3gp\shell\open\command" R="1" EXTRA="3gp" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.asx\shell\open\command" R="1" EXTRA="asx" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.dmb\shell\open\command" R="1" EXTRA="dmb" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.dmskm\shell\open\command" R="1" EXTRA="dmskm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.flv\shell\open\command" R="1" EXTRA="flv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.gom\shell\open\command" R="1" EXTRA="gom" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.k3g\shell\open\command" R="1" EXTRA="k3g" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.lmp4\shell\open\command" R="1" EXTRA="lmp4" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.m4v\shell\open\command" R="1" EXTRA="m4v" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.mkv\shell\open\command" R="1" EXTRA="mkv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.mqv\shell\open\command" R="1" EXTRA="mqv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.rm\shell\open\command" R="1" EXTRA="rm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.rmvb\shell\open\command" R="1" EXTRA="rmvb" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Gomplayer.Skinfile\shell\open\command" R="1" EXTRA="gps" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.skm\shell\open\command" R="1" EXTRA="skm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.swf\shell\open\command" R="1" EXTRA="swf" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.tp\shell\open\command" R="1" EXTRA="tp" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wm\shell\open\command" R="1" EXTRA="wm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wmp\shell\open\command" R="1" EXTRA="wmp" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wmx\shell\open\command" R="1" EXTRA="wmx" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GomPlayer.wvx\shell\open\command" R="1" EXTRA="wvx" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\GRETECH\GomPlayer\GOM.exe" /open "%1"" LINK="32" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveFile\shell\open\command" R="1" EXTRA="grv" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveLinkFile\shell\open\command" R="1" EXTRA="glk" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveSpaceArchive\shell\open\command" R="1" EXTRA="gsa" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveToolArchive\shell\open\command" R="1" EXTRA="gta" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\GrooveVCard\shell\open\command" R="1" EXTRA="vcg" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE /grv: "%1"" LINK="153" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\h323file\shell\open\command" R="1" EXTRA="323" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""rundll32.exe" msconf.dll,NewMediaPhone %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\hlpfile\shell\open\command" R="1" EXTRA="hlp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\winhlp32.exe %1" LINK="687" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\htafile\shell\open\command" R="1" EXTRA="hta" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\WINDOWS\system32\mshta.exe "%1" %*" LINK="482" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\htfile\shell\open\command" R="1" EXTRA="ht" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows NT\HYPERTRM.EXE" %1" LINK="116" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\htmlfile\shell\open\command" R="1" EXTRA="htm, html" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iiifile\shell\open\command" R="1" EXTRA="iii" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""rundll32.exe" msconf.dll,NewMediaPhone %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\IncrediContent\shell\open\command" R="1" EXTRA="ima, imc, ime, imf, imi, imn, ims, imw" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\INCRED~1\bin\ImpCnt.exe /tmp /locate /depend "%1"" LINK="146" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\IncrediMessage\shell\open\command" R="1" EXTRA="eml" EVAL="2">
<NODE NAME="Default" VALUE="C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c "%1"" LINK="148" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\IncredLWizard\shell\open\command" R="1" EXTRA="flw, ltw" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\INCRED~1\bin\ImLc.exe "%1"" LINK="143" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\inffile\shell\open\command" R="1" EXTRA="inf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InfoPath.Document.2\shell\open\command" R="1" EXTRA="infopathxml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\INFOPATH.EXE" "%1"" LINK="76" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InfoPath.Solution.2\shell\open\command" R="1" EXTRA="xsn" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\INFOPATH.EXE" "%1"" LINK="76" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InfoPath.SolutionManifest.2\shell\open\command" R="1" EXTRA="xsf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\INFOPATH.EXE" "%1"" LINK="76" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\inifile\shell\open\command" R="1" EXTRA="ini" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\InternetShortcut\shell\open\command" R="1" EXTRA="url" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe ieframe.dll,OpenURL %l" LINK="425" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iqyfile\shell\open\command" R="1" EXTRA="iqy" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE /e" LINK="149" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ITS FILE\shell\open\command" R="1" EXTRA="its" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.ipg\shell\open\command" R="1" EXTRA="ipg" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.ipsw\shell\open\command" R="1" EXTRA="ipsw" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.itl\shell\open\command" R="1" EXTRA="itl" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.itms\shell\open\command" R="1" EXTRA="itms" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.itpc\shell\open\command" R="1" EXTRA="itpc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\iTunes.pcast\shell\open\command" R="1" EXTRA="pcast" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\iTunes\iTunes.exe" /open "%L"" LINK="59" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\jarfile\shell\open\command" R="1" EXTRA="jar" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Java\jre1.6.0_05\bin\javaw.exe" -jar "%1" %*" LINK="64" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\JNLPFile\shell\open\command" R="1" EXTRA="jnlp" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Java\jre1.6.0_05\bin\javaws.exe" "%1"" LINK="65" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\JSEFile\shell\open\command" R="1" EXTRA="JSE" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\JSFile\shell\open\command" R="1" EXTRA="js" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command" R="1" EXTRA="mfp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome "%1"" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MediaPackageFile\shell\open\command" R="1" EXTRA="mpf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSTORE.EXE" "%1"" LINK="80" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\mhtmlfile\shell\open\command" R="1" EXTRA="mht, mhtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Microsoft Internet News Message\shell\open\command" R="1" EXTRA="nws" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\msimn.exe" /nws:%1" LINK="102" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\mpegfile\shell\open\command" R="1" EXTRA="mp2v, mpv2" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MPlayer\shell\open\command" R="1" EXTRA="mmm" EVAL="1" F="1">
<NODE NAME="Default" VALUE="mplay32.exe /play /close "%L"" LINK="465" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MS-ITSS FILE\shell\open\command" R="1" EXTRA="itss" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome ms-itss:%1::/" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\msbackupfile\shell\open\command" R="1" EXTRA="bkf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\ntbackup.exe" LINK="528" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSCFile\shell\open\command" R="1" EXTRA="msc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\mmc.exe "%1" %*" LINK="461" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSDASC\shell\open\command" R="1" EXTRA="UDL" EVAL="1" F="1">
<NODE NAME="Default" VALUE="Rundll32.exe C:\PROGRA~1\FILECO~1\System\OLEDB~1\oledb32.dll,OpenDSLFile %1" LINK="121" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.Encrypted\shell\open\command" R="1" EXTRA="ple" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\Log Viewer.exe" /ViewLog="%1"" LINK="68" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.PrefPack\shell\open\command" R="1" EXTRA="pld" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportPrefs="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.ScriptPack\shell\open\command" R="1" EXTRA="plsc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportScript="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.SkinPack\shell\open\command" R="1" EXTRA="plsk" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportSkin="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsgPlus.SoundPack\shell\open\command" R="1" EXTRA="plp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Messenger Plus! Live\MPTools.exe" /ImportSoundPack="%1"" LINK="69" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Msi.Package\shell\open\command" R="1" EXTRA="msi" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%SystemRoot%\System32\msiexec.exe" /i "%1" %*" LINK="488" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Msi.Patch\shell\open\command" R="1" EXTRA="msp" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%SystemRoot%\System32\msiexec.exe" /p "%1" %*" LINK="488" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSInfo.Document\shell\open\command" R="1" EXTRA="nfo" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe /msinfo_file %1" LINK="22" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSPaper.Document\shell\open\command" R="1" EXTRA="mdi" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\File comuni\Microsoft Shared\MODI\12.0\MSPVIEW.EXE" "%1"" LINK="21" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MSProgramGroup\shell\open\command" R="1" EXTRA="grp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\WINDOWS\system32\grpconv.exe %1" LINK="413" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\MsRcIncident\shell\open\command" R="1" EXTRA="MsRcIncident" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\msstylesfile\shell\open\command" R="1" EXTRA="msstyles" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nba\shell\open\command" R="1" EXTRA="nba" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nbi\shell\open\command" R="1" EXTRA="nbi" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nbt\shell\open\command" R="1" EXTRA="nbt" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nco\shell\open\command" R="1" EXTRA="nco" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nc_\shell\open\command" R="1" EXTRA="nc_" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nda\shell\open\command" R="1" EXTRA="nda" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nef\shell\open\command" R="1" EXTRA="nef" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.nji\shell\open\command" R="1" EXTRA="nji" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroBackItUp.Files7.njt\shell\open\command" R="1" EXTRA="njt" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp.exe" "%1"" LINK="86" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.cdc\shell\open\command" R="1" EXTRA="cdc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.ncd\shell\open\command" R="1" EXTRA="ncd" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.nct\shell\open\command" R="1" EXTRA="nct" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroCoverDesigner.Files7.ncw\shell\open\command" R="1" EXTRA="ncw" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe" "%1"" LINK="92" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.cue\shell\open\command" R="1" EXTRA="cue" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.iso\shell\open\command" R="1" EXTRA="iso" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nab\shell\open\command" R="1" EXTRA="nab" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nhf\shell\open\command" R="1" EXTRA="nhf" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nhv\shell\open\command" R="1" EXTRA="nhv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nmd\shell\open\command" R="1" EXTRA="nmd" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nr3\shell\open\command" R="1" EXTRA="nr3" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nr4\shell\open\command" R="1" EXTRA="nr4" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nra\shell\open\command" R="1" EXTRA="nra" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrb\shell\open\command" R="1" EXTRA="nrb" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrc\shell\open\command" R="1" EXTRA="nrc" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrd\shell\open\command" R="1" EXTRA="nrd" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nre\shell\open\command" R="1" EXTRA="nre" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrg\shell\open\command" R="1" EXTRA="nrg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrh\shell\open\command" R="1" EXTRA="nrh" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nri\shell\open\command" R="1" EXTRA="nri" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrj\shell\open\command" R="1" EXTRA="nrj" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrm\shell\open\command" R="1" EXTRA="nrm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrs\shell\open\command" R="1" EXTRA="nrs" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nru\shell\open\command" R="1" EXTRA="nru" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrv\shell\open\command" R="1" EXTRA="nrv" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nrw\shell\open\command" R="1" EXTRA="nrw" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroExpress.Files7.nsd\shell\open\command" R="1" EXTRA="nsd" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Core\nero.exe" "%1"" LINK="85" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.bmp\shell\open\command" R="1" EXTRA="bmp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.cut\shell\open\command" R="1" EXTRA="cut" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.dds\shell\open\command" R="1" EXTRA="dds" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.dib\shell\open\command" R="1" EXTRA="dib" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.gif\shell\open\command" R="1" EXTRA="gif" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.ico\shell\open\command" R="1" EXTRA="ico" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.iff\shell\open\command" R="1" EXTRA="iff" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jfif\shell\open\command" R="1" EXTRA="jfif" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jif\shell\open\command" R="1" EXTRA="jif" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jng\shell\open\command" R="1" EXTRA="jng" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jpe\shell\open\command" R="1" EXTRA="jpe" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jpeg\shell\open\command" R="1" EXTRA="jpeg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.jpg\shell\open\command" R="1" EXTRA="jpg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.koa\shell\open\command" R="1" EXTRA="koa" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.lbm\shell\open\command" R="1" EXTRA="lbm" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.ljp\shell\open\command" R="1" EXTRA="ljp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.mng\shell\open\command" R="1" EXTRA="mng" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.pbm\shell\open\command" R="1" EXTRA="pbm" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.pcd\shell\open\command" R="1" EXTRA="pcd" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.pcx\shell\open\command" R="1" EXTRA="pcx" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.png\shell\open\command" R="1" EXTRA="png" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.ppm\shell\open\command" R="1" EXTRA="ppm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.psd\shell\open\command" R="1" EXTRA="psd" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.tga\shell\open\command" R="1" EXTRA="tga" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.tif\shell\open\command" R="1" EXTRA="tif" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.tiff\shell\open\command" R="1" EXTRA="tiff" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wbm\shell\open\command" R="1" EXTRA="wbm" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wbmp\shell\open\command" R="1" EXTRA="wbmp" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wmf\shell\open\command" R="1" EXTRA="wmf" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.wpg\shell\open\command" R="1" EXTRA="wpg" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroPhotoSnapViewer.Files7.xbm\shell\open\command" R="1" EXTRA="xbm" EVAL="2">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe" "%1"" LINK="95" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\NeroVision.Document\shell\open\command" R="1" EXTRA="nvc" EVAL="2" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Nero\Nero 7\Nero Vision\NeroVision.exe" "%1"" LINK="96" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OfficeListShortcut\shell\open\command" R="1" EXTRA="ols" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSPUB.EXE" %1" LINK="79" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OfficeTheme.12\shell\open\command" R="1" EXTRA="thmx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote\shell\open\command" R="1" EXTRA="EMPTYBINARYREGISTRY" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE /hyperlink "%1"" LINK="157" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.Package\shell\open\command" R="1" EXTRA="onepkg" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.Section.1\shell\open\command" R="1" EXTRA="one" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.TableOfContents\shell\open\command" R="1" EXTRA="onetoc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" /navigate "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\OneNote.TableOfContents.12\shell\open\command" R="1" EXTRA="onetoc2" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" /navigate "%1"" LINK="81" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\otffile\shell\open\command" R="1" EXTRA="otf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\P7SFile\shell\open\command" R="1" EXTRA="p7s" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\pbkfile\shell\open\command" R="1" EXTRA="pbk" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\rasphone.exe -f "%1"" LINK="569" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PerfFile\shell\open\command" R="1" EXTRA="blg, pma, pmc, pml, pmr, pmw" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\perfmon.exe %1" LINK="549" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\pfmfile\shell\open\command" R="1" EXTRA="pfm" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\piffile\shell\open\command" R="1" EXTRA="pif" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" %*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Addin.12\shell\open\command" R="1" EXTRA="ppam" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Addin.8\shell\open\command" R="1" EXTRA="ppa" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Show.12\shell\open\command" R="1" EXTRA="pptx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Show.8\shell\open\command" R="1" EXTRA="ppt" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.ShowMacroEnabled.12\shell\open\command" R="1" EXTRA="pptm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Slide.12\shell\open\command" R="1" EXTRA="sldx" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE "%1"" LINK="159" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideMacroEnabled.12\shell\open\command" R="1" EXTRA="sldm" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE "%1"" LINK="159" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideShow.12\shell\open\command" R="1" EXTRA="ppsx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" /s "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideShow.8\shell\open\command" R="1" EXTRA="pps" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" /s "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.SlideShowMacroEnabled.12\shell\open\command" R="1" EXTRA="ppsm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" /s "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Template.12\shell\open\command" R="1" EXTRA="potx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Template.8\shell\open\command" R="1" EXTRA="pot" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.TemplateMacroEnabled.12\shell\open\command" R="1" EXTRA="potm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\PowerPoint.Wizard.8\shell\open\command" R="1" EXTRA="pwz" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE" "%1"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\powerpointhtmlfile\shell\open\command" R="1" EXTRA="ppthtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\powerpointhtmltemplate\shell\open\command" R="1" EXTRA="pothtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\powerpointxmlfile\shell\open\command" R="1" EXTRA="pptxml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\POWERPNT.EXE"" LINK="82" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\prffile\shell\open\command" R="1" EXTRA="prf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe msrating.dll,ClickedOnPRF %1" LINK="496" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\pszfile\shell\open\command" R="1" EXTRA="psz" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\CyberLink\PowerDVD\PowerDVD.exe %1" LINK="15" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Publisher.Document.12\shell\open\command" R="1" EXTRA="pub" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\MSPUB.EXE" %1" LINK="79" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.3g2\shell\open\command" R="1" EXTRA="3g2" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.3gp2\shell\open\command" R="1" EXTRA="3gp2" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.3gpp\shell\open\command" R="1" EXTRA="3gpp" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.adts\shell\open\command" R="1" EXTRA="adts" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.amc\shell\open\command" R="1" EXTRA="amc" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.caf\shell\open\command" R="1" EXTRA="caf" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.cdda\shell\open\command" R="1" EXTRA="cdda" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.dif\shell\open\command" R="1" EXTRA="dif" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.gsm\shell\open\command" R="1" EXTRA="gsm" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.mac\shell\open\command" R="1" EXTRA="mac" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pct\shell\open\command" R="1" EXTRA="pct" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pic\shell\open\command" R="1" EXTRA="pic" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pict\shell\open\command" R="1" EXTRA="pict" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pnt\shell\open\command" R="1" EXTRA="pnt" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.pntg\shell\open\command" R="1" EXTRA="pntg" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qht\shell\open\command" R="1" EXTRA="qht" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qhtm\shell\open\command" R="1" EXTRA="qhtm" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qt\shell\open\command" R="1" EXTRA="qt" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qti\shell\open\command" R="1" EXTRA="qti" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qtif\shell\open\command" R="1" EXTRA="qtif" EVAL="5" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\PictureViewer.exe "%1"" LINK="106" EVAL="5" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.qtl\shell\open\command" R="1" EXTRA="qtl" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.sd2\shell\open\command" R="1" EXTRA="sd2" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\QuickTime.sdp\shell\open\command" R="1" EXTRA="sdp" EVAL="2" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\QuickTime\QuickTimePlayer.exe "%1"" LINK="108" EVAL="2" F="4" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ratfile\shell\open\command" R="1" EXTRA="rat" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe msrating.dll,ClickedOnRAT %1" LINK="496" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\regfile\shell\open\command" R="1" EXTRA="key, reg" EVAL="1" F="1">
<NODE NAME="Default" VALUE="regedit.exe "%1"" LINK="175" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\SavedDsQuery\shell\open\command" R="1" EXTRA="qds" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1" LINK="397" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\scrfile\shell\open\command" R="1" EXTRA="scr" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""%1" /S" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\scriptletfile\shell\open\command" R="1" EXTRA="sct, wsc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\WINDOWS\NOTEPAD.EXE" "%1"" LINK="173" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\SHCmdFile\shell\open\command" R="1" EXTRA="scf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="explorer.exe" LINK="163" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ShellScrap\shell\open\command" R="1" EXTRA="shs" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1" LINK="615" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\SPCFile\shell\open\command" R="1" EXTRA="p7b, p7r, spc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\STLFile\shell\open\command" R="1" EXTRA="stl" EVAL="1" F="1">
<NODE NAME="Default" VALUE="rundll32.exe cryptext.dll,CryptExtOpenCTL %1" LINK="215" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\T126_Whiteboard\shell\open\command" R="1" EXTRA="NMW" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\NetMeeting\wb32.exe" - "%1"" LINK="97" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\themefile\shell\open\command" R="1" EXTRA="theme" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ttcfile\shell\open\command" R="1" EXTRA="ttc" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ttffile\shell\open\command" R="1" EXTRA="ttf" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\fontview.exe %1" LINK="411" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\txtfile\shell\open\command" R="1" EXTRA="dic, exc, log, scp, txt, wtx" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\uipfile\shell\open\command" R="1" EXTRA="uip" EVAL="1" F="1">
<NODE NAME="Default" VALUE="C:\Programmi\CyberLInk\Common\updateipr.exe "%1"" LINK="14" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\ulsfile\shell\open\command" R="1" EXTRA="uls" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""rundll32.exe" msconf.dll,NewMediaPhone %l" LINK="474" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\vanBasco.MIDI\shell\open\command" R="1" EXTRA="kar, mid, midi, rmi" EVAL="5">
<NODE NAME="Default" VALUE=""C:\Programmi\vanBasco's Karaoke Player\vmidi.exe"" LINK="109" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\VBEFile\shell\open\command" R="1" EXTRA="VBE" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\VBSFile\shell\open\command" R="1" EXTRA="vbs" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\vcard_wab_auto_file\shell\open\command" R="1" EXTRA="vcf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\wab.exe" /vcard %1" LINK="103" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\VisioViewer.Viewer\shell\open\command" R="1" EXTRA="vdx, vsd, vss, vst, vsx, vtx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wab_auto_file\shell\open\command" R="1" EXTRA="wab" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Outlook Express\wab.exe" %1" LINK="103" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WAXFile\shell\open\command" R="1" EXTRA="wax" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\webpnpFile\shell\open\command" R="1" EXTRA="webpnp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\wpnpinst.exe %1" LINK="708" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Whiteboard\shell\open\command" R="1" EXTRA="WHT" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\NetMeeting\wb32.exe" "%1"" LINK="97" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Windows.Movie.Maker\shell\open\command" R="1" EXTRA="MSWMM" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Movie Maker\moviemk.exe" %1" LINK="84" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WinRAR\shell\open\command" R="1" EXTRA="7z, ace, arj, bz, bz2, cab, gz, lha, lzh, r00, r01, r02, r03, r04, r05, r06, r07, r08, r09, r10, r11, r12, r13, r14, r15, r16, r17, r18, r19, r20, r21, r22, r23, r24, r25, r26, r27, r28, r29, rar, tar, taz, tbz, tbz2, tgz, uu, uue, xxe, z" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\WinRAR\WinRAR.exe" "%1"" LINK="118" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WinRAR.REV\shell\open\command" R="1" EXTRA="rev" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\WinRAR\WinRAR.exe" "%1"" LINK="118" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WinRAR.ZIP\shell\open\command" R="1" EXTRA="zip" EVAL="5" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\WinRAR\WinRAR.exe" "%1"" LINK="118" EVAL="5" F="256" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WMDFile\shell\open\command" R="1" EXTRA="wmd" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /WMPackage:"%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WMSFile\shell\open\command" R="1" EXTRA="wms" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /layout:"%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WMZFile\shell\open\command" R="1" EXTRA="wmz" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /layout:"%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Backup.8\shell\open\command" R="1" EXTRA="wbk" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Document.12\shell\open\command" R="1" EXTRA="docx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Document.8\shell\open\command" R="1" EXTRA="doc" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.DocumentMacroEnabled.12\shell\open\command" R="1" EXTRA="docm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.RTF.8\shell\open\command" R="1" EXTRA="rtf" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Template.12\shell\open\command" R="1" EXTRA="dotx" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.Template.8\shell\open\command" R="1" EXTRA="dot" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\Word.TemplateMacroEnabled.12\shell\open\command" R="1" EXTRA="dotm" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE" /n /dde" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wordhtmlfile\shell\open\command" R="1" EXTRA="dochtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE"" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wordhtmltemplate\shell\open\command" R="1" EXTRA="dothtml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Microsoft Office\Office12\WINWORD.EXE"" LINK="83" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WPLFile\shell\open\command" R="1" EXTRA="wpl" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows Media Player\wmplayer.exe" /Open "%L"" LINK="113" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\wrifile\shell\open\command" R="1" EXTRA="wri" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Windows NT\Accessori\WORDPAD.EXE" "%1"" LINK="115" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WSFFile\shell\open\command" R="1" EXTRA="WSF" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\WSHFile\shell\open\command" R="1" EXTRA="WSH" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\System32\WScript.exe "%1" %*" LINK="711" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\x-internet-signup\shell\open\command" R="1" EXTRA="ins, isp" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\XEV.GenericApp\shell\open\command" R="1" EXTRA="xevgenxml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\iexplore.exe" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\xmlfile\shell\open\command" R="1" EXTRA="rels, xml" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\xslfile\shell\open\command" R="1" EXTRA="xsl" EVAL="1" F="1">
<NODE NAME="Default" VALUE=""C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome" LINK="55" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\Software\CLASSES\zapfile\shell\open\command" R="1" EXTRA="zap" EVAL="1" F="1">
<NODE NAME="Default" VALUE="%SystemRoot%\system32\NOTEPAD.EXE %1" LINK="527" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path" EVAL="1" F="1">
<NODE NAME="Debugger" VALUE="ntsd -d" EVAL="1" F="1" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Network" TR="V=4608" EVAL="1" F="1">
- <NODE NAME="Key" VALUE="HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings" R="1" EVAL="1" F="1">
<NODE NAME="AutoConfigProxy" VALUE="wininet.dll" LINK="689" EVAL="1" F="2" />
<NODE NAME="CertificateRevocation" VALUE="" EVAL="1" F="1" />
<NODE NAME="DisableCachingOfSSLPages" VALUE="" EVAL="1" F="1" />
<NODE NAME="EmailName" VALUE="IEUser@" EVAL="1" F="1" />
<NODE NAME="EnableAutodial" VALUE="" EVAL="1" F="1" />
<NODE NAME="EnableHttp1_1" VALUE="" EVAL="1" F="1" />
<NODE NAME="EnableNegotiate" VALUE="" EVAL="1" F="1" />
<NODE NAME="GlobalUserOffline" VALUE="" EVAL="1" F="1" />
<NODE NAME="IE5_UA_Backup_Flag" VALUE="5.0" EVAL="1" F="1" />
<NODE NAME="MigrateProxy" VALUE="" EVAL="1" F="1" />
<NODE NAME="MimeExclusionListForCache" VALUE="multipart/mixed multipart/x-mixed-replace multipart/x-byteranges" EVAL="1" F="1" />
<NODE NAME="NoNetAutodial" VALUE="" EVAL="1" F="1" />
<NODE NAME="PrivDiscUiShown" VALUE="" EVAL="1" F="1" />
<NODE NAME="PrivacyAdvanced" VALUE="" EVAL="1" F="1" />
<NODE NAME="ProxyEnable" VALUE="" EVAL="1" F="1" />
<NODE NAME="SecureProtocols" VALUE="" EVAL="1" F="1" />
<NODE NAME="UrlEncoding" VALUE="" EVAL="1" F="1" />
<NODE NAME="UseSchannelDirectly" VALUE="" EVAL="1" F="1" />
<NODE NAME="User Agent" VALUE="Mozilla/4.0 (compatible; MSIE 7.0; Win32)" EVAL="1" F="1" />
<NODE NAME="WarnOnPost" VALUE="" EVAL="1" F="1" />
<NODE NAME="WarnonZoneCrossing" VALUE="" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001" EVAL="1" F="1">
<NODE NAME="LibraryPath" VALUE="%SystemRoot%\System32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002" EVAL="1" F="1">
<NODE NAME="LibraryPath" VALUE="%SystemRoot%\System32\winrnr.dll" LINK="693" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003" EVAL="1" F="1">
<NODE NAME="LibraryPath" VALUE="%SystemRoot%\System32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\rsvpsp.dll" LINK="586" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\rsvpsp.dll" LINK="586" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019" EVAL="1" F="1">
<NODE NAME="PackedCatalogItem" VALUE="%SystemRoot%\system32\mswsock.dll" LINK="508" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" EVAL="1" F="1">
<NODE NAME="ProviderOrder" VALUE="RDPNP,LanmanWorkstation,WebClient" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders" EVAL="1" F="1">
<NODE NAME="SecurityProviders" VALUE="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" LINK="471" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider" EVAL="1" F="1">
<NODE NAME="ProviderPath" VALUE="%SystemRoot%\system32\ntmarta.dll" LINK="534" EVAL="1" F="2" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites" EVAL="1" F="1">
<NODE NAME="ie.search.msn.com" VALUE="http://ie.search.msn.com/*" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites" EVAL="1" F="1">
<NODE NAME="" VALUE="" EVAL="1" F="1" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Desktop" R="1" TR="V=4610" L="M" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKCU\Control Panel\Desktop" EVAL="5" F="1">
<NODE NAME="ConvertedWallpaper" VALUE="C:\Documents and Settings\Utente\Desktop\AS%20ROMAAAAA.jpg" />
<NODE NAME="OriginalWallpaper" VALUE="C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp" LINK="2" EVAL="5" />
<NODE NAME="SCRNSAVE.EXE" VALUE="C:\WINDOWS\system32\ssflwbox.scr" LINK="629" EVAL="1" F="2" />
<NODE NAME="Wallpaper" VALUE="D:\Documenti\Immagini\sfondo roma.bmp" LINK="734" EVAL="5" />
</NODE>
</NODE>
- <NODE NAME="SUBSECTION" VALUE="Shell Execute Hooks" R="1" TR="V=4611" L="M" EVAL="5" F="1">
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" EVAL="1" F="1">
<NODE NAME="Hook per l'esecuzione degli URL" VALUE="shell32.dll" LINK="609" EVAL="1" F="2" />
<NODE NAME="Groove GFS Stub Execution Hook" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
</NODE>
- <NODE NAME="Key" VALUE="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" EVAL="5" F="1">
<NODE NAME="Proprietà dei file Multimedia" VALUE="mmsys.cpl" LINK="463" EVAL="1" F="2" />
<NODE NAME="Completamento automatico Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico della Cronologia di Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Contenitore dell'elenco di Completamento automatico multiplo Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="&Indirizzo" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico di Shell Folder di Microsoft" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Haali Column Provider" VALUE="C:\Programmi\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" LINK="13" EVAL="5" />
<NODE NAME="Ricerca Web" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="IE Microsoft BrowserBand" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="WebCheckWebCrawler" VALUE="C:\WINDOWS\system32\webcheck.dll" LINK="680" EVAL="1" F="2" />
<NODE NAME="Shell Automation Inproc Service" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Enumeratore applicazioni installate" VALUE="%SystemRoot%\system32\appwiz.cpl" LINK="186" EVAL="1" F="2" />
<NODE NAME="File cabinet" VALUE="cabview.dll" LINK="198" EVAL="1" F="2" />
<NODE NAME="" VALUE="%SystemRoot%\system32\dsuiext.dll" LINK="400" EVAL="1" F="2" />
<NODE NAME="Microsoft DocProp Inplace Droplist Combo Control" VALUE="C:\WINDOWS\system32\docprop2.dll" LINK="245" EVAL="1" F="2" />
<NODE NAME="Offline Files Folder Options" VALUE="%SystemRoot%\System32\cscui.dll" LINK="220" EVAL="1" F="2" />
<NODE NAME="ISFBand OC" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Microsoft Agent Character Property Sheet Handler" VALUE="C:\WINDOWS\msagent\agentpsh.dll" LINK="172" EVAL="1" F="2" />
<NODE NAME="" VALUE="%SystemRoot%\system32\dsquery.dll" LINK="397" EVAL="1" F="2" />
<NODE NAME="Ricerca all'interno" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Groove Explorer Icon Overlay 3 (GFS Folder)" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="Gestore scanner ICM" VALUE="icmui.dll" LINK="423" EVAL="1" F="2" />
<NODE NAME="IE Fade Task" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Estensione shell di protezione" VALUE="rshx32.dll" LINK="584" EVAL="1" F="2" />
<NODE NAME="IE Menu Desk Bar" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Shell Search Band" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Microsoft OLE DB Service Component Data Links" VALUE="C:\Programmi\File comuni\System\Ole DB\oledb32.dll" LINK="31" EVAL="1" F="2" />
<NODE NAME="Stato del download" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Cerca" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Guida in linea e supporto tecnico" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Protezione di Windows" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Esegui..." VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Internet" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Posta elettronica" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Set Program Access and Defaults" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Microsoft DocProp Inplace Time Control" VALUE="C:\WINDOWS\system32\docprop2.dll" LINK="245" EVAL="1" F="2" />
<NODE NAME="Groove Explorer Icon Overlay 4 (GFS Unread Mark)" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="Groove Folder Synchronization" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="IE AutoComplete" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="IE Search Band" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="&Contatti..." VALUE="C:\Programmi\Outlook Express\wabfind.dll" LINK="104" EVAL="1" F="2" />
<NODE NAME="Gestione applicazioni shell" VALUE="%SystemRoot%\system32\appwiz.cpl" LINK="186" EVAL="1" F="2" />
<NODE NAME="Portable Devices" VALUE="%SystemRoot%\system32\wpdshext.dll" LINK="706" EVAL="1" F="1" />
<NODE NAME="Groove XML Icon Handler" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="Microsoft Url History Service" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Shell DeskBarApp" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="The Internet" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Pagina di proprietà di Docfile OLE" VALUE="docprop.dll" LINK="244" EVAL="1" F="2" />
<NODE NAME="GDI + programma di estrazione file in anteprima" VALUE="C:\WINDOWS\system32\shimgvw.dll" LINK="612" EVAL="1" F="2" />
<NODE NAME="Scanner e fotocamere digitali" VALUE="wiashext.dll" LINK="685" EVAL="1" F="2" />
<NODE NAME="Video Media Properties Handler" VALUE="%SystemRoot%\system32\shmedia.dll" LINK="614" EVAL="1" F="2" />
<NODE NAME="Estensioni shell per la condivisione" VALUE="ntshrui.dll" LINK="536" EVAL="1" F="2" />
<NODE NAME="Estensione CPL PlusPack" VALUE="%SystemRoot%\system32\themeui.dll" LINK="640" EVAL="1" F="2" />
<NODE NAME="" VALUE="C:\Programmi\Microsoft Office\Office12\msohevi.dll" LINK="78" EVAL="1" F="1" />
<NODE NAME="Estensione scheda video del Pannello di controllo" VALUE="deskadp.dll" LINK="231" EVAL="1" F="2" />
<NODE NAME="Estensione monitor del Pannello di controllo" VALUE="deskmon.dll" LINK="232" EVAL="1" F="2" />
<NODE NAME="Estensione panoramica video del Pannello di controllo" VALUE="deskpan.dll" />
<NODE NAME="IE Navigation Bar" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="IE Menu Site" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="IE Menu Band" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Estensione shell di protezione" VALUE="dssec.dll" LINK="398" EVAL="1" F="2" />
<NODE NAME="MyDocs menu and properties" VALUE="%SystemRoot%\system32\mydocs.dll" LINK="512" EVAL="1" F="2" />
<NODE NAME="Pagina compatibilità" VALUE="SlayerXP.dll" LINK="617" EVAL="1" F="2" />
<NODE NAME="Gestore dati dei ritagli di shell" VALUE="shscrap.dll" LINK="615" EVAL="1" F="2" />
<NODE NAME="Microsoft Office OneNote Namespace Extension for Windows Desktop Search" VALUE="C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" LINK="158" EVAL="1" F="1" />
<NODE NAME="Creazione guidata profilo Passport" VALUE="%SystemRoot%\system32\netplwiz.dll" LINK="521" EVAL="1" F="2" />
<NODE NAME="Estensione copia dischi" VALUE="diskcopy.dll" LINK="237" EVAL="1" F="2" />
<NODE NAME="Pagina proprietà versioni precedenti" VALUE="%SystemRoot%\system32\twext.dll" LINK="643" EVAL="1" F="2" />
<NODE NAME="Estensioni shell per oggetti Rete Microsoft Windows" VALUE="ntlanui2.dll" LINK="532" EVAL="1" F="2" />
<NODE NAME="Gestore monitor ICM" VALUE="%SystemRoot%\System32\icmui.dll" LINK="423" EVAL="1" F="2" />
<NODE NAME="Barra degli strumenti Microsoft Internet" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Auto Update Property Sheet Extension" VALUE="C:\WINDOWS\system32\wuaucpl.cpl" LINK="717" EVAL="1" F="1" />
<NODE NAME="Shell Extension For Windows Script Host" VALUE="C:\WINDOWS\system32\wshext.dll" LINK="713" EVAL="1" F="2" />
<NODE NAME="IE Microsoft History AutoComplete List" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Oggetto DropTarget per Stampa guidata foto" VALUE="%SystemRoot%\system32\photowiz.dll" LINK="550" EVAL="1" F="2" />
<NODE NAME="" VALUE="%SystemRoot%\system32\dsuiext.dll" LINK="400" EVAL="1" F="2" />
<NODE NAME="Microsoft FTP Folder" VALUE="C:\WINDOWS\system32\msieftp.dll" LINK="487" EVAL="1" F="2" />
<NODE NAME="Portable Media Devices" VALUE="%SystemRoot%\system32\Audiodev.dll" LINK="188" EVAL="1" F="1" />
<NODE NAME="Shell Folder 2 accresciuto" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Shell Image Data Factory" VALUE="%SystemRoot%\system32\shimgvw.dll" LINK="612" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico MRU" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Gestore stampante ICM" VALUE="%SystemRoot%\system32\icmui.dll" LINK="423" EVAL="1" F="2" />
<NODE NAME="CDF Extension Copy Hook" VALUE="%SystemRoot%\system32\shdocvw.dll" LINK="608" EVAL="1" F="2" />
<NODE NAME="Extensions Manager Folder" VALUE="C:\WINDOWS\system32\extmgr.dll" LINK="408" EVAL="1" F="2" />
<NODE NAME="Elenco di Completamento automatico MRU personalizzato" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />
<NODE NAME="Microsoft DocProp Inplace Calendar Control" VALUE="C:\WINDOWS\system32\docprop2.dll" LINK="245" EVAL="1" F="2" />
<NODE NAME="IE Tracking Shell Menu" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Groove GFS Context Menu Handler" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="" VALUE="C:\WINDOWS\system32\ieframe.dll" LINK="425" EVAL="1" F="2" />
<NODE NAME="Oggetto Pubblicazione guidata sul Web" VALUE="%SystemRoot%\system32\netplwiz.dll" LINK="521" EVAL="1" F="2" />
<NODE NAME="Connessioni di rete" VALUE="C:\WINDOWS\system32\NETSHELL.dll" LINK="523" EVAL="1" F="2" />
<NODE NAME="Groove GFS Browser Helper" VALUE="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" LINK="152" EVAL="1" F="1" />
<NODE NAME="TridentImageExtractor" VALUE="%SystemRoot%\system32\browseui.dll" LINK="196" EVAL="1" F="2" />


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.04.07, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rmctrl .exe
C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv .exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documenti\Claudia\launch.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\RarSFX0\setup.exe
D:\Documenti\Claudia\SysInspector.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fastrate USB 100 Modem.lnk = ?
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://colosseo86.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{081369E1-F9BF-4777-8A4B-AF6E9DB687CC}: NameServer = 85.255.113.195 85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{9019F2A4-7DA9-441C-BC3B-DC3844A77909}: NameServer = 85.255.113.195,85.255.112.64
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.64
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.64
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\PrevxCSI\prevxcsi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: setup_7.0.0.180_18.05.2008_00-35 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe

--
End of file - 8008 bytes


GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-22 18:29:50
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8158D6C0
Device \FileSystem\Ntfs \Ntfs 818254D0
Device \FileSystem\Ntfs \Ntfs 81A13DE0
Device \FileSystem\Ntfs \Ntfs 81B05DA8
Device \FileSystem\Ntfs \Ntfs 816039E8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.14 ----

wjmat
22-05-2008, 21:16
ciao, riedita cortesemente il tuo post a caricando i log secondo le modalità

Modalità di pubblicazione dei log

Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comando Gestisci allegati nelle Opzioni aggiuntive
Clicca su Gestisci allegati -> si aprirà una finestra -> Click su Sfoglia -> seleziona il file da caricare -> Click su Carica -> sotto allegati correnti vedrai il tuo log caricato -> Chiudi la finestra

Altrimenti caricali su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.

Per le immagini consiglio innanzitutto di salvarle in JPG, essendo più leggere e caricarle su fileqube.com (http://fileqube.com) che permette di visualizzarle direttamente online.

Tu hai seguito subito la guida generica... dei prima postare il log di FindAWF, leggi bene il primo post di questa discussione

xcdegasp
22-05-2008, 22:15
@ cla8686:
mi spiace ma se non invii i log su uno dei server consigliati per poi pubblicare i link ai download altrimenti è per noi difficile leggere i log :)

fabio mancin
22-05-2008, 22:41
Per Francizio..

Volevo chiederti se le istruzioni della guida valgono anche on windows vista.

Grazie

Francizio
22-05-2008, 22:45
Per Francizio..

Volevo chiederti se le istruzioni della guida valgono anche on windows vista.

Grazie

Ciao.

Non ho la possibilità di testare, ma non credo ci sia alcun tipo di problema.

Credo che fra i centinaia di utenti che hanno chiesto aiuto ci sarà stato sicuramente qualcuno che avesse Vista come SO.

Quindi puoi tranquillamente seguire la guida.;)

Francizio
22-05-2008, 23:01
ciao a tutti sono nuova di questo forum..qualche giorno fa ho scritto su un'altro forum perchè mi ritrovo internet connection tra le connessioni..io ho alice adsl ..ora non mi crea fastidi ma qualche giorno fa mi cadeva la connessione in continuazine..cmq nell'altro forum mi hanno dato delle indicazioni per come toglierlo...in questo indirizzo ci sono i vari passaggi
http://www.p2pforum.it/forum/showthread.php?t=305744&page=2
dopo aver fatto tutto quello che mi è stato consigliato internet connection la trovo ancora tra le connessioni ... qualcuno mi può aiutare tenendo presente la mia scarsa conoscenza in pc?

Ciao rosa...
Allora...Vediamo di capirci qualcosa.
Spegni il pc, riaccendilo, fai una scansione con FindAWF e posta quì il log.
Viadiamo di venirne a capo.

fabio mancin
22-05-2008, 23:44
Per Francizio..

Ho lanciato FindAWF ma il risultato è questo....

Aiuto....

Francizio
23-05-2008, 00:12
Per Francizio..

Ho lanciato FindAWF ma il risultato è questo....

Aiuto....

Il log è pulito.
Vai in prima pagina, e alla fine del primo messaggio trovi il link con le istruzioni per chi non ha file duplicati.
;)

rosa39
23-05-2008, 23:03
per francizio
ecco il log

xcdegasp
24-05-2008, 00:07
per francizio
ecco il log

scarica avenger e carica il seguente script:
Files to move:
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe | C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe | C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

rosa39
24-05-2008, 11:47
ho avviato avenger e questo è il log...comunque la malefica connessione è sempre al suo posto

rosa39
24-05-2008, 11:50
ho sbagliato a caricarlo ..eccolo il log

Chill-Out
24-05-2008, 11:55
ho sbagliato a caricarlo ..eccolo il log

Ciao Rosa39, pulisci con CCleaner come indicato in Guida ed elimina la connessione manulamente, per scrupolo riallega un log di FindAWF ;)

rosa39
24-05-2008, 12:33
ho fatto tutto ...purtroppo manualmente non si toglie ..faccio elimina ma poi è sempre lì...allego il log di findAWF

wjmat
24-05-2008, 12:40
Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

Francizio
24-05-2008, 12:43
ho fatto tutto ...purtroppo manualmente non si toglie ..faccio elimina ma poi è sempre lì...allego il log di findAWF

EDIT: non avevo visto che aveva il problema dell'eliminazione manuale.
Segui le istruzioni di wjmat

Chill-Out
24-05-2008, 12:44
Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log


Non hanno duplicati per questo motivo http://www.hwupgrade.it/forum/showpost.php?p=22589727&postcount=2389 ;)

xcdegasp
24-05-2008, 12:50
ho fatto tutto ...purtroppo manualmente non si toglie ..faccio elimina ma poi è sempre lì...allego il log di findAWF

le cartelle bak rimaste le puoi cancellare manualmente quando vuoi :)

rosa39
24-05-2008, 13:07
scusatemi .prima di fare qualche guaio voelvo sapere se con ccleaner devo selezionare anche advanced e pulire tutto.. vorrei la conferma prima di procedere...

wjmat
24-05-2008, 13:35
si puoi spuntarle tutte

rosa39
24-05-2008, 14:02
mi potreste speigare come posso eliminarlo manualmente?
scusate ma non sono esperta

xcdegasp
24-05-2008, 14:06
mi potreste speigare come posso eliminarlo manualmente?
scusate ma non sono esperta

le directory le cancelli cercandole prima nel tuo hardisk, la selezioni e poi premi "canc" da tastiera o selezioni con il tasto destro la voce "elimina" :)
le cartele da cancellare sono:

C:\WINDOWS\system32\bak
C:\Programmi\Alice ti aiuta\SmartBridge\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak

:)

Francizio
24-05-2008, 14:08
mi potreste speigare come posso eliminarlo manualmente?
scusate ma non sono esperta

Clicchi Start -> Pannello di controllo -> Rete e connesisoni internet -> Connessioni di rete.

Individua la connessione, clicchi col destro e selezioni "elimina".;)

Francizio
24-05-2008, 14:12
le directory le cancelli cercandole prima nel tuo hardisk, la selezioni e poi premi "canc" da tastiera o selezioni con il tasto destro la voce "elimina" :)
le cartele da cancellare sono:

C:\WINDOWS\system32\bak
C:\Programmi\Alice ti aiuta\SmartBridge\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak

:)

Credo si riferisse alla connessione...;)

xcdegasp
24-05-2008, 14:27
opszz :stordita:

rosa39
24-05-2008, 16:31
francizio ho fatto elimina ma niente non se ne va..è sempre lì! e non si tolgono neanche i file come consiglia xcdegasp..mi appare una finestra di errore ..impossibile eliminare file:impossibile leggere dal file o dal disco di origine

Francizio
24-05-2008, 16:52
francizio ho fatto elimina ma niente non se ne va..è sempre lì! e non si tolgono neanche i file come consiglia xcdegasp..mi appare una finestra di errore ..impossibile eliminare file:impossibile leggere dal file o dal disco di origine

Hai provato a spegnere/riaccendere il pc e a provare dopo a eliminarli?
E' possibile che qualche processo li stia "utilizzando" e per questo non te li faccia cancellare.

rosa39
24-05-2008, 16:55
:doh: che confusionaria che sono non avevo letto quanto scritto da francizio su xcdegas ...è che le sto provando tutte ...si mi riferisco sempre alla connessione pensavo ci fosse qualche altro modo per toglierla manualmente oltre a cliccare su elimina che avevo già provato a fare ma non si toglie !!!:muro:

Francizio
24-05-2008, 17:00
:doh: che confusionaria che sono non avevo letto quanto scritto da francizio su xcdegas ...è che le sto provando tutte ...si mi riferisco sempre alla connessione pensavo ci fosse qualche altro modo per toglierla manualmente oltre a cliccare su elimina che avevo già provato a fare ma non si toglie !!!:muro:

Mmmh...:what:

Prova ed entrare in modalità provvisoria.

Con la modalità provvisoria tanti processi non vengono aperti e c'è la possibilità che riesca ad eliminare il tutto.

I percorsi per i file e per la connessione sono sempre quelli che ti abbiamo postato sopra.

Magari segnateli...

Francizio
24-05-2008, 17:02
:doh: che confusionaria che sono non avevo letto quanto scritto da francizio su xcdegas ...è che le sto provando tutte ...si mi riferisco sempre alla connessione pensavo ci fosse qualche altro modo per toglierla manualmente oltre a cliccare su elimina che avevo già provato a fare ma non si toglie !!!:muro:

In alternativa ti rimando a questa discussione:

http://www.hwupgrade.it/forum/showthread.php?t=861857

dove dovresti trovare ottimi consigli per chi ha problemi ad eliminare i files...;)

rosa39
24-05-2008, 17:24
quei file sono riuscita a toglierli...ma la internet connection è sempre presente nelle connessioni di rete!!:cry:

therichwarrior
24-05-2008, 18:59
ragazzi mi aiutate? ho notato che nelle connessioni di rete ce internet connection il dialer, oggi ho fatto una scansione con zone alarm che ha trovato 6 dialer e dopo averli eliminati internet connection rimane li dovè. vi linko il txt di find awf.
inoltre ho un adsl flat libero con modem adsl usb volevo sapere se ce rischio che mi arrivi una bolletta salata. grazie a tutti per l'aiuto :cry:

xcdegasp
24-05-2008, 19:07
quei file sono riuscita a toglierli...ma la internet connection è sempre presente nelle connessioni di rete!!:cry:

per le directory usa questo script:
Folders to delete:
C:\WINDOWS\system32\bak
C:\Programmi\Alice ti aiuta\SmartBridge\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak

poi fammi un log di HiJackThis e di a-squared.. scusa se teli richiedo ma vorrei accertarmi :)

xcdegasp
24-05-2008, 19:17
ragazzi mi aiutate? ho notato che nelle connessioni di rete ce internet connection il dialer, oggi ho fatto una scansione con zone alarm che ha trovato 6 dialer e dopo averli eliminati internet connection rimane li dovè. vi linko il txt di find awf.
inoltre ho un adsl flat libero con modem adsl usb volevo sapere se ce rischio che mi arrivi una bolletta salata. grazie a tutti per l'aiuto :cry:

scarica avengere e carica questo script:
Files to move:
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe | C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe | C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe | C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Sony\SonicStage\bak\SsAAD.exe | C:\Programmi\Sony\SonicStage\SsAAD.exe
C:\Programmi\Thrustmaster\FunAccess\bak\PSPAP.exe | C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\bak\Communications_Helper.exe | C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\bak\LVComSX.exe | C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\monitor.exe | C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

Folders to delete:
C:\WINDOWS\system32\bak
C:\Programmi\Analog Devices\SoundMAX\bak
C:\Programmi\ATI Technologies\ATI Control Panel\bak
C:\Programmi\Nokia\Nokia PC Suite 6\bak
C:\Programmi\Sony\SonicStage\bak
C:\Programmi\Thrustmaster\FunAccess\bak
C:\Programmi\Adobe\Reader 8.0\Reader\bak
C:\Programmi\File comuni\Ahead\Lib\bak
C:\Programmi\File comuni\LogiShrd\LComMgr\bak
C:\Programmi\File comuni\Real\Update_OB\bak
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak
C:\Programmi\Java\jre1.6.0_02\bin\bak

così ti faccio fare in una sola passata lo spostamento dei file e cancellazione delle directories :)
poi segui la semplice procedura descritta nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3, rispettandone l'ordine di esecuzione, e anche un log HiJackThis :)

Fabryz60
24-05-2008, 20:07
ho fatto tutto quello che dite x togliere quel dialer ma il log che mi viene fuori è senza duplicati cosa devo fare?

wjmat
24-05-2008, 20:20
ho fatto tutto quello che dite x togliere quel dialer ma il log che mi viene fuori è senza duplicati cosa devo fare?
segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato a d oggi e poi alleghi il log

therichwarrior
24-05-2008, 20:27
devo scaricare prevxcsi? o fare solo punto 2 e 3? grazie

Fabryz60
24-05-2008, 20:29
questo è il mio log grazie x l'aiuto

therichwarrior
24-05-2008, 20:40
allora dopo che ho fatto il procedimento con cc cleaner , allego il log di avenger e la seconda scansione con awf. e aspetto vostre notizie perchè non ho capito cos'altro devo fare :confused: grazie aspetto una vostra risposta

wjmat
24-05-2008, 21:17
allora dopo che ho fatto il procedimento con cc cleaner , allego il log di avenger e la seconda scansione con awf. e aspetto vostre notizie perchè non ho capito cos'altro devo fare :confused: grazie aspetto una vostra risposta
Ti manca di fare:

Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

rosa39
25-05-2008, 12:55
ecco i log richiesti

rosa39
25-05-2008, 12:58
ecco il log di Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.50.40, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
leggere le Regole di Sezione

--
End of file - 10339 bytes

therichwarrior
25-05-2008, 13:17
Ti manca di fare:

Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log




dunque ho fatto le due scansioni ti posto i log. nella scansione con a squared mi ha trovato 5 cookie e li ho messi in quarantena aspetto notizie per saper cosa fare. grazie ciao

wjmat
25-05-2008, 14:51
x therichwarrior
mi pare che a-squared non abbia intercettato nulla.... prosegui con la guida

x rosa39
vedi come consiglio qui sopra, poi per piacere riedita il tuo post precedente caricando il log con la funzione gestisci allegati

ciao

rosa39
25-05-2008, 15:59
x rosa39
vedi come consiglio qui sopra, poi per piacere riedita il tuo post precedente caricando il log con la funzione gestisci allegati

ciao[/QUOTE]

non so perche ma non me lo fa caricare come allegato

rosa39
25-05-2008, 17:35
li ho inseriti così i log spero vada bene

http://wikisend.com/download/517726/hijackthis.log
http://wikisend.com/download/517752/a2scan_080524-225359.txt

sam74
25-05-2008, 21:15
Gentili Moderatori e Utenti di questo forum,

il mio computer è infestato dal dialer del titolo e girando per la rete credo che qui soltanto qualcuno possa aiutarmi seriamente.
Ho già provato a seguire da solo le indicazioni delle guida ma purtroppo dopo alcuni successi iniziali la connessione è ricomparsa ad ogni riavvio.
Vi segnalo subito che il log AWF non segnala cartelle o files duplicati, mentre vi allego, sperando di fare cosa giusta, il log di hijackthis.

Sarei davvero grato se qualcuno di voi potesse aiutarmi.
Un grazie anticipato e mi scuso per eventuali inesattezze o errori nel postare.
sam

xcdegasp
25-05-2008, 22:49
Gentili Moderatori e Utenti di questo forum,

il mio computer è infestato dal dialer del titolo e girando per la rete credo che qui soltanto qualcuno possa aiutarmi seriamente.
Ho già provato a seguire da solo le indicazioni delle guida ma purtroppo dopo alcuni successi iniziali la connessione è ricomparsa ad ogni riavvio.
Vi segnalo subito che il log AWF non segnala cartelle o files duplicati, mentre vi allego, sperando di fare cosa giusta, il log di hijackthis.

Sarei davvero grato se qualcuno di voi potesse aiutarmi.
Un grazie anticipato e mi scuso per eventuali inesattezze o errori nel postare.
sam

prima del log hijackthis fai la scansione con ADSScanner eseguendo la pulizia e a-squared :)
li trovi nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737)

sam74
25-05-2008, 23:03
prima del log hijackthis fai la scansione con ADSScanner eseguendo la pulizia e a-squared :)
li trovi nella Guida alla Disinfezione per Infetti (http://www.hwupgrade.it/forum/showthread.php?t=1599737)

Li ho già provati:

- adsscanner mi segnala questa stringa (no Ntfs found in your computer ...) e non mi permette lo scan

- a-squared l'ho usato oggi più volte ma mi ha rilevato solo 4 cookies traccianti rischio basso.


Altre indicazioni:
- nella cronologia internet compare www.download787.com, fenomeno riscontrabile in reta anche ad altri utenti;
- non riesco più ad accedere alla modalità provvisoria.

Grazie per l'interessamento, pronto a seguire ogni indicazione;)

xcdegasp
25-05-2008, 23:19
Li ho già provati:

- adsscanner mi segnala questa stringa (no Ntfs found in your computer ...) e non mi permette lo scan

- a-squared l'ho usato oggi più volte ma mi ha rilevato solo 4 cookies traccianti rischio basso.


Altre indicazioni:
- nella cronologia internet compare www.download787.com, fenomeno riscontrabile in reta anche ad altri utenti;
- non riesco più ad accedere alla modalità provvisoria.

Grazie per l'interessamento, pronto a seguire ogni indicazione;)
e allora procedi con il resto dela guida :)

Ebenezer
26-05-2008, 00:56
Salve a tutti.
Anche io sono del Club..:(
Ogni tanto mentre sono connesso mi parte la internet connection..
Vi allego i log che ho fatto anche se sicuramente non basteranno per fare l'analisi, ma da qualche parte devo iniziare...:)

Grazie!
Ciao

Chill-Out
26-05-2008, 01:04
Salve a tutti.
Anche io sono del Club..:(
Ogni tanto mentre sono connesso mi parte la internet connection..
Vi allego i log che ho fatto anche se sicuramente non basteranno per fare l'analisi, ma da qualche parte devo iniziare...:)

Grazie!
Ciao

Ciao il tuo log è pulito seguit questa Guida http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

therichwarrior
26-05-2008, 16:27
x therichwarrior
mi pare che a-squared non abbia intercettato nulla.... prosegui con la guida

x rosa39
vedi come consiglio qui sopra, poi per piacere riedita il tuo post precedente caricando il log con la funzione gestisci allegati

ciao

allora ho proseguito con la lista dr web non ha trovato nulla, allego sys inspector gmer non si apre e prevxcsi non so come allegarvi il file xml. comunque anche se non trovano nulla nelle risorse di rete ce smepre internet connection è normale? aspetto risposta grazie

jpeg sys inspector:
http://img165.imageshack.us/img165/3368/prevxcsiec8.jpg (http://imageshack.us)

wjmat
26-05-2008, 17:55
il log di f-secure o kaspersky?
la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli

therichwarrior
26-05-2008, 18:04
il log di f-secure o kaspersky?
la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli

kasperski l'avevo fatto con hijackthis era nella guida e anche f secure forse non li ho postati li posto?

wjmat
26-05-2008, 18:09
kasperski l'avevo fatto con hijackthis era nella guida e anche f secure forse non li ho postati li posto?
si posta tutti i log richiesti che ti mancano

rosa39
26-05-2008, 19:01
la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli


ho provato anche io a cancellarla manualmente ma non si toglie!:muro:

therichwarrior
26-05-2008, 21:40
si posta tutti i log richiesti che ti mancano

allego file f secure, kaspersky è a pagamento per il resto te li ho postati e nn trova nulla
internet connection lho cancellato manualmente. devo far altro?
C:\Documents and Settings\PC\Desktop\F-Secure Online Scanner 3_3_1 - Scanning Report - Monday, May 26, 2008 195917.mht

Ebenezer
27-05-2008, 00:02
la connessione va anche eliminata manualmente
Clicca su Start -> Pannello di controllo -> Rete e connessioni internet -> Connessioni di rete
Cerchi la connessione incriminata e la cancelli


ho provato anche io a cancellarla manualmente ma non si toglie!:muro:
Per questo forse ti posso aiutare io dato che la manovra l'ho imparata praticamente a memoria..:(
Start/impostazioni/Connessioni di rete.
Tasto destro sulla Mer*@#a "internet connection" e poi Disconnetti.
A questo punto puoi rifare tasto destro sulla "internet connection" ed Elimina.

Spero di essere stato di aiuto..:)

wjmat
27-05-2008, 01:19
allego file f secure, kaspersky è a pagamento per il resto te li ho postati e nn trova nulla
internet connection lho cancellato manualmente. devo far altro?
C:\Documents and Settings\PC\Desktop\F-Secure Online Scanner 3_3_1 - Scanning Report - Monday, May 26, 2008 195917.mht
riallega f-secure che non è corretto il link

rosa39
27-05-2008, 13:06
ragazzi ho fatto le varie scansioni come dice la guida vi allego i vari log spero che mi aiutate ad eliminare quella connessione ( non mi dite di toglierla manualmente perchè non si toglie)
DrWeb non ha rilevato nulla
PREVXcsi:System status :clean

http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/SysInspector--080526-1507.xml

rosa39
27-05-2008, 13:43
finalemente ho capito perchè non si toglieva manualmente!!
avevo messo rasphone come file di sola lettura...ora ho tolto la spunta e finalemtne l'ho eliminata!!spero non ritorni!

wjmat
27-05-2008, 14:03
ragazzi ho fatto le varie scansioni come dice la guida vi allego i vari log spero che mi aiutate ad eliminare quella connessione ( non mi dite di toglierla manualmente perchè non si toglie)
DrWeb non ha rilevato nulla
PREVXcsi:System status :clean

http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/SysInspector--080526-1507.xml
rosa39 mi sembra manchi la scansione con f-secure o kaspersky

Chill-Out
27-05-2008, 16:31
finalemente ho capito perchè non si toglieva manualmente!!
avevo messo rasphone come file di sola lettura...ora ho tolto la spunta e finalemtne l'ho eliminata!!spero non ritorni!

Non ha più senso mettere rasphone in sola lettura

rosa39
27-05-2008, 16:41
ecco anche il log di kaspersky

alfio600
27-05-2008, 16:49
Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

rosa39
27-05-2008, 16:49
Non ha più senso mettere rasphone in sola lettura
qualcuno mi aveva consigliato di metterlo in sola lettura .. in questo modo internet connection non si toglieva dalle connessioni... poi mi sono ricordata e ho tolto la spunta a solo lettura ...e ho provato a togliere la connessione facendo elimina...e così è sparita

Chill-Out
27-05-2008, 16:57
qualcuno mi aveva consigliato di metterlo in sola lettura .. in questo modo internet connection non si toglieva dalle connessioni... poi mi sono ricordata e ho tolto la spunta a solo lettura ...e ho provato a togliere la connessione facendo elimina...e così è sparita

Infatti, lascialo cosi com'è non ha senso metterlo in sola lettura

wjmat
27-05-2008, 17:02
Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report
Ciao benvenuto nel pronto soccorso di HU.
Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento, se poi l'infezione non sarà intercettata da a-squared, dovrai seguirla fino in fondo.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log

wjmat
27-05-2008, 17:05
qualcuno mi aveva consigliato di metterlo in sola lettura .. in questo modo internet connection non si toglieva dalle connessioni... poi mi sono ricordata e ho tolto la spunta a solo lettura ...e ho provato a togliere la connessione facendo elimina...e così è sparita
un utente ti aveva consigliato di fare disconnetti e poi elimina mi pare. ma ora come sei messa??

alfio600
27-05-2008, 17:59
Ciao benvenuto nel pronto soccorso di HU.
Le tue cartelle bak non hanno duplicati, segui la guida generale (http://www.hwupgrade.it/forum/showthread.php?t=1599737) fino al punto 3 per il momento, se poi l'infezione non sarà intercettata da a-squared, dovrai seguirla fino in fondo.
Quindi in ordine:

Disattiva il ripristino di sistema (dovresti averlo già disattivato)
Pulizia con Ccleaner
Pulizia con ADSScanner
Scansione deep con A-squared aggiornato ad oggi e poi alleghi il log
sera
a-squared Free - Version 3.5
Last update: 27/05/2008 16.30.09

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 27/05/2008 16.30.27

c:\windows\system32\searchx.htm rilevati: Trace.File.MaxSpeed
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> Changed rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> SlowInfoCache rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayName rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayVersion rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> HelpLink rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> InstallLocation rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoModify rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoRepair rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> Publisher rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> UninstallString rilevati: Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed rilevati: Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache rilevati: Trace.Registry.Warez P2P Faster Accelerator
C:\AlbumDesign\Droplet\Dimension\' Custom Size.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 254 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 300 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 20x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 24x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 25x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 30x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x35 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x45 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x30 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x40 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 50x50 200 DPI.exe rilevati: Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover Custom Resize.exe rilevati: Trojan.Win32.Agent.ho
C:\Documents and Settings\alfino\Desktop\perfederica\mirc62.exe rilevati: Riskware.Client-IRC.Win32.mIRC.62

Scansionati

Files: 13112
Tracce: 406297
Cookies: 22
Processi: 34

Rilevato

Files: 46
Tracce: 13
Cookies: 0
Processi: 0
Chiavi registro: 0

Fine scansione: 27/05/2008 16.43.39
Tempo scansione: 0:13:12

C:\Documents and Settings\alfino\Desktop\perfederica\mirc62.exe In quarantena Riskware.Client-IRC.Win32.mIRC.62
C:\AlbumDesign\Droplet\Dimension\' Custom Size.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 20x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 24x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 25x35 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 30x40 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x35 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 35x45 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x30 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x40 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 40x50 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 254 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Album 50x50 300 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 20x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 24x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 25x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 30x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x35 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 35x45 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x30 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x40 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 40x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover 50x50 200 DPI.exe In quarantena Trojan.Win32.Agent.ho
C:\AlbumDesign\Droplet\Dimension\Cover Custom Resize.exe In quarantena Trojan.Win32.Agent.ho
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed In quarantena Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache In quarantena Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> Changed In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Outerinfo --> SlowInfoCache In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayName In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> DisplayVersion In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> HelpLink In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> InstallLocation In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoModify In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> NoRepair In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> Publisher In quarantena Trace.Registry.ClickSpring.Oinadserver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo --> UninstallString In quarantena Trace.Registry.ClickSpring.Oinadserver
c:\windows\system32\searchx.htm In quarantena Trace.File.MaxSpeed

In quarantena

Files: 46
Tracce: 13
Cookies: 0

rosa39
27-05-2008, 18:03
un utente ti aveva consigliato di fare disconnetti e poi elimina mi pare. ma ora come sei messa??

no qualcuno in precedenza(ora non ricordo chi dovrei rileggere i post) mi aveva consigliato di metter rasphone come solo lettura e cosi ho fatto..ma internet connection rimaneva tra le connessioni..e non si toglieva manualmente..poi ho tolto la spunta di solo lettura e ho fatto elimina e ora non c'è più..comunque ho postato i vari log delle scansioni ..mi dite se è il mio pc è ripulito? e poi vorrei anche sapere gentilmente se i vari programmi di scansione scaricati li devo togliere o no

wjmat
27-05-2008, 18:13
no qualcuno in precedenza(ora non ricordo chi dovrei rileggere i post) mi aveva consigliato di metter rasphone come solo lettura e cosi ho fatto..ma internet connection rimaneva tra le connessioni..e non si toglieva manualmente..poi ho tolto la spunta di solo lettura e ho fatto elimina e ora non c'è più..comunque ho postato i vari log delle scansioni ..mi dite se è il mio pc è ripulito? e poi vorrei anche sapere gentilmente se i vari programmi di scansione scaricati li devo togliere o no
se vuoi la sicurezza finisci la guida che lo vediamo
Quando avremo la conferma dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.

Elly_soc
27-05-2008, 18:28
Pensavo di averla debellata la maledetta internet connection ma è ritornata anche sul mio nuovo computer! :muro: Mi avete salvato il portatile e vi chiedo aiuto ancora una volta per il mio pc... GRAZIE!!!!!!!!

xcdegasp
27-05-2008, 18:37
Pensavo di averla debellata la maledetta internet connection ma è ritornata anche sul mio nuovo computer! :muro: Mi avete salvato il portatile e vi chiedo aiuto ancora una volta per il mio pc... GRAZIE!!!!!!!!

sembra ci sia solo:
Files to move:
D:\Programmi\Microsoft Encarta 2007 - Premium DVD\bak\EDICT.EXE | D:\Programmi\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE

Elly_soc
27-05-2008, 18:59
grazie x la tempestività... :D

therichwarrior
27-05-2008, 19:04
riallega f-secure che non è corretto il link

ecco il log di f secure

rosa39
27-05-2008, 19:32
se vuoi la sicurezza finisci la guida che lo vediamo
Quando avremo la conferma dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.
scusami ma dopo aver postato i log delle scansioni che altro devo fare ?(pardon la mia ignoranza)

wjmat
27-05-2008, 20:00
scusami ma dopo aver postato i log delle scansioni che altro devo fare ?(pardon la mia ignoranza)

log di A-squared scansione deep aggiornato ad oggi
log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
log di Dr.Web CureIT scaricato ed aggiornato ad oggi
log di ESET SysInspector
log di HiJackThis
log di Gmer
immagine della schermata di PrevxCSI in caso di rilevazioni

ti mancano quelli segnati in rosso, se passi questi sei a posto ;)

wjmat
27-05-2008, 20:09
ecco il log di f secure
manca quello di sys inspector
caricalo su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.
il problema persiste??

rosa39
27-05-2008, 20:31
log di A-squared scansione deep aggiornato ad oggi
log di F-Secure OnLine oppure di Kaspersky Virus Removal Tool scaricato oggi
log di Dr.Web CureIT scaricato ed aggiornato ad oggi
log di ESET SysInspector
log di HiJackThis
log di Gmer
immagine della schermata di PrevxCSI in caso di rilevazioni

ti mancano quelli segnati in rosso, se passi questi sei a posto ;)

ma li ho mandati nei post precedenti!!

rosa39
27-05-2008, 20:44
ora te li rimando
DrWeb non ha rilevato nulla
PREVXcsi:system status :clean
http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/...80526-1507.xml
http://wikisend.com/download/594990/kasp.txt

wjmat
27-05-2008, 21:01
ora te li rimando
DrWeb non ha rilevato nulla
PREVXcsi:system status :clean
http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/...80526-1507.xml
http://wikisend.com/download/594990/kasp.txt
volevo che li rifacessi dopo kaspersky, ma non avendo trovato nulla cambia poco....

da gmer vedo questo...
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior
chill mi confermi che c'è dell'altro?

therichwarrior
27-05-2008, 22:54
manca quello di sys inspector
caricalo su [wikisend.com] (http://wikisend.com/) o su [mediafire.com] (http://www.mediafire.com/index.php).
Una volta sul sito -> clicca su sfoglia -> seleziona il file da caricare -> poi invia o upload -> aspetta che venga caricato -> copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione.
il problema persiste??

ecco il link SysInspector-PC00-080526-1500.xml (http://wikisend.com/download/514968/SysInspector-PC00-080526-1500.xml)

per quanto riguarda internet connection lho cancellato manualmente e non è spuntato piu però ogni tanto in explorer mi da un errore che non apre le pagine e mi spunta la finestra di errore enon so se è legato al dialer. è possibile?

Chill-Out
27-05-2008, 23:12
volevo che li rifacessi dopo kaspersky, ma non avendo trovato nulla cambia poco....

da gmer vedo questo...
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior
chill mi confermi che c'è dell'altro?

No tranquillo niente MBR Rootkit

Ebenezer
27-05-2008, 23:21
Ciao il tuo log è pulito seguit questa Guida http://www.hwupgrade.it/forum/showpost.php?p=21732879&postcount=1763

Ciao,
grazie alle Vs. preziose indicazioni per ora sono riuscito a togliere la famigerata "internet connection":) ... almeno per ora non mi compare più da ieri...però mi rimane da capire perchè ritorna fuori nella cartella cronologia "download787 (www.download797.com) "sanity.php?1=1266671-10053" :confused:
ho girato i seguenti programmi:
ADS SCANNER 2.0 (spuntato find ads windows folder + find ads all ntfs driver)
e ha risposto FOUND 0 ITEM(S)
A-SQUARE
allego il LOG
F-SECURE
allego il LOG
DR.WEB CUREIT!
allego il LOG
GMER
allego il LOG

Come vi pare? devo fare anche le altre procedure per togliere questo download787 dalla cronologia?

Chill-Out
27-05-2008, 23:24
Ciao,
grazie alle Vs. preziose indicazioni per ora sono riuscito a togliere la famigerata "internet connection":) ... almeno per ora non mi compare più da ieri...però mi rimane da capire perchè ritorna fuori nella cartella cronologia "download787 (vvv.download797.com) "sanity.php?1=1266671-10053" :confused:
ho girato i seguenti programmi:
ADS SCANNER 2.0 (spuntato find ads windows folder + find ads all ntfs driver)
e ha risposto FOUND 0 ITEM(S)
A-SQUARE
allego il LOG
F-SECURE
allego il LOG
DR.WEB CUREIT!
allego il LOG
GMER
allego il LOG

Come vi pare? devo fare anche le altre procedure per togliere questo download787 dalla cronologia?

Forse hai dimenticato di allegare il log di CureIt e Gmer visto che li hai fatti, poi allega un log di HijackThis

Edita il link vvv.download797.com

Ebenezer
27-05-2008, 23:29
Ops, mancano due LOG...
dr.web è gigantesco allego quello che mi sembra importante
==========================================================
Dr.Web® Scanner per Windows v4.44.5 (4.44.5.05200)
© Igor Daniloff, 1992-2008. All rights reserved.
Log generati su: 2008-05-27, 18:47:11 [USER][Marco]
Linea di Comando: "C:\DOCUME~1\Marco\IMPOST~1\Temp\RarSFX0\setup.exe" /lng:it-cureit.dwl /ini:setup_XP.ini
Sistema operativo:Windows XP Home Edition x86 (Build 2600), Service Pack 2
==========================================================
-----------------------------------------------------------------------------
Statistiche delle Scansioni
-----------------------------------------------------------------------------
Oggetti controllati: 179874
Trovati oggetti Infetti: 2
Trovato Oggetti modificati: 2
Trovato oggetti Sospetti: 0
Trovato Adware: 0
Trovato Dialer: 0
Trovato Joke: 0
Trovato Riskware: 0
Trovato Hacktool: 0
Oggetti curati: 0
Oggetti cancellati: 2
Oggetti rinominati: 0
Oggetti spostati: 2
Oggetti ignorati: 0
Velocità di scansione: 307 Kb/s
Durata scansione: 01:20:01
--------------------------------------------------------------------------


e poi GMER
Ciao

Ebenezer
27-05-2008, 23:34
Forse hai dimenticato di allegare il log di CureIt e Gmer visto che li hai fatti, poi allega un log di HijackThis

Edita il link vvv.download797.com

Ecco il file di HijackThis..:)
Ciao

Chill-Out
27-05-2008, 23:35
I log vanno allegati così non vedo cosa è stato cancellato/rinominato

Manca il log di HijackThis

Chill-Out
27-05-2008, 23:38
Il log di hijackThis è pulito, fai pulizia con ATF Cleaner come indicato qui: http://www.hwupgrade.it/forum/showthread.php?t=1599737

e dimmi se il famigerato link salta ancora fuori

Ebenezer
27-05-2008, 23:42
Il log di hijackThis è pulito, fai pulizia con ATF Cleaner come indicato qui: http://www.hwupgrade.it/forum/showthread.php?t=1599737

e dimmi se il famigerato link salta ancora fuori

Ci provo subito e faccio sapere! :)

cpt-one
27-05-2008, 23:48
ti ho corretto il titolo :)
Salve a tutti, sono un neofita di questo forum, vi chiedo un aiuto per liberarmi del dialer (??) hxxp://www.download787.com. Nonostante ho la connessione ADSL preferirei eliminare il fastidio di IE che parte ad ogni avvio del PC cercando di collegarsi al sito hxxp://www.downlod787.com. Vi segnalo che se attivo la connessione con il browser IE aperto a causa del dialer, AVAST mi segnala la presenza di WIN32: Dialer-1378[trj] e mi consiglia di chiudere la connesssione. Se però faccio uno scan con AVAST il PC risulta pulito. Comunque ho seguito le istruzioni del forum e vi posto il log di FindAWF. Spero che qualcuno di voi mi possa aiutare fornendomi lo script per Avenger. Un grazie in anticipo.

Ebenezer
27-05-2008, 23:57
Salve a tutti, sono un neofita di questo forum, vi chiedo un aiuto per liberarmi del dialer (??) www.download787.com. Nonostante ho la connessione ADSL preferirei eliminare il fastidio di IE che parte ad ogni avvio del PC cercando di collegarsi al sito www.downlod787.com. Vi segnalo che se attivo la connessione con il browser IE aperto a causa del dialer, AVAST mi segnala la presenza di WIN32: Dialer-1378[trj] e mi consiglia di chiudere la connesssione. Se però faccio uno scan con AVAST il PC risulta pulito. Comunque ho seguito le istruzioni del forum e vi posto il log di FindAWF. Spero che qualcuno di voi mi possa aiutare fornendomi lo script per Avenger. Un grazie in anticipo.

questo vvv.download787.com sta facendo un a strage..:mad:
Ma non c'è maniera rintracciarli,...di denunciarli? o comunque fargliela pagare in qualche maniera?

xcdegasp
28-05-2008, 00:00
Salve a tutti, sono un neofita di questo forum, vi chiedo un aiuto per liberarmi del dialer (??) www.download787.com. Nonostante ho la connessione ADSL preferirei eliminare il fastidio di IE che parte ad ogni avvio del PC cercando di collegarsi al sito www.downlod787.com. Vi segnalo che se attivo la connessione con il browser IE aperto a causa del dialer, AVAST mi segnala la presenza di WIN32: Dialer-1378[trj] e mi consiglia di chiudere la connesssione. Se però faccio uno scan con AVAST il PC risulta pulito. Comunque ho seguito le istruzioni del forum e vi posto il log di FindAWF. Spero che qualcuno di voi mi possa aiutare fornendomi lo script per Avenger. Un grazie in anticipo.

scarica avenger e carica questo script:
Files to move:
C:\Programmi\FaxTalk Communicator\bak\FTCtrl32.exe | C:\Programmi\FaxTalk Communicator\FTCtrl32.EXE
C:\Programmi\Lexmark X74-X75\bak\lxbbbmgr.exe | C:\Programmi\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\File comuni\Nero\Lib\nerocheck .exe | C:\Programmi\File comuni\Nero\Lib\nerocheck.exe
C:\WINDOWS\system32\bak\PSDrvCheck.exe | C:\WINDOWS\system32\PSDrvCheck.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe | C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe | C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Real\RealPlayer\bak\realplay.exe | C:\Programmi\Real\RealPlayer\realplay.exe
C:\Program Files\ASUS\Probe\bak\AsusProb.exe | C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Logitech\MouseWare\system\bak\EM_EXEC.EXE | C:\Programmi\Logitech\MouseWare\system\EM_EXEC.EXE

poi rifai un altro log con findawf e uno con a-squared e un log hijackthis :)

Ebenezer
28-05-2008, 00:02
Ci provo subito e faccio sapere! :)

Il log di hijackThis è pulito, fai pulizia con ATF Cleaner come indicato qui: http://www.hwupgrade.it/forum/showthread.php?t=1599737

e dimmi se il famigerato link salta ancora fuori

Ho seguito le istruzioni e per ora non compare.. però per sicurezza provo a spengere e riaccendere il pc....speriamo in ben...:)
Per ora grazie infinite...
A dopo

Chill-Out
28-05-2008, 00:03
O seguito le istruzioni e per ora non compare.. però per sicurezza provo a spengere e riaccendere il pc....speriamo in ben...:)

OK fammi sapere

Ebenezer
28-05-2008, 00:18
OK fammi sapere

Niente da fare è ricomparso!
Ho riacceso, ho aperto IE, poi ho aperto la cronologia e non c'era...
Mi sono allontanato 3 minuti e sono tornato...ho riaperto la cronologia (senza "navigare" in nessuna pagina) ed eccolo di nuovo qua...:(

sto perdendo le speranze....:cry:

Chill-Out
28-05-2008, 00:24
Niente da fare è ricomparso!
Ho riacceso, ho aperto IE, poi ho aperto la cronologia e non c'era...
Mi sono allontanato 3 minuti e sono tornato...ho riaperto la cronologia (senza "navigare" in nessuna pagina) ed eccolo di nuovo qua...:(

sto perdendo le speranze....:cry:

Scarica SDFix e salvalo sul Desktop
Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
Riavvia il sistema in modalità provvisoria F8
Apri la cartella SDFix in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
seleziona Y per avviare la pulizia
Quando richiesto premi un tasto per riavviare
(il sistema impiegherà più tempo in fase di avvio perchè lo script eseguirà l'eliminazione dei file trovati)
Finito il caricamento dovresti visualizzare il messaggio "Finished"
Premi un tasto per terminare lo script e ricaricare le icone del desktop
Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Ebenezer
28-05-2008, 00:26
Scarica SDFix e salvalo sul Desktop
Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
Riavvia il sistema in modalità provvisoria F8
Apri la cartella SDFix in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
seleziona Y per avviare la pulizia
Quando richiesto premi un tasto per riavviare
(il sistema impiegherà più tempo in fase di avvio perchè lo script eseguirà l'eliminazione dei file trovati)
Finito il caricamento dovresti visualizzare il messaggio "Finished"
Premi un tasto per terminare lo script e ricaricare le icone del desktop
Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
riparto e poi faccio sapere..:)

Chill-Out
28-05-2008, 00:30
riparto e poi faccio sapere..:)

OK

Ebenezer
28-05-2008, 01:04
riparto e poi faccio sapere..:)

OK

Fatto SDFix come istruzioni!
Allego il file di LOG...

Ebenezer
28-05-2008, 01:06
Fatto SDFix come istruzioni!
Allego il file di LOG...

Intanto è riapparso download787...:incazzed:

Chill-Out
28-05-2008, 01:15
Intanto è riapparso download787...:incazzed:

Lo trovi in cronologia o si apre la pagina verso il famigerato

Ebenezer
28-05-2008, 01:18
Lo trovi in cronologia o si apre la pagina verso il famigerato

Lo trovo solo in cronologia...:(
ora l'ho cancellato e per ora non c'è...

Chill-Out
28-05-2008, 01:24
Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. Nella tabella seguente è disponibile un elenco completo delle impostazioni, insieme alle informazioni sulle impostazioni ripristinate o mantenute.

Ebenezer
28-05-2008, 01:29
Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. Nella tabella seguente è disponibile un elenco completo delle impostazioni, insieme alle informazioni sulle impostazioni ripristinate o mantenute.

Quale tabella seguente?
Comunque provo....e poi ti faccio sapere..:)
grazie ancora per la pazienza:)

Ebenezer
28-05-2008, 01:29
[QUOTE=Ebenezer;22645953]Quale tabella seguente?
QUOTE]

trovata...:)

Chill-Out
28-05-2008, 01:32
[QUOTE=Ebenezer;22645953]Quale tabella seguente?
QUOTE]

trovata...:)

ti ho allegato la nota informativa, la sequenza è questa Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

riavvia e fammi sapere

Ebenezer
28-05-2008, 01:36
Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. Nella tabella seguente è disponibile un elenco completo delle impostazioni, insieme alle informazioni sulle impostazioni ripristinate o mantenute.

allora ho fatto:

Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer cliccato su Reimposta - e quando viene fuori il messaggio di chiuderele altre finestre ho cliccato su ok.

Non da visibili segni di cambiamento...basta così?

Chill-Out
28-05-2008, 01:42
allora ho fatto:

Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer cliccato su Reimposta - e quando viene fuori il messaggio di chiuderele altre finestre ho cliccato su ok.

Non da visibili segni di cambiamento...basta così?

si basta così cosa volevi vedere :D dimmi se risalta fuori quella rottura di download787

Ebenezer
28-05-2008, 01:47
[QUOTE=Ebenezer;22645960]

ti ho allegato la nota informativa, la sequenza è questa Da Strumenti - Opzioni Internet - Avanzate - Reimposta Internet Explorer clicca su Reimposta

riavvia e fammi sapere

è ricomparsa...:(
Ho riacceso, ho aperto IE e non ho toccato altro....mi sono alzato per chiudere una finestra sono ritornato e nella cronologia è ricomparso...

download787 (vvv.download787.com)
sanity.php?1=1266671-10053

maledizione....

Ebenezer
28-05-2008, 01:50
[QUOTE=Chill-Out;22645983]

è ricomparsa...:(
Ho riacceso, ho aperto IE e non ho toccato altro....mi sono alzato per chiudere una finestra sono ritornato e nella cronologia è ricomparso...

download787 (vvv.download787.com)
sanity.php?1=1266671-10053

maledizione....

comunque di buono c'è che non è più riapparsa oramai da ieri la "internet connection"...
forse la "cosa" nella cronologia è un rimasuglio innocuo...

Ebenezer
28-05-2008, 02:04
Chill-Out ti ringrazio della pazienza..mi rifaccio vivo domani..

Chill-Out
28-05-2008, 02:04
[QUOTE=Ebenezer;22646104]

comunque di buono c'è che non è più riapparsa oramai da ieri la "internet connection"...
forse la "cosa" nella cronologia è un rimasuglio innocuo...


E che cavolo :mad:

Di A-Squared non hai fatto la DEEP Scan sarebbe opportuno

Dr.Web® Scanner per Windows v4.44.5 (4.44.5.05200)
© Igor Daniloff, 1992-2008. All rights reserved.
Log generati su: 2008-05-27, 18:47:11 [USER][Marco]
Linea di Comando: "C:\DOCUME~1\Marco\IMPOST~1\Temp\RarSFX0\setup.exe" /lng:it-cureit.dwl /ini:setup_XP.ini
Sistema operativo:Windows XP Home Edition x86 (Build 2600), Service Pack 2
==========================================================
-----------------------------------------------------------------------------
Statistiche delle Scansioni
-----------------------------------------------------------------------------
Oggetti controllati: 179874
Trovati oggetti Infetti: 2
Trovato Oggetti modificati: 2
Trovato oggetti Sospetti: 0
Trovato Adware: 0
Trovato Dialer: 0
Trovato Joke: 0
Trovato Riskware: 0
Trovato Hacktool: 0
Oggetti curati: 0
Oggetti cancellati: 2
Oggetti rinominati: 0
Oggetti spostati: 2
Oggetti ignorati: 0
Velocità di scansione: 307 Kb/s
Durata scansione: 01:20:01



avrei bisogno di sapere il nome degli oggetti rilevati

Ebenezer
28-05-2008, 02:09
[QUOTE=Ebenezer;22646121]


E che cavolo :mad:

Di A-Squared non hai fatto la DEEP Scan sarebbe opportuno



avrei bisogno di sapere il nome degli oggetti rilevati

se mi fai sapere cosa defo fare in A-Squared domani provo.
Di dr.Web non sono riuscito ad allegare il file completo era gigantesco (17.000 kb)...cosa ho sbagliato?

Se mi lasci istruzioni domani procedo e mi rifaccio vivo..
Ciao e buonanotte...:)

Ebenezer
28-05-2008, 02:11
un ultima cosa...
15 min. fa circa ho eliminato dalla cronologia il download787 e ancora non riappare.... eppure è già passato molti minuti....probabilmente riparte solo quando riavvio il pc.

Ciao:)

wjmat
28-05-2008, 09:57
ora te li rimando
DrWeb non ha rilevato nulla
PREVXcsi:system status :clean
http://wikisend.com/download/574300/hijackthis.log
http://wikisend.com/download/574516/gmer.log
http://wikisend.com/download/574590/...80526-1507.xml
http://wikisend.com/download/594990/kasp.txt
rosa dai log sembri pulita, se non riscontri problemi dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.

therichwarrior
28-05-2008, 10:17
rosa dai log sembri pulita, se non riscontri problemi dai un'occhiata al trattamento di prevenzione / post disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1726383), ti aiuta a verificare la configurazione di sicurezza del tuo pc ed eliminare eventuali residui inutili dei programmi utilizzati nelle guide.

ciao ti ho postato il log di sys inspector hai visto? pag 124 se non erro fammi sapere ciao

wjmat
28-05-2008, 10:28
ciao ti ho postato il log di sys inspector hai visto? pag 124 se non erro fammi sapere ciao
visti i problemi avuti IE ti sconsiglio di usarlo, ma comunque dagli una resettata, verrà rimesso come appena uscito di fabbrica ;)

Strumenti -> Opzioni Internet -> Avanzate -> Reimposta

NB: La reimpostazione delle impostazioni predefinite di Internet Explorer consente di ripristinare lo stato del programma al momento della prima installazione nel computer. Questo può essere utile per risolvere problemi potenzialmente originati dalla modifica di alcune impostazioni dopo l'installazione. Quando vengono ripristinate le impostazioni predefinite di Internet Explorer, alcune pagine Web che fanno riferimento a cookie, dati dei moduli e password memorizzati in precedenza o a componenti aggiuntivi del browser precedentemente installati potrebbero non funzionare correttamente. La reimpostazione delle impostazioni predefinite di Internet Explorer non elimina i Preferiti, i feed e altre impostazioni personalizzate. .

Chill-Out
28-05-2008, 10:52
un ultima cosa...
15 min. fa circa ho eliminato dalla cronologia il download787 e ancora non riappare.... eppure è già passato molti minuti....probabilmente riparte solo quando riavvio il pc.

Ciao:)

NB: ripristino configurazione sistema disattivato

Riesegui la pulizia con ATF Cleaner

Inserisci in Avenger questo Script

Files to delete:
C:\DOCUMENTS AND SETTINGS\MARCO\IMPOSTAZIONI LOCALI\TEMP\R1585287575.EXE
C:\DOCUMENTS AND SETTINGS\MARCO\IMPOSTAZIONI LOCALI\TEMP\R2656759356.EXE

Doppio click su A-Squared - Aggiorna ora terminato l'aGgiornamento clicca su Scansiona Pc e lanci una DEEP SCAN

Riepilogo log da allegare
Avenger
A-Squared
CureIt anche se di 17MB

hostali qui http://fileqube.com/ indica nel prossimo post il link dove prelevarli per il controllo
Ciao