|
|||||||
|
|
|
 |
|
|
Strumenti |
05-02-2008, 21:25
|
#1 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
[risolto] SmitFraud-C.CoreService
Chiedo aiuto... non so più che pesci prendere!
Spybot - Search & Destroy mi ha segnalato la presenza del seguente virus: SmitFraud-C.CoreService. In effetti ogni tanto mi parte la finestra di Explorer e mi dirotta su diversi siti... Ho operato nel seguente modo: 1. disattivato il ripristino del sistema 2. disattivato antivirus Kaspersky, RegProt, SpywareBlaster 3. eseguito CCleaner 2.04.543 4. eseguito a-squared Free 3.1 5. riavviato il sistema in modalità provvisoria (WinXP SP2) 6. eseguito SmitFraudFix v2.281 7. eseguito SDFix Ripartito il sistema ma è tutto come prima! Allego i log di SmitFraudFix, SDFix e Hijackthis Grazie dell'attenzione... P.S. eventualmente è sufficiente fare un aggiornamento del sistema oppure è meglio reinstallarlo ex-novo? Codice:
SmitFraudFix v2.281 Scan done at 20.18.47,56, 05/02/2008 Run from C:\Documents and Settings\Alberto\Desktop\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Codice:
SDFix: Version 1.136
Run by Alberto on 05/02/2008 at 20.28
Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 20:33:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBF0F6E4-4B37-FABC-A8A2-5039F3D05E49}]
"faindmppnemg"=hex:68,61,67,6b,64,64,6b,69,6e,6c,69,65,6a,68,65,6a,00,e9
"faindmppnejg"=hex:68,61,67,6b,64,64,6b,69,6e,6c,69,65,6a,68,6c,6b,00,e9
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Programmi\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Programmi\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Programmi\\uTorrent\\utorrent.exe"="C:\\Programmi\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Programmi\\eMule\\eMule.exe"="C:\\Programmi\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"="C:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\\Documents and Settings\\Alberto\\Dati applicazioni\\Thunderbird\\Profiles\\ffy1oxwc.default\\extensions\\{83d1f945-8280-11db-96a7-00e08161165f}\\spambayes\\win\\sbpython.exe"="C:\\Documents and Settings\\Alberto\\Dati applicazioni\\Thunderbird\\Profiles\\ffy1oxwc.default\\extensions\\{83d1f945-8280-11db-96a7-00e08161165f}\\spambayes\\win\\sbpython.exe:*:Enabled:sbpython"
"C:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Disabled:Message Queuing"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
Remaining Files:
---------------
Files with Hidden Attributes:
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Programmi\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe"
Fri 9 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 5 Sep 2006 427,632 A..H. --- "C:\Programmi\Canon\Canon Setup Utility 2.3\Maint.exe"
Thu 27 May 2004 61,440 A..H. --- "C:\Programmi\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
Mon 14 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0e57061b15d0532ca045831d27b2c8f4\BITB.tmp"
Finished!
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.03.39, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\NDAS\System\ndassvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Alberto\Menu Avvio\Programmi\Sistema - Protezione\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [EOUApp] "C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: StartUpMet.lnk = C:\MetodoEvolus\Setupt\SetupMet.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8B1F27-AE54-479D-AACF-0A7B2334E7EE} (HTTPUplListX Control) - http://stampafoto.mediaworld.it/HTTPUplList.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Funzionamento NDAS (ndassvc) - XIMETA, Inc. - C:\Programmi\NDAS\System\ndassvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmi\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
--
End of file - 9649 bytes
|
|
|
|
05-02-2008, 21:50
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Allega un log di ComboFix
Download: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Doppio click su combofix.exe e segui le istruzioni Allegare il log C:\combofix.txt e anche il file; C:\ComboFix-quarantined-files.txt N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire) ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza Allega un log completo di Gmer http://www.gmer.net/gmer.zip Hostali qui http://www.fileup.itadib.com/index.php ed indica il link dove prelevarli nel prossimo post
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 05-02-2008 alle 21:56. |
|
|
|
|
06-02-2008, 10:47
|
#3 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
ComboFix
Ho scaricato e avviato ComboFix, con macchina dedicata, scollegata dalla rete e disattivato Kaspersky... si apre la finestra dos ma non parte nulla, rimane blu con il cursore lampeggiante e nessun avviso!
Che fare?! Grazie |
|
|
|
|
06-02-2008, 11:27
|
#4 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Dopo la finestra blu del ComboFix Disclaimer deve premere 1 e poi Enter (TYPE 1 TO CONTINUE)
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 06-02-2008 alle 11:30. |
|
|
|
|
06-02-2008, 12:02
|
#5 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
...il problema è che non appare nessun disclaimer!
Allego stamp video... |
|
|
|
|
06-02-2008, 12:10
|
#6 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Allega il log di Gmer
__________________
Try again and you will be luckier.
|
|
|
|
|
06-02-2008, 12:40
|
#7 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
...questo ha funzionato! Ecco il link: http://www.fileup.itadib.com/downloa...nTCqeSSvYoUArS
|
|
|
|
|
06-02-2008, 13:37
|
#8 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
perchè non seguire la procedura descritta in Guida alla Disinfezione per Infetti e pubblicare i vari log richiesti?
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
06-02-2008, 15:18
|
#9 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
06-02-2008, 15:29
|
#10 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Visto che non si riesce ad avere un log di ComboFix proviamo con Avenger http://swandog46.geekstogo.com/avenger.zip
Scompattarlo, avviarlo, selezionare "Input script manually" e cliccare sulla lente d'ingrandimento. Nella nuova finestra, incollare lo script che ti indico cliccare sul pulsante "Done",cliccare sull'icona di semaforo verde rispondere "yes" 2 volte ;il pc dovrebbe riavviarsi da solo se così non fosse, riavvialro manualmente. Al riavvio del sistema verrà visualizzato il log in c:\avenger.txt da allegare per il controllo Quote:
infettivi in corso. Che roba è questa O4 - Global Startup: StartUpMet.lnk = C:\MetodoEvolus\Setupt\SetupMet.exe
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 06-02-2008 alle 15:37. |
|
|
|
|
|
06-02-2008, 15:29
|
#11 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
ok ma almeno vediamo in che stato è quel pc e che sistema operativo ecc..
attualmente non abbiamo molti dato in possesso 
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
06-02-2008, 15:31
|
#12 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
06-02-2008, 15:33
|
#13 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
no vabbhè si può farlo anche dopo avenger..
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
06-02-2008, 19:03
|
#14 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
...allego i log di Prevx CSI, Avenger e RootkitUnhooker...
la voce "O4 - Global Startup: StartUpMet.lnk = C:\MetodoEvolus\Setupt\SetupMet.exe" fa riferimento ad un programma gestionale ERP... è Ok... Grazie ancora... Codice:
Prevx CSI Log - Version v1.5.103.197
Some non-malicious entries have been removed automatically
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] MD5: 036FC522AC5784EBF03C1F85E93415E7 PX5: EAEF384300B86E2BC60900AD18ED0300B6B454BF
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] MD5: 75A0AECC55A3F0B9E2D54119FA4AAB6D PX5: 98EF83350066C70122B20B444BEBEA00D217A1B2
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] MD5: 2B511A5438308A1AC8D48482279810E6 PX5: 457E08CD00DE83E3183600665DD0AE001F0FA82A
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] MD5: 4BA2DBAC6357B3B9D89C53823AFE15C5 PX5: 672F934100D50DA280D100335AB03A0006C3D206
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] MD5: 7B37B598B55BF80415C15BFFE7A992A2 PX5: CDE7154D0060E2E4CE1D00F8B4D58500AEAC4112
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] MD5: A372E3E086A11A01CFCA3B8DCCBFCB50 PX5: EA125ACC0017E3527A0804FB6E773E00D0D2275E
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] MD5: 82D7DE4DF9B7FF8D8B9AEFC48F2F3BE5 PX5: E0AE989400FE60C04EE004B2BF0AC40001B8B70F
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] MD5: EB1428078E1D10FDEC060857AA526A9F PX5: 0AD652AA00FC1D0CB2930F5593CD84005E517D9A
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] MD5: 9DAA2190A18739B657B58F794ACF2E47 PX5: D423C40D007DC87CD48F089CF302B800036F5CB9
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] MD5: 1F0124663855AF228233F43021400F72 PX5: F6867B260073AE3BE8420A9D4CB88200ED96EA53
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] MD5: 09BB0A2C325F7085E24FAE6134DE2D16 PX5: DA31EA390036C3916C5C0A395DA4E3007CA4EABA
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] MD5: 22413A53995E0A23915A6433BFB90563 PX5: D30BFA4500E11CC3EA0408EA8337540073B46F29
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] MD5: 8285B8B146B42FF18ED08C558435011E PX5: 2226211D005B7868DA45009E23898E00149E78C6
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] MD5: 086DA77C3C612759D4EF437F67532E2D PX5: 2E534C590076A85BF05D01EC9E4FFB0089A4554F
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] MD5: 9B5A59851D9A237C86210E07E2195A12 PX5: 17E09890009DDCC84AAD00E153CBBA0071FD3882
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] MD5: 4166454E2BCFCC20D1B8A5AC9FEAB243 PX5: D0D54E6C00E89575B4CC07CFE43BE400C1F31A26
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] MD5: AC3257B2E441866289D7EB8377490765 PX5: 869C1EE500523D0FDE60003D7F38BD0038C5A93D
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] MD5: 9E6CB81BE111B9935F6A97C367CABD4E PX5: EAD3CF360087D2AD3C120509FE506F008FB88290
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] MD5: 5588D8AFD51D060F82315C50D7590323 PX5: DD3ED9060033BBFB2E83098709F8D4001E524429
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] MD5: 0A75AC7D90BD8E6BC942DBA004579D5B PX5: 09F301D4001F77D2E0150027945354004927323C
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] MD5: 11BE44F0C0978927AED7D69B75C24937 PX5: 8E19EB1100E774A0488300C192BED30080B1D3E4
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] MD5: 0328058695D324D26528077F5B136636 PX5: 90AEB4A600D0EF596C4F00D134ACAA00BDFD0752
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] MD5: 9003E9374EA7C1A81DB51CEE64C427F6 PX5: 0919F94300F3C16412B605F0CC86050045AA2AE7
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] MD5: AC31CA2B251FE8057528FA937335B164 PX5: 02BF46CD00DC848D207F0BA7D391AB00DCDEB32E
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] MD5: 2BAF81B8504D9C1600C51A498E5453B3 PX5: 5DB1DF3A00AE978A5A1800B9B5A8C30041FF3076
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] MD5: BB756F78728C2D953574E8652B7E86A8 PX5: BDCF1CB600ACB6D2C2EE007361942C0007606048
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] MD5: 6F83A7ED3217D0E612445612D1991767 PX5: 085443D800EAF0FA42960F6622B8E300CB4CB91D
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] MD5: DE24EBECF7833A4DE925D0832956F21A PX5: 1789B2A5005E39C8D2660086022E8500C3B9450D
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] MD5: 48BD2908FE77ABB5EF42DD4A108600B5 PX5: 0D34C3E0002C3B32B2670226273B8500327F7603
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] MD5: F309C34E0F66DAC995053E91EFFC9002 PX5: 92D4CA5F00EA8A5C340F02F2506EE800E1319CFF
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] MD5: 12EAD983C875ED9BCC8B90E3F77F2E4A PX5: 42D0077300700B1344D7019D11CF0E00A225E294
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] MD5: 0C1F495C1761C126BC820F4DE4C8B967 PX5: 097C6291004A18B14EEC00B4A6264D00B84611B9
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] MD5: CA38A6091ECAC2668EC99AFD4B6C0615 PX5: CDBF4DDD001A7574AE3A01510D252400AF18CE5E
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] MD5: 4BA6464CF0D5FE0CD0B43AE4B3B32D26 PX5: 0590994000D0A8B53A390FFB32187D003143117B
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: 215DA5830048FB3674DB81C1D671C100E9F4366E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] MD5: 085530E882E0E97D8842F9628FC637AC PX5: 7D1168D10076E74F3C1407B6331C07007C1C46D8
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] MD5: EFA21A3FE23BBCFDB6F61A3AF723E05A PX5: 58711F2E00E7D4E26C3A0946506D1B008DF24393
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] MD5: 485B2381CF003DAD79F1371FBEAACD5A PX5: A52E0F9B00E1697FD015036BACB9C10078B33C67
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] MD5: C99FD691ACAFAEEEFD03F1E4E6D3DD60 PX5: D1079ADC002DFDB3487D042258AF1F00F0FB72E4
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll InMem: 1 Det [G] MD5: 837B282813808C17E9C94E56300AA29E PX5: 6C2DA8F700C891F6167D107D5B6FFD004BDE3FD7
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] MD5: EA88A16DA0D06069C0C06AB5A4669E26 PX5: 17030F830012904980B601AEBBE29A00B94ABB0D
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] MD5: FAD73705BED0910E910DE852B0F8AEBC PX5: 593617FD0028BAC30E8502553039DB005AE5DAA4
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] MD5: E6F026DBC75B6EED7331EBF581AFD4D8 PX5: 16BA5AAF006AA18914FD002B882F7D0027109E10
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] MD5: 8FBF27AB56DE71E2BDD5A2CCB7FB9023 PX5: 53B4176200566C3D2844029CE35AC3003149753E
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] MD5: D5622B6D4CD43F2223718820C0A178AD PX5: 85434D2700A77E169AF713D8C3B0DC00CF7A5885
C:\WINDOWS\system32\msctfime.ime InMem: 1 Det [G] MD5: 29DE0B3FB6DEC623E2DC5E9C7C89CAB8 PX5: A0883E0F00146873B4BB0255156E8700B1387578
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] MD5: 840535254EDD74E79D059229C5A2F800 PX5: 49E7BE4C00EA6409841F01CF112B5500E75D0DD5
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] MD5: E2703BB7BEAC36269482A8D32400AD38 PX5: 1CDB8610004CDD7F48CB007245065C0097B2DD61
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] MD5: D5193D474D7BB9CE917B4CF5F3ADA9D4 PX5: D88EDDB7006796175ABD03E85DCCE30039E51CA1
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] MD5: 1DC87F8C450E295FB8CC5039D27292E5 PX5: 8B514EB5005BE141BAA3022C5AD8F400CAAEB534
C:\WINDOWS\system32\Ati2evxx.dll InMem: 1 Det [G] MD5: 1F9548C4C016A1F1F949BF231506C702 PX5: 07107BBE003AE447B83900CDA192AA003FDBCF63
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent - DLLName [Ati2evxx.dll]
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] MD5: 26ACBD865F8CFF730F1791C4D0854352 PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] MD5: 38C69B2BC3182A85F0B323C9D1EB7E26 PX5: 36CC0D8B0009157E909D017F19231E0041E0A92E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] MD5: 72E4CAD810A967449CAAB723E99C74B1 PX5: 3C08F14B008AD1456C990109A197100002605D8A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] MD5: A357128EEA84698DCF3ED33E521292CC PX5: A35B6D1900D11F1D3E5102B97EFC0500E974203D
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] MD5: 7013FC08075EEF2D881D55F898F2D402 PX5: 4E92FBCC002BB291EAE5000F10C15F00A1E7AD21
C:\WINDOWS\system32\WgaLogon.dll InMem: 1 Det [G] MD5: 8E062904E0108B6E8AD44686697BB8CC PX5: 89BDBABD808784849D2F03E53DB2B60038D1784F
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon - DllName [WgaLogon.dll]
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] MD5: 3025D5DAB63B81F538E10878D8426389 PX5: 0ADCFE240032582262B908FFB341E7008E7C2AC4
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] MD5: 3C1B1065C5BFCA5190E7FA7EFCB11B59 PX5: 1D452FC300F103CCD4AF019C0B4A1000D0C05759
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] MD5: A340DEC6229F08D8B9644F2BE00100FC PX5: 9E81915C002CE532A4010226E6EC3100C992DBA0
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] MD5: F16C9CDB4A47969B1CF48E0620F6E217 PX5: 6D3509C200E203F6FAF00078D7EA35003D8429D0
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] MD5: 092813B8F60F1E12E8AF5DB98037B770 PX5: DDDD061C00DDD1C99CCC07876975D5003DF223DA
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] MD5: B979BBBA74F4F5DB69C3A5DFDC52828C PX5: D3FD3AB2006F991AE8A30C7CE8FD780095D6A640
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] MD5: AFFA7A2ECB1476F29641C90524F63E2E PX5: 7DDBB66E00F27A20FA0D01B81C65BB005752F1B9
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] MD5: 6150872A38D85C8CDDB1B2FBFF1BB07F PX5: 352A2D920078A26F766401FF71F80300DA785AEF
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] MD5: 53E5AB61DDCC0F057182BC1B5513B744 PX5: 8E7CD5F4006500C1188E05B6248B9200BAF8CA73
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] MD5: 6DEB9059000C34770192B78D85F6D387 PX5: E19B13CB00CFB9ED5C250033B033BB00A27F216F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave4 [wdmaud.drv]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] MD5: 05E84EEAD6B27C958621A4E6D33859D1 PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] MD5: B088085D01B3E80E2BE0E9CD1838BA9B PX5: CD32AC5300D4DB3A183401A597817D009B477A6B
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] MD5: EAAA11BE5C162266E698F7658BD8A1DA PX5: 8C299C3E002D88084A0000F598A51000C8C9681D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\MPRAPI.dll InMem: 1 Det [G] MD5: B61978022A65FAC95B8E3817D5029870 PX5: F40536E000846CE4547B017CD7ABC100D153D57A
C:\WINDOWS\system32\ACTIVEDS.dll InMem: 1 Det [G] MD5: 25E4E36CED6B15DF8D8C10460BE834A2 PX5: EFB02947002647C8F6250205FD9612006E9558F5
C:\WINDOWS\system32\adsldpc.dll InMem: 1 Det [G] MD5: 15CE221ACE929705BA7E4346D74E8A06 PX5: 6D8B11FE00EF99F53026027F152EC40097EA0ACA
C:\WINDOWS\system32\ATL.DLL InMem: 1 Det [G] MD5: 32BD4CC64449EA2549BE4A8EFC54F4DE PX5: 90FBA32A008A4DC9E6A3004879775D009B9241D5
C:\WINDOWS\system32\rtutils.dll InMem: 1 Det [G] MD5: 204A7D354683A49C37505BE1646C5D43 PX5: BF0F14BA00130FA5ACFA00D907EAE70083958E2B
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] MD5: 0E8E6901C637095EC3B483475E39731E PX5: DD9EAB9A00D5F12036192D6118710400ADB6810C
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] MD5: E77F6FA2A15390F1727F4C1C55B69DA6 PX5: 55CFB3920083E585A8B8011373392400747D1070
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] MD5: E84A4BFD34F64AF3A9B2E4FF45C02DCA PX5: 42090831009A7DEDFC25041A41C0A6009F850DB8
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] MD5: D717635E8C6D91644AEDA4B37A49762A PX5: A0722C41001DFC8BE8A7011B43DD8300C52FA704
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] MD5: 1FC06B22BA62AB448613461D06C328C9 PX5: 7EA0BF3D001A18F58E38007796CD8000CD7F3FCC
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] MD5: B30C42DFA52A70037AB31A85057A5657 PX5: 2D7DD02900BE71EC5085060A796CD8005BF97344
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] MD5: DC7D49E0DEC335B8E14C734AB1BADE66 PX5: 279F162200D45347000001BBAACC850063724C8D
C:\WINDOWS\AppPatch\AcAdProc.dll InMem: 1 Det [G] MD5: 744EA281298317E91C3BEA70BF3843D4 PX5: 4481FDAC006BDDB69ABC00D7D79D140035AF8893
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] MD5: D1CAA255F33C06C8302769A86FFB905E PX5: D2B7D57A001E9CD9DA5600E2BE4F3C00079E4466
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] MD5: 0815E8DA286775FA432C7C9EE5E10BA1 PX5: CC1BA69F00AF6D2D3445003B3C2E0700B638080D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] MD5: CCA9A75FC163ED610CF3945069BF4A3A PX5: 4A2D1F9A00EE2E841A4F0B1A2FFB0900A3181BF3
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] MD5: 6AE3588C5FEA68CDFCD743AF5FC95398 PX5: B049763B0042836806A701AA022FCD00F10A90B1
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] MD5: B4936FB637C2E2EC03F2589CBCD077EF PX5: 74EB5FA400ECF6FA447C02F4107A1600E5E5C273
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] MD5: 12B717E63F23BDF3FD43B295542154D9 PX5: E92EC68300CE21C68E4E06BCC0EDF6004268C49A
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] MD5: 4AC54687B901091378C512A6C56F6214 PX5: 81B30DAB0078862F82C6000202049600DB968CD1
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] MD5: 26CAAEE19627A49509A5FAAF49E418A0 PX5: 5F6310EE002D3DBC446C1C5A826CF10048881669
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] MD5: D7D64FF974B96816E1AE2C5B86DE35BA PX5: 0CA48DC3002C50B3BC750065E2B27800000C62EB
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] MD5: A3103D196CE0DB4C8B5C6A365628E9EF PX5: 6F259D99008DE085843504BA6E05F400BD1351EF
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] MD5: 926BB51BB6DE79DEDB93E9C2B0811CCF PX5: 7826BE4E00B0693C362206A7BBB246000E968C98
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] MD5: 8B97D00E5C6A593EBB605CE4B8A5CAA5 PX5: B0DB78E90001F969B24A022F16FE9C007D6DCCBC
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] MD5: E9836D1ACE460B4B96FBCB03861D0323 PX5: 978AEDC000D16F92363B021213F745004B5CD31C
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] MD5: BBE58056910CF76B84C3E3D6349DC801 PX5: A77EB4BD0001DCA2C0B500785ACD4E00DCC55D5B
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] MD5: 1446EB71ADF0F54980CDD7E5A812E102 PX5: C91F3DA800B1BEBADA0C02480448D00054984981
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] MD5: 24E00A2782F1FBDDA55173F6A92793B4 PX5: B05D914900808F8FCED102E7A46D080020A33905
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] MD5: F450886F41773A5FAEB25E87B758D6A8 PX5: A4E8D0C400046CE116C204B93C6D3F0003672778
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] MD5: 30E14D74BCD1BEEA96A279F78A723346 PX5: 5E3F044E00E5E84280510004471F8A00BD7E5854
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] MD5: 24B2F25A42BA3CAD1D238F2ADAE63F7C PX5: DCF79E3E001DA16F86F70051A83A8600579ADC98
C:\WINDOWS\system32\avsda.dll InMem: 1 Det [G] MD5: F015BFD8B54FAFD061F723B9E03D6D6C PX5: 001C112728CD735E10A5010151BE4C00DBFC974C
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [avsda.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [avsda.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [avsda.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000032 - PackedCatalogItem [avsda.dll]
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] MD5: 337CB52AF1F7CF6C0F57EC8BD14DC6D1 PX5: 644C52BE00A05754C6240337B7759700C1FF12E3
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000030 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000031 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] MD5: 250D4F4E1E27543C121378268FE07208 PX5: 2CFD58C600B6F9414A810565679BD6001F42D5DE
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] MD5: 08B3A60A4DD7FAE800B552F8F8D5DEB0 PX5: 522AC66D001B6D5A4E8E00D8A0AEF000528059BA
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] MD5: 7FE963BD4BDE86B5EAF5C07C6D0118C3 PX5: E242805400420CE08090017E79023900E657FC90
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] MD5: CACD2C63A79268D131EA37E85524CC44 PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\system32\iissuba.dll InMem: 1 Det [G] MD5: 24BF951D8B0431948BC7B63255DA08F8 PX5: 333870ED00C68D7524550033A8DA2200177D43CC
C:\WINDOWS\system32\Ati2evxx.exe InMem: 1 Det [G] MD5: ED8D753788232B81A7E8EF5D59EC3417 PX5: 2140B83500666E01007C0671C3DAFA0057E36A3F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ati HotKey Poller - ImagePath [C:\WINDOWS\system32\Ati2evxx.exe]
C:\WINDOWS\system32\Ati2edxx.dll InMem: 1 Det [G] MD5: 430C46A98B9623DC32544C064A3ACCD3 PX5: E53525A600A46F97A093003A4429C400C27D7546
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] MD5: 73955B04F209D8A1C633867841267A96 PX5: 41467A9700616549387D0095555BE300B7CBF228
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Irmon - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] MD5: CC41F9D29EDD55037A4C26E70C175528 PX5: 27F0519E00F08DE512070643B0627F006598C78A
c:\windows\system32\termsrv.dll InMem: 1 Det [G] MD5: C06CD1890279603E15020757E02DE56B PX5: 15A4D5880058E23888C304BFF814830042F0D520
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] MD5: 66DA850192B87548374FE13F38A2A265 PX5: BB3E4FC6005CCAE92CC10044E2AB07008B832EBD
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] MD5: 9E54D8528F9B4324ED20CFCDF3BE6A76 PX5: F3CF001500470019C4F901369ADAFD00DF876B1F
C:\WINDOWS\system32\msi.dll InMem: 1 Det [G] MD5: 34A737E1344985BC5A636A4ED286DE61 PX5: B09678EF00F05CBD8EB12B2266AE240024089B64
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] MD5: BB78454C44A5B0F97295A6D66B217D65 PX5: DD7C6D7B00A7C2A842AB003098E8920063CE769A
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\Programmi\Bonjour\mdnsNSP.dll InMem: 1 Det [G] MD5: 1F5A570AD942DFCFE4500326ABDD72B2 PX5: D240058C00D95FC2705201A57ACB2E004585C058
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 - LibraryPath [C:\Programmi\Bonjour\mdnsNSP.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] MD5: 266D8FA8F97CBBBA8BADE273F47215D9 PX5: 44992DD300BD805F2027003B3C2E0700008DD7C4
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] MD5: 4F56AD1B19373851392BFF248C8CE1CB PX5: 6B31A5B6003DEA2AB413012609A16300F9086E97
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] MD5: 312913174D070ED81E9D78DA7B648774 PX5: 3DF4750600996C8B7E470562CED514005814EDBA
c:\windows\system32\WMI.dll InMem: 1 Det [G] MD5: 7F9FD6E98CF1898F94D4A6246D4D639E PX5: 781B3D7300C600C41695006A26ACBD006AA9CB45
c:\windows\system32\ESENT.dll InMem: 1 Det [G] MD5: 26E0AC18AC6DC3F7F17AEE22C9E0A01F PX5: 44A1D0F1009656EFAA4210CE1D5F1E00AAA3CF3A
c:\windows\system32\irmon.dll InMem: 1 Det [G] MD5: D71F66AAB2522BB75FC7C6FAD0B5816B PX5: 47B8C70500685EC870E3008210CDAA0043F23921
C:\WINDOWS\System32\wshirda.dll InMem: 1 Det [G] MD5: C544BA09B8B9E4A1112BC848E7678FE3 PX5: A7AE151E008D07A62013003B3C2E0700630EE6FF
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] MD5: 546254D4769E165CDC3388D74B201FCB PX5: 5DDC4A3800A53317F204023D51875A00711FF5B5
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] MD5: F90A2F77CB88F8201A3AD783D7EDB19C PX5: F64AC68A00F37A69B87E01DB8E696800CC9225D9
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] MD5: 502A30E1A880124D7F71667E75BE9688 PX5: 5142AFD100A220AEFE57076D08D9310067F36935
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] MD5: 419A6F3D56E469BCBE71128A78463DA4 PX5: 01602CB700AFE3F096BE0C69B6790E0014C04381
C:\WINDOWS\system32\Normaliz.dll InMem: 1 Det [G] MD5: 10753A3ADC3E39A3B10CC3F08E98E6B4 PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC
C:\WINDOWS\system32\iertutil.dll InMem: 1 Det [G] MD5: 7CBB661D9CBE1466FBA9C046976F60A0 PX5: EE33830F0085ACC816E604DF06619900D80130CB
C:\WINDOWS\System32\RASAPI32.dll InMem: 1 Det [G] MD5: 7ECE54A6785E6A07ED02018A32B246E6 PX5: 7E18516500FFE5CC9C5B03564D831C0011FCFEEB
C:\WINDOWS\System32\rasman.dll InMem: 1 Det [G] MD5: 79D87679F6F13F7F18062C39A3C5B38A PX5: 7F1D9BFF002D89D3F04E005C98AFF900ECE9EEA3
C:\WINDOWS\System32\TAPI32.dll InMem: 1 Det [G] MD5: 9B53CE123C15E95DE40592CFECEC5A09 PX5: ECB3A62200F5E5E3C61D0271F9934A0018AE4A00
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] MD5: D7DE6CD7A5F84909B12B7DBD7D93811D PX5: 6CBEE3D600A4FEB310F101DE8C083F003D6F721F
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] MD5: 3DC13080F28F80ED5D31E20E226536A5 PX5: 892E25230047BFE41A2700448F955F00DB3FDA3D
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] MD5: 15EE9EFF206DAA73B9642FCD51A69BB1 PX5: 97A7792B000122A1A6A80092373D18006EB85382
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] MD5: 6953DE298C888ABE268FF59BAC64CF4E PX5: F785B0520050629F0457028102F0DA00CD162C70
c:\windows\system32\qmgr.dll InMem: 1 Det [G] MD5: 04E8321935AD5643FF59901F3EF5F4F3 PX5: A628078700D0FC00D60105464D1E6100132AFD53
c:\windows\system32\SHFOLDER.dll InMem: 1 Det [G] MD5: 8B205EB92B49D10055427365065357E8 PX5: 209DE55C009ABDE8627700E93AF07200F7058D40
c:\windows\system32\WINHTTP.dll InMem: 1 Det [G] MD5: 5B4EC6C0FBACC85430CE3D6AE8563A0D PX5: 8A8FE9C3008B23F25C3905D494C02C00D181B661
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] MD5: E0CC838265401128097D182FB583889A PX5: 4924777000FF363CECB300E8D69F7300112A6AF8
c:\windows\system32\certcli.dll InMem: 1 Det [G] MD5: 5F24A58D40870F8FE6CF7E15E73DE146 PX5: 925C7DF9003B9C1200C5031520AB850028BB5515
c:\windows\system32\ersvc.dll InMem: 1 Det [G] MD5: FF547B3876B6E652431412345FB8EE11 PX5: 1075AE7B006257925A3B00E01F4D2400B15FB39E
c:\windows\system32\es.dll InMem: 1 Det [G] MD5: 659C04BB6086E480966FFD0D44F1CC4D PX5: 79EA0C1C007DD384B6CC033ACA71FA00F62D9D5F
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] MD5: 03A7A19834E2A63C445B3AC5E73AAB50 PX5: 5BE772A20028818F98B300E973AA5500998EE021
c:\windows\system32\hidserv.dll InMem: 1 Det [G] MD5: 3C924C33DE25E8F01EEB3C6B8030E7BD PX5: 96C7C37F003251D454A000B31B11EF0040F22E18
c:\windows\system32\HID.DLL InMem: 1 Det [G] MD5: 3B4E115A33A2BFF0D74792D572F448DD PX5: 551CD37300F70F6C527C0010EC920400B756D4FA
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] MD5: 974831AA16AEE016D902F8582CCB30FE PX5: 0BFF5A6200F821CA7A0401E40DD655008D70866B
c:\windows\system32\msgsvc.dll InMem: 1 Det [G] MD5: 3777AB9537D05BFD404B0FBC13A140A6 PX5: EE2E50C400EA00498403000260463C00FE4F91F9
c:\windows\system32\netman.dll InMem: 1 Det [G] MD5: 1231D4353698E19495DC8A929B8B74EB PX5: 65612A5600E1886F042503516394BA0003C1C8BE
c:\windows\system32\netshell.dll InMem: 1 Det [G] MD5: 4CC28DE5620ACE4F613B42A4F836DEDE PX5: F7F9A56A007CF701368C1AE01A3E1600E0C02A68
c:\windows\system32\credui.dll InMem: 1 Det [G] MD5: 2D68AF44B169D033545FA501B9FF4F30 PX5: E886FD9F0056D4F18254029213832F003DEFF647
c:\windows\system32\WZCSAPI.DLL InMem: 1 Det [G] MD5: 28CDDFDF8C30D886284F3549C4A8E284 PX5: EBF8733200CD9B7CCA4C0051E7642A0024707F2E
c:\windows\system32\seclogon.dll InMem: 1 Det [G] MD5: 241D074DAB2A67D2D7616CE7C8B05650 PX5: 5B80E36F00AA396B4A8300B7E7951D00D7AA4B2D
c:\windows\system32\sens.dll InMem: 1 Det [G] MD5: 688BE760C858E347A4E23186B725C86B PX5: 00AF89660086F69E989700E590F03600F597A8F5
c:\windows\system32\srsvc.dll InMem: 1 Det [G] MD5: BA4E8AC9A60C4527C969D08F3ABE9D36 PX5: F652BD0100BA7CC29C6202A16DDB5500C590261B
c:\windows\system32\POWRPROF.dll InMem: 1 Det [G] MD5: 41FF9D663219A1DD0397FE2C5B09436C PX5: 31AB7E9C00B2127E4485007208C03300950D28C1
c:\windows\system32\wuauserv.dll InMem: 1 Det [G] MD5: 4CBB7CC975E5B67022A7F95DFC6EF9EC PX5: 0799809A00702BD41AB400068A66AC0043C84727
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] MD5: 3EEC20E41F5F331B94002970CEAEC92F PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] MD5: 4D7708FD334C23E17400CA8327CE3D11 PX5: 60605FEC005AB19AEA050033F1225300422702FD
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] MD5: A434E5666A953F6A0406CC99B8B8C6A0 PX5: 192CF4F3003C31E4769D0029DA080500F7D037E4
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] MD5: A91ACDD987DC3E0E1FCEDDA6F1FFEF2A PX5: CEF9F3BC00C6E32738BF0260919AD800E787713F
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] MD5: B590F13F17409970A6994473EB98EF74 PX5: FAEC6BFB002AF8059230067AACCA280087EB5B02
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] MD5: 9C38B58FDD3FFBE7ED90B5936CCE3784 PX5: ED0A598E00540BAB56A9139D5AFF60002DA225EE
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] MD5: A9126ECB8BCA406D6DF60BEC11AF594A PX5: A0B0F9B500ACD436ECA70034F32E2C001398A8B7
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] MD5: 7C5986B94EEE98CF0A0F5EAE44912E5E PX5: 66978F8E0092BC0304EB01E29B925900A2E75CFB
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] MD5: 3BD93201E3AFA5A0660C793A4BDAE773 PX5: 2C097C2B007169C960BA0014DCE7CC0038229E38
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] MD5: C3B4CFBA8936D0AF25D5391F53F2DA91 PX5: F4F4A6AD001EC8C1E2C500B4FE61840054C0DDE3
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] MD5: CAD4191048F595A794E14CEE31DB06FD PX5: 6DFA47A500DAF26FE68800D61F5B31009BB0B65D
c:\windows\system32\trkwks.dll InMem: 1 Det [G] MD5: 6C7F265BD43A1D85103EC5CB1251D2B6 PX5: 906F8E37007C9B5A621D011F493B83005C29CC43
c:\windows\system32\browser.dll InMem: 1 Det [G] MD5: 72FBF0322BE8A0F25AE722FDE36AB1E6 PX5: 9CDD0A4F005D0D9D2E6201C807EC76000E0D1CE8
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - [Browser Customizations]
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] MD5: 1DA364FA673E18BC1DE8F5CDF3657DBD PX5: 89882A6E0030CF0B12CE052A40AAE5009F9198F9
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] MD5: 17F70F4E37452A30C35565052AB68BE9 PX5: B11BC224000C550D3E4B01F1618F6300676DF706
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] MD5: 7DB0054945C1C937553F97FA1F1EAFFB PX5: 30B285D60040901346F3037FF72C08005C58C30E
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] MD5: 2E9B41FDD71FDDD9D596CF3FDF0A1FDD PX5: D34E2BC3004DE1451AED08DF0B2B620026599912
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] MD5: 20938C6D287B27AB3F1FDE53FF3507DE PX5: DE687FC600BAAC77C8B4030B6F14AB0094AE7226
C:\WINDOWS\System32\Wbem\FastProx.dll InMem: 1 Det [G] MD5: FC9F0B7216D087F9502ECE38439AE144 PX5: AEBA61B800E4BC9A34F5075F66FDAB005D1447F9
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] MD5: DD3E1E96EA769C31936D9B09F9137954 PX5: 25397BDF00757EBFAAF700E3ED2B7800B9284F1B
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] MD5: BC664C7546EF5C1A5712E7B48AF24741 PX5: 0BDBA5A5000A6748803F0102F9279500D2C1C9B2
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] MD5: 41B4ED9F8D444CE09B6A1FE76AE22040 PX5: DAAC922100087395B4C8026D60ACD300B870E129
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] MD5: D110A8CDE08CC1D346814C814D32F2ED PX5: DCBBBE7700F574BEAC5B06A359C30800D52199FA
C:\WINDOWS\system32\netcfgx.dll InMem: 1 Det [G] MD5: AB06350510C1F68C7202703480F6FF17 PX5: 4F8DF8B4009990EE9C82091CBF6CD600CD59067D
C:\WINDOWS\System32\rasmans.dll InMem: 1 Det [G] MD5: 6686C0C8B47618414215FC184972C69E PX5: 6AC5343500463BCBC43C0233B0575500AE7EBADF
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] MD5: 3A4C429F316C510C3E4C5F2FC7372C26 PX5: 77B7DE3500985E80CE7503E2DF55BE00B03FFDDD
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] MD5: F4DE764732E8F6028BB18AADD4912317 PX5: 699D459D008C3BC6E634009735DEBF004B936485
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] MD5: 12C9C630FD867446D8B846C28454A45F PX5: BFCEE8FF0036A1F42CB803103A63E10078271DF9
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] MD5: 8BC01CBCDC4345A7367F2EDCBAA4A07F PX5: D4A3FA58003A460436E500FC8F082200CAF4CCCF
C:\WINDOWS\System32\unimdmat.dll InMem: 1 Det [G] MD5: 03486F64E165822E2E017F1169239304 PX5: 8F8CA7B700081F963ABA0102BB6592004A8170FD
C:\WINDOWS\system32\modemui.dll InMem: 1 Det [G] MD5: 8021A4459D596D037E6AC166B4EB8A9A PX5: D11A71A3005679E15E1F02728B16990070468BB5
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] MD5: 516447BBB1A13F72E98989580EEAEB36 PX5: C200FF390086F832824F0082C924C70039E73BB5
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] MD5: FF5CBCADD5833B484C773F7DF16F13BF PX5: 9787C23000D76D69E07F0030C6CACA005BA7ED34
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] MD5: 4E2F02E1BA55160806AD42FEE296F8B2 PX5: BB9887B4006414FA44B900C28BC43200412916D4
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] MD5: EA96018804FEB47C384EFDB3D07E7EB9 PX5: 72FD790F00B8268510FF046EA54C6E0080B1B5D1
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] MD5: EA5C2C1F5F74A5660FB0F72E63861030 PX5: 578102E800C1441976DD00BD8619300083827C0B
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] MD5: 4A48EDCAB3B97997055AC533CAFDB501 PX5: 69B8011C006A35C426B80310309570000552A536
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] MD5: 8ED1589D9A626027E4FAF24C149860E6 PX5: 182944C0006C52E520B8003B3C2E0700820D2E78
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] MD5: D52A1298D47FA8652B30451855265F94 PX5: 289AD96400BB9C934C7F0AD56A0D5500E683D618
C:\WINDOWS\System32\NETRAP.dll InMem: 1 Det [G] MD5: E7FC69C00BEBC04DAEF86071822B2B89 PX5: B3940B1900334CEB30F300847BE9340024D302E6
C:\WINDOWS\system32\mlang.dll InMem: 1 Det [G] MD5: F036BC2525F8701628ABB0A550C1C692 PX5: A0FB8BA50045A9FEF20208062C04B3005F96B032
C:\WINDOWS\System32\xmlprovi.dll InMem: 1 Det [G] MD5: 84C74999E0F8DE9D0D96FC61DE29ADA1 PX5: F8AAB7ED00389F6FC419009F9AC92500C1676D16
C:\WINDOWS\system32\upnp.dll InMem: 1 Det [G] MD5: 7E7491C2CF7A0781C0004D2C5BE71BC4 PX5: 5CC09E6000F77B62063F026310FD670014E0CF2C
C:\WINDOWS\system32\SSDPAPI.dll InMem: 1 Det [G] MD5: 4EA31D2858780DDB446A9DC9B2D23C3D PX5: B458C80C0094BE55886700FEA91CE300F0D01D10
C:\WINDOWS\system32\actxprxy.dll InMem: 1 Det [G] MD5: CAC8CE72845461A8C6818071D923FC89 PX5: 007947C1003133828EF901D865E09C00F6A66BF3
C:\Programmi\Ahead\InCD\InCDsrv.exe InMem: 1 Det [G] MD5: 394BF2329AC168F253C74E1EEAD15FAC PX5: 3E081F7E00CA794A6EAD0DD4BA520700652C28F2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\InCDsrv - ImagePath [C:\Programmi\Ahead\InCD\InCDsrv.exe]
C:\Programmi\File comuni\Ahead\Lib\DriveLocker.dll InMem: 1 Det [G] MD5: 8222B430226E2EA622C58A4B5AD6F441 PX5: AC7802DE00ED769720DE02EEA6DF2400A77FCB50
C:\Programmi\Ahead\InCD\incdshx.dll InMem: 1 Det [G] MD5: 8B1FBD457213ABB3E407244B34BD435F PX5: 9737F63600232D4C941F01963F622600A2AEFF45
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe InMem: 1 Det [G] MD5: 56DED3ADE453272E6A0AD582D945D1A4 PX5: A3965A14419D589EC0190100281BD8005F742B17
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EvtEng - ImagePath [C:\Programmi\Intel\Wireless\Bin\EvtEng.exe]
C:\Programmi\Intel\Wireless\Bin\PsRegApi.dll InMem: 1 Det [G] MD5: 1175911E055430E3119F06812E1FA8B8 PX5: 4EE4DA574CADAB41102A045B15E59300134A7FD6
C:\Programmi\Intel\Wireless\Bin\TraceAPI.DLL InMem: 1 Det [G] MD5: F9F696AB4F62D0281ED6380B50C0BDB0 PX5: 1E71B8F24545AB1C80FD027CF0AAFA00BB15E749
C:\Programmi\File comuni\System\ado\msado15.dll InMem: 1 Det [G] MD5: 3153C302347C81DD90497934124AEF8D PX5: 4E3652E500574F94307508362F1976007D2E0FF1
C:\WINDOWS\system32\MSDART.DLL InMem: 1 Det [G] MD5: ECCFE898B194F29C18946A9F2565C9D0 PX5: DE584F8600430EA6504E027C6AA1F4002664D3C8
C:\Programmi\File comuni\System\Ole DB\oledb32.dll InMem: 1 Det [G] MD5: A2033E5A2B7FC1874CACD6D70A7A7095 PX5: 722A7F0200065713701D079CB9F9D70095D47802
C:\Programmi\File comuni\System\Ole DB\OLEDB32R.DLL InMem: 1 Det [G] MD5: 072EAB566EFA824042EDA60850538AA5 PX5: 67B6489E0098E89B20BA012DDDE82A004115021E
C:\Programmi\File comuni\System\Ole DB\msdasql.dll InMem: 1 Det [G] MD5: BAAFE251FD9EF382363B7F9D814B4FF1 PX5: 12718BF300749DFCD062045036E09D00131D014D
C:\Programmi\File comuni\System\Ole DB\MSDATL3.dll InMem: 1 Det [G] MD5: C0712850D8CCBFA2156CBCC844732579 PX5: 7D1588D200486AA470C501BE4921D60010CFD82A
C:\Programmi\File comuni\System\Ole DB\MSDASQLR.DLL InMem: 1 Det [G] MD5: 8B1392C6C7E770A80B3B577AA41ECCF2 PX5: 7519F73C00883BCB40E600E3F1BFF800515F8FE5
C:\WINDOWS\system32\MSWSTR10.DLL InMem: 1 Det [G] MD5: 6B78BE0B6642190BD4C5BA197E30AA4D PX5: 9386B1AE1DB9591D605D091C0CFDC4007873D6B1
C:\WINDOWS\system32\odbcjt32.dll InMem: 1 Det [G] MD5: C5ED571B0E0EDFA1F217A9490D5E6E2F PX5: 13AA3AF01F04115C40BF04A376D58E0029827AC2
C:\WINDOWS\system32\msjet40.dll InMem: 1 Det [G] MD5: 1009B115423022DC0280594DEB298DC6 PX5: F222E76C1CB189A40066179296ACBA00B77C1AA0
C:\WINDOWS\system32\odbcji32.dll InMem: 1 Det [G] MD5: B3E6EB31B90D51A92C013BA4049615E9 PX5: 13DBCED4107A3CD1E12100746136F7001594E3ED
C:\WINDOWS\system32\msjter40.dll InMem: 1 Det [G] MD5: F8F172166C6793E905F5A501E83FF487 PX5: 0237E6541FFA5B19D0CD001E0B7E5B00265CE577
C:\WINDOWS\system32\MSJINT40.DLL InMem: 1 Det [G] MD5: 750963B6B6FBAC905983224203FD9E64 PX5: E29896651F41CDADB064022DDDE82A00408221CF
C:\WINDOWS\system32\odbccp32.dll InMem: 1 Det [G] MD5: 067916ED6E19A45C72A41DF88BF7B020 PX5: 0BC5E7BB004FBB9EA02701E8A22D2000F6FB9AD4
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe InMem: 1 Det [G] MD5: 6C5155CC0E805C7BE6028BFF7AC14524 PX5: 6A2370E9494BC8D940BE083334780C00EB62991D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\S24EventMonitor - ImagePath [C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe]
C:\Programmi\Intel\Wireless\Bin\LIBEAY32.dll InMem: 1 Det [G] MD5: 2CA3BDA4EDB557F8426EE46650D2C441 PX5: 9852A22300FEF844601E0D7D20C1F000CFAA14AD
C:\Programmi\Intel\Wireless\Bin\IntStngs.dll InMem: 1 Det [G] MD5: 18697C1FDBE751AE52DD4EDB3E9025F9 PX5: C17DBC9D4A7F115BD02D0000AA2E6500AFB4A90E
C:\WINDOWS\system32\MFC42.DLL InMem: 1 Det [G] MD5: 0DDD564836A87EA1C3232B48FF0E221C PX5: FD5A337B00529124B0D80F421E82790041341A00
C:\Programmi\Intel\Wireless\Bin\IWMSPROV.DLL InMem: 1 Det [G] MD5: F5FCF2B4068DDE641D16BF4B2E877C95 PX5: EA6C4C9E455BC8243011030820415900A6B2970B
C:\WINDOWS\system32\MFC42LOC.DLL InMem: 1 Det [G] MD5: 4E03135C6B43689649293D6CA6C73DD0 PX5: 50EC1EAC0042F609E0B8000596D265006CAB3F5E
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] MD5: 1A4CCB390093D1A6F0EEC063F44AFF31 PX5: 3AB739DC00686EC6B26F00A3B54A4300F767B865
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] MD5: 6E008B7EB9B67D555B5EE1C1091F3A7E PX5: 050B19680015AAE33629000A173BF5000631D061
c:\windows\system32\webclnt.dll InMem: 1 Det [G] MD5: 83ED24C34250AFAB1E55DEB3D8D7EC1A PX5: F49C6F7000D3BB7B0AFE01B9E6A55A009E654432
c:\windows\system32\alrsvc.dll InMem: 1 Det [G] MD5: AD78B916B3CB2B7BCA9503B929E534B9 PX5: 811BE0600048486C442300065BDCFA002D3B3F47
c:\windows\system32\regsvc.dll InMem: 1 Det [G] MD5: 78FBE7DA29307EDE7ED0E33F1C4969BC PX5: 0038ECD50092146CEAE600DC41696F006EFFA138
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PX5: 1DCDB07A00179F65E28700A02CD4BA00B29C7A8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler - ImagePath [C:\WINDOWS\system32\spoolsv.exe]
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] MD5: DD90C59EF82D6CDE5886B595CA8D8D8A PX5: EEC4C153008FC3AA248101F4B2E71800601A2E7A
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] MD5: D5882ABF5F3652ACBF36C882EA4DC9A8 PX5: 4416D740002AA3683E4E05C1EF102900643A9BD8
C:\WINDOWS\system32\AdobePDF.dll InMem: 1 Det [G] MD5: 381915766C2A5E47A7DB95423CE09A16 PX5: 9DEA39F66BA14E5752DD00360518D600ACA4444D
C:\Programmi\Adobe\Acrobat 6.0\Distillr\AdistRes.ITA InMem: 1 Det [G] MD5: 9454BBC3EC08D704AD1CEE480A7C61C8 PX5: 30D95B2800E40B7A802B0B4A099C3D00D19BE064
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] MD5: A2660003F73982579EBFEF1F6C2F6234 PX5: ADFEA2D500C13C76C238009F710B75002AA8B844
C:\WINDOWS\system32\CNMLM86.DLL InMem: 1 Det [G] MD5: DF6BE05B03F506A62B3EB786D0336ED1 PX5: 8F4B8A6C0034713A04EC033A2982CC00F3987D8D
C:\WINDOWS\system32\CAP3LMK.DLL InMem: 1 Det [G] MD5: 441A1124CAB25CF3FE8EF399456DD6F5 PX5: 4BF063C400098305369400BD3202EB00B5B1E772
C:\WINDOWS\system32\CAP3SMK.DLL InMem: 1 Det [G] MD5: 11EF6AE723581D8905B04E3BF251A675 PX5: 97EC6ABF00C0919FA0EA003792FB770061639559
C:\WINDOWS\system32\CAP3PTMN.DLL InMem: 1 Det [G] MD5: AA8E656D98A77886F04B0BB3B04C93A5 PX5: 754636BC00E00B2E5A96002BCDD13900177CE821
C:\WINDOWS\system32\mdimon.dll InMem: 1 Det [G] MD5: 27CCEA9CE41A726B13E45795CCC3B7BA PX5: 6A98284230EF1DDB772C0002B1030800528FB82A
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll InMem: 1 Det [G] MD5: 6C34B81172080D41F1003AF9EB35EC14 PX5: 4B6AF860005E2DB6B4260971351F230010BD1760
C:\WINDOWS\system32\FXSMON.DLL InMem: 1 Det [G] MD5: C39554FA1F946B6B5DE9FD5FA0C8E50C PX5: 2A36441A00A304645CC8008CD2391B009EA75DB6
C:\WINDOWS\system32\FXSEVENT.dll InMem: 1 Det [G] MD5: 1B9339BBFA8A366642A5F9F13FC0DDDB PX5: 221853BF001F8E3EF0BE008AFE9E42001469090E
C:\Programmi\Network Print Monitor\Driver.DLL InMem: 1 Det [G] MD5: 8E89BFC3446E906DCA36B8699568AA18 PX5: B252FE6400F28CA5D01303231DFD3D00102CDF2A
C:\WINDOWS\system32\OKLMON32.DLL InMem: 1 Det [G] MD5: 44BF38D6588F2BC8B149EE566E5ED287 PX5: 86B44C0F0067296190CC00658649A4005954CB6F
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] MD5: BBD335EEABDA429E2A4A401AE977ACCC PX5: 84CFC62400E584133C01005DDEFEF70074DE7C99
C:\WINDOWS\system32\bthcrp.dll InMem: 1 Det [G] MD5: C56BB70FA7AB2103C89AEACE08A70053 PX5: BE53824600F7C491C082013E59E9520084AB0D11
C:\WINDOWS\system32\WidcommSdk.dll InMem: 1 Det [G] MD5: B08B23AD7414D3950BBB7CD3B20A87DA PX5: E5DB6633001CB550D08508A3909A7100A49321FD
C:\WINDOWS\system32\wbtapi.dll InMem: 1 Det [G] MD5: B472345E5C5D0FD739FD8310C5B72AEA PX5: 814FD51E3D7CF6D500F10992676CCA00D45D0ADD
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] MD5: 1417745D9156EED7C8B871A3F8A8F56D PX5: 4DB1307F00B38383B4DE0091A261F900D73B20B9
C:\WINDOWS\system32\tcpmib.dll InMem: 1 Det [G] MD5: 7A493878CDD0F79081A25E1F0A2EB5C1 PX5: C7B2576400D03C5D3AA800207F4EB3006D3F6984
C:\WINDOWS\system32\mgmtapi.dll InMem: 1 Det [G] MD5: ED72E24E26A3593B7F1D15BA2B9576D1 PX5: FA42D8A80080183C3A760069490DB000498EF2D5
C:\WINDOWS\system32\snmpapi.dll InMem: 1 Det [G] MD5: 4C5DB6BCDD95C6CDAE11A775D428FCED PX5: 3C1E6DCB00F469604AC400D41294270018B9F42E
C:\WINDOWS\system32\wsnmp32.dll InMem: 1 Det [G] MD5: 73DF735ECC9FF9F511A1B5E5B825C0C4 PX5: DCF100F400C1FA92A6C0006EC31E10006A687480
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] MD5: 1AE1CDA7F68B0A8603A3117AE5F00B03 PX5: 355B55CF00434C1C429F0037D7A64900612AB6C2
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD86.DLL InMem: 1 Det [G] MD5: FEC3ACE4D5E9B8B13C401941EE50F476 PX5: FFDA086500521DD06AC2000402970D0066AB5B20
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DI2011S.DLL InMem: 1 Det [G] MD5: 918CC78959BFC866EE56D044BC59470F PX5: 5FAD12551030B9209FD60272A18D0000AFA23ACF
C:\WINDOWS\system32\MSIMG32.DLL InMem: 1 Det [G] MD5: 51F309AA675B5B77D19C573B7E0BB253 PX5: CB413D4600B070AF127100D0C427CA00FD59EFF9
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll InMem: 1 Det [G] MD5: 4424AE65F7AF8181AC99FE46BC2700C9 PX5: EB87AEEC30807E6477DE00DBD21DCC00BCD6BBD4
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\OPLAPP3.dll InMem: 1 Det [G] MD5: B8F7C15D5C35B0AF7CF7EB159BB05AD7 PX5: 2D9D8CDF809EC53BCA0B00529AC91A008AD3B347
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] MD5: 660E56BC8C253B5B47DCC6560CCD62DA PX5: 3EE5A7330005B84D903F019D6D465800D7DE2821
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] MD5: BE4FF5FBBC55DC3C2445377C50497F1F PX5: 84746D7B00F17DE826600104529E590058DFB441
C:\WINDOWS\system32\CAP3EMN.DLL InMem: 1 Det [G] MD5: 2161E07682D06CFC95DD71D024C01BEC PX5: C37C7E8A0017A0B5D47B009B8B41DC003AC1E565
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL InMem: 1 Det [G] MD5: 3132A4F626A4297490E8E2E637EB4E23 PX5: BEB5EED6000213D9087A03E016D529000B862B97
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL InMem: 1 Det [G] MD5: A2C906052DAAFF89ABC48F9D9C02612A PX5: 9BEA3778004CC5900AC204007898C700043E92A3
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe InMem: 1 Det [G] MD5: AA3DC7CBBF0C5D97003D06BAE094370F PX5: 1CCFF6C80015386A409C01BBED7C7200C85714CC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LVPrcSrv - ImagePath [c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe]
C:\WINDOWS\system32\MSCTF.dll InMem: 1 Det [G] MD5: F00C782E39981C3911BA795B5BFC7B8E PX5: 1A3C5858007CCD218C9104AA85FC06008C445856
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] MD5: 7E2817A623E16F830B660F81C0FD63DA PX5: 5F224AD100F73BC6CEBA0FDC56B8E400769BB8AE
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] MD5: B735BF10A26E707134B9FC7EBD8A2F1A PX5: 5B4F21B60075B6029C7D0FA26EDE4900E3C87A86
C:\WINDOWS\system32\SHDOCVW.dll InMem: 1 Det [G] MD5: 31FD436A6899880A1B010609F8E897EB PX5: 92CB89160084363DD894169EA521BF0033FB0418
C:\WINDOWS\system32\themeui.dll InMem: 1 Det [G] MD5: 0F7BFE3EF3FC33FD598427C015BB8B5D PX5: BAC50787005D6D22F49E05A57642CD002A91E075
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] MD5: 016D9DD7E345774490E0A02C83B04161 PX5: 59E5374400CBA3B5B29411BB86458F00D1ED28BD
C:\WINDOWS\system32\LINKINFO.dll InMem: 1 Det [G] MD5: B737A3DA2C0A605CE2C7E118C59F38C7 PX5: 87EB2C9D005DD1A14E450046E4D6CC0014CFCDB6
C:\WINDOWS\system32\ntshrui.dll InMem: 1 Det [G] MD5: 64E0C77FAF1A30547739580EB5F3AACF PX5: 5EB8DF8A0005A80F3870025CC8B2C100D6ECC82F
C:\WINDOWS\system32\ieframe.dll InMem: 1 Det [G] PX5: 80FF001F00BC956A8E265C97707B3100C8F7B51A
C:\WINDOWS\system32\webcheck.dll InMem: 1 Det [G] MD5: B8341DCD72B228EA60F7A96567413F45 PX5: DC888BD0002374D38EC7039DABB2550046ED2416
C:\WINDOWS\system32\stobject.dll InMem: 1 Det [G] MD5: 6474C3D1C136C60291B8A5EE9ED1735B PX5: 54D80CDC00F43E2DDE26016C15CB850052548DBB
C:\WINDOWS\system32\BatMeter.dll InMem: 1 Det [G] MD5: 66DB9D9CA443D7C8C9222BFF72F61ACF PX5: 73074F1200F9F02570C400FC5F48D3002E4325D8
C:\WINDOWS\system32\SynTPFcs.dll InMem: 1 Det [G] MD5: C6A0AA09839C6B835120A70820773C44 PX5: 527DF2D95B0CD04010DB010869206600A5111905
C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll InMem: 1 Det [G] MD5: 80415C2FE171B6AA8A16E182A163A86C PX5: DD506E5000A6ECB740270165C6EA570057807242
C:\WINDOWS\system32\KsUser.dll InMem: 1 Det [G] MD5: FBBB356A996903FFB831BF72FD2A3E85 PX5: AAD6D56F00EC2271104D0037883D3E00B79BCD14
C:\WINDOWS\system32\sensapi.dll InMem: 1 Det [G] MD5: 344E594BB748D4F828211A7C9CEA0829 PX5: 945479A500423FB71A9A004C020A3B0024ABF6B3
C:\WINDOWS\system32\fxsst.dll InMem: 1 Det [G] MD5: 5E3D41A993FBFF13824D44F16D11C904 PX5: 7AC7916600679DB596D7081F2F73E100C3154A16
C:\WINDOWS\system32\FXSAPI.dll InMem: 1 Det [G] MD5: CEF096127B2C4E3B7D778D4726E31100 PX5: 05DD648100DA639AE6AB061F6D6DC800EC7FD606
C:\WINDOWS\System32\drprov.dll InMem: 1 Det [G] MD5: 4F32C69E05AE35FC609218E94B0DF5D9 PX5: BB8EDCE2008403A638800074FD083400905C26EC
C:\WINDOWS\System32\ntlanman.dll InMem: 1 Det [G] MD5: D72C81E7F4986BEB202813FC743AF8D7 PX5: FCEBCD7A009905FEAA4200960455950080D2A1BD
C:\WINDOWS\System32\NETUI0.dll InMem: 1 Det [G] MD5: 9FE57C0551C88667B8FBDE49BD399144 PX5: 074187360063FEE5400A014D6C2C430053ABE349
C:\WINDOWS\System32\NETUI1.dll InMem: 1 Det [G] MD5: A5CA0066DF5A68D4A7403F2E32D620D8 PX5: A4DAD8A200850E09C097034C744E770099F86FBA
C:\WINDOWS\System32\davclnt.dll InMem: 1 Det [G] MD5: FA5791230A59DCC0F1BB0B0A193375A7 PX5: 5E0DDE0C0099E131624800B42D603500DF9BC5AA
C:\WINDOWS\system32\wzcdlg.dll InMem: 1 Det [G] MD5: 362D2868E6C48FBC6581B16AF55E2AD1 PX5: FDC5ABBF00DE72F2C818054EFDC634000861176E
C:\WINDOWS\system32\browselc.dll InMem: 1 Det [G] MD5: 03163D2CD97C11514F29987971F50A13 PX5: EA63F88500B471270C9A01309A4A800054BE305C
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll InMem: 1 Det [G] MD5: FC7850324464E4D19A24A03D882B5CC4 PX5: 6A9F7ED2E8C02D60D392005620CAED00EEC7A920
C:\Programmi\Spybot - Search & Destroy\SDHelper.dll InMem: 1 Det [G] MD5: 5248E02EFBCB64D328647CD00E384B85 PX5: 419AFD08503A86B0B74D170DC07D2B00426765F1
C:\WINDOWS\system32\faultrep.dll InMem: 1 Det [G] MD5: F519E549C0E544106776C0E2BDC86879 PX5: 8881272500607D363C8201F4E6BB3A00D79C24A3
C:\WINDOWS\system32\olepro32.dll InMem: 1 Det [G] MD5: CB6B225CC6C85CDA0430EF12441EA5B6 PX5: 4451C5BD00B67BC2466601954AF9C000130A3600
C:\WINDOWS\system32\jsproxy.dll InMem: 1 Det [G] MD5: 7B60E8AAA22E3F3932F93B6F16FCF5F4 PX5: F7AB047600237A326CEA00CF90E87000F4F60EE3
C:\WINDOWS\system32\DUSER.dll InMem: 1 Det [G] MD5: 0E316FF410E9A5BCA1BD1794DECE800F PX5: 576588D800DB533AA46504C81FA1F900F6700574
C:\WINDOWS\system32\CFGMGR32.dll InMem: 1 Det [G] MD5: 15797C5AA673590064348A025A5F17D9 PX5: 74C69D7C00EDC85142F6003C4DC9A1006D7B8195
C:\WINDOWS\system32\shdoclc.dll InMem: 1 Det [G] MD5: 9373E3B36EDBB58DCACC106530105954 PX5: 552F282A005B9932A4DA08FB1D53CE00D5EAFBF4
C:\Programmi\WIDCOMM\Bluetooth Software\btkeyind.dll InMem: 1 Det [G] MD5: 806EF1451AFA8F4CE7ABE1895414D17C PX5: 92A6DF9E001F9362D0D500421D410700B439DF88
C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.ita InMem: 1 Det [G] MD5: 591656CF76327FEAB15F4AAE8B2F9CBB PX5: 362EAA7D00758F9CE0B1043D1CB5E000A169262C
C:\WINDOWS\system32\lvcodec2.dll InMem: 1 Det [G] MD5: 05F20962E3970275348BCFE5149267D3 PX5: 0D2C24A50067616B200A03A6D7E1DF008F1E53A8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.I420 [lvcodec2.dll]
C:\WINDOWS\system32\pdvcodec.dll InMem: 1 Det [G] MD5: 0DF2EFC337FFAFB41A54AB04D6C1D6FD PX5: 2F501F7A001DED664AA203175AE2AC002DE48B76
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.DVSD [pdvcodec.dll]
C:\WINDOWS\system32\l3codeca.acm InMem: 1 Det [G] MD5: 4B4FD61EBB404842EB5823A50A3A58A9 PX5: 29088BE70099BF88700A0426A3266D008E350E66
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.l3acm [C:\WINDOWS\system32\l3codeca.acm]
C:\WINDOWS\system32\printui.dll InMem: 1 Det [G] MD5: CA104D6E9428BA00346CD615A1EE2E31 PX5: CFC465B500331E10BE8C08062B62D70065070AFA
C:\Programmi\Unlocker\UnlockerCOM.dll InMem: 1 Det [G] MD5: DE1D9412C60FCCBAB699BFF3E58951F5 PX5: 9EB5B9FE007911DF22090084964058006A4FF84E
C:\Programmi\ZipGenius 6\contmenu.dll InMem: 1 Det [G] MD5: 639E15702F88A802159D90398DC6D2A4 PX5: E6E491A1009AECFA78550FFEF43C330094433320
C:\Programmi\Avira\Avira Premium Security Suite\shlext.dll InMem: 1 Det [G] MD5: 985D428316105BAE82B9C0EB4F91A191 PX5: DE02F87E281C3F96F031006E1FB7EE0030E78506
C:\Programmi\Avira\Avira Premium Security Suite\MFC71U.DLL InMem: 1 Det [G] MD5: 7B93C623333F121DC9E689CCB1B7A733 PX5: 037598C700D68B82FC2F0F8DECC9D10082E94C28
C:\Programmi\Avira\Avira Premium Security Suite\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\WINDOWS\system32\MFC71ITA.DLL InMem: 1 Det [G] MD5: BA14D19B7C983C5863601D95EA473FD2 PX5: 8C47BF9900C00236F0DE00B45623C60074094F00
C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll InMem: 1 Det [G] MD5: D5ACCD7D3D7F61D060BA41A40422BB8A PX5: C25ADDA158768971D06009ECD9905900DE1ADAC7
C:\Programmi\ZipGenius 6\drophandler.dll InMem: 1 Det [G] MD5: 29E36098B937C75AFAD62D800C3F6D39 PX5: 802BBAAC008530894C45085DE48E4E00E91DF0DB
C:\WINDOWS\system32\btncopy.dll InMem: 1 Det [G] MD5: E435AB3AAE473C65248807233829222B PX5: 82001E2600653562003C0186C77F1700304C057D
C:\WINDOWS\system32\mydocs.dll InMem: 1 Det [G] MD5: 0E34AD97F42004E23DA845FF4F822090 PX5: 57E2829600BA664D643501A4D8468A0095362A02
C:\WINDOWS\system32\msdtc.exe InMem: 1 Det [G] MD5: 3124662B40761A3EF8F4254D2F32E3F4 PX5: 3A5257C800292C38184B000639E3D800639539E0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSDTC - ImagePath [C:\WINDOWS\system32\msdtc.exe]
C:\WINDOWS\system32\MSDTCTM.dll InMem: 1 Det [G] MD5: 50D603F6382AF3344B3560052A1C8F5F PX5: A5F4CB8C00E083AD98270EC41EC659002E80CDA0
C:\WINDOWS\system32\MSDTCLOG.dll InMem: 1 Det [G] MD5: 2C8FF72FCD66297E972A337AB35E5CA7 PX5: F6D3FAA500BEDEDEE669002C2365FE00C89AF901
C:\WINDOWS\system32\MSDTCPRX.dll InMem: 1 Det [G] MD5: 2B7D3DAACF1247630B0386DCF7145FE9 PX5: 8903317900B15EA3829E06F3100272007781753A
C:\WINDOWS\system32\XOLEHLP.dll InMem: 1 Det [G] MD5: C82E24F3992FDD0B26EBDD24363C52F7 PX5: 69A18FF9000F44C52EF8007B76DA6800F58C4582
C:\WINDOWS\system32\MTxOCI.Dll InMem: 1 Det [G] MD5: 2F79AE36675B54A900A975DDDFA393EF PX5: 6A382B97002F11B064F0012666E4CE000F05B7FA
C:\Programmi\a-squared Free\a2service.exe InMem: 1 Det [GP] MD5: D8ADF0518C336ABC6FA49412DC9DE141 PX5: 6FABDEC178A154A7987B0561167144007EACC66A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a2free - ImagePath [C:\Programmi\a-squared Free\a2service.exe]
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe InMem: 1 Det [G] MD5: 177FF6608B48638D4066726F3A3F8444 PX5: 075D116400024AC090DF0189EE99AA00EF2DB142
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AdobeActiveFileMonitor5.0 - ImagePath [C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileA]
C:\Programmi\Adobe\Photoshop Elements 5.0\platform.dll InMem: 1 Det [G] MD5: 277FAA0C8A5A92EF760516696DE3C54A PX5: 3B063617006158F430DD0218BBBF0600E7BD03B8
C:\Programmi\Adobe\Photoshop Elements 5.0\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\Programmi\Adobe\Photoshop Elements 5.0\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe InMem: 1 Det [G] MD5: 6D3EA768AF4587289B2934B891C77920 PX5: 5D1A4F9D37BDA6FA1093041F46BC9E00B10EEC7E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\btwdins - ImagePath [C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe]
C:\WINDOWS\system32\cisvc.exe InMem: 1 Det [G] MD5: C4E84243292E37CA3B6FAF4A1855B8A7 PX5: B03833B20005A59D1629005665669D00201F0525
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CiSvc - ImagePath [C:\WINDOWS\system32\cisvc.exe]
C:\WINDOWS\system32\query.dll InMem: 1 Det [G] MD5: 5BD21B337DD73AE38D320A6932D46637 PX5: 59992EC9006A16C8F61E15C90EE99300407430BB
C:\WINDOWS\system32\ADMWPROX.DLL InMem: 1 Det [G] MD5: 0695C62E6E06169F1E27D0E615C3A220 PX5: 99622FD6006195ABAA37000E12360800D7C38643
C:\WINDOWS\system32\inetsrv\inetinfo.exe InMem: 1 Det [G] MD5: F383CF09D396D3B7E28938F7661BEB79 PX5: FBC3EC8D00F425BC3EB60044CE265000C0E278B1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IISADMIN - ImagePath [C:\WINDOWS\system32\inetsrv\inetinfo.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W3SVC - ImagePath [C:\WINDOWS\system32\inetsrv\inetinfo.exe]
C:\WINDOWS\system32\IisRTL.DLL InMem: 1 Det [G] MD5: 5AEFE516877DF143AD3F9891774342AD PX5: E26E6B7200F84C7D0A8902B548A8B1008D744BCE
C:\WINDOWS\system32\inetsrv\rpcref.dll InMem: 1 Det [G] MD5: 53F38760AA3A7E9253C7771C45194AB9 PX5: 10599775002EDF4810380051BE9F9A00B79BCD14
C:\WINDOWS\system32\inetsrv\iisadmin.dll InMem: 1 Det [G] MD5: 344F656E485A9C0D5B502D0AE0D02047 PX5: F0993A1800AC1120626500AE7CF9020005E2FDAB
C:\WINDOWS\system32\inetsrv\COADMIN.dll InMem: 1 Det [G] MD5: 6C58E5E3442495B97DD9FAC31A3FAB75 PX5: 1073FB5A0009EA7DB88B007857A239003F9C443B
C:\WINDOWS\system32\inetsrv\metadata.dll InMem: 1 Det [G] MD5: EE07F7E9CF26A5AAB96DC75CC2115E60 PX5: 8C51882500D47B8C500C0185999DA2004BB70CE5
C:\WINDOWS\system32\inetsrv\nsepm.dll InMem: 1 Det [G] MD5: F8F65F627D6C3DDA22AAEAAD9B7E8303 PX5: CF8C16BF00CC0935B05E0044977E88003FEBFC41
C:\WINDOWS\system32\IISMAP.dll InMem: 1 Det [G] MD5: 10221474CB18EABFD12FB44D554F4922 PX5: 94E2AF110046A5AFFE5B00D0769A27000C593281
C:\WINDOWS\system32\inetsrv\wamreg.dll InMem: 1 Det [G] MD5: 21F3B6C2EA6D22626363E465D2AA9990 PX5: D40F264700E6ED32D0020072908C7B00FEFE9E90
C:\WINDOWS\system32\inetsrv\admexs.dll InMem: 1 Det [G] MD5: 0E8DFBBE4A746AF03CD7E9721AB94A0F PX5: 11C241FB00CB6C9F74DA006057B08300110559F7
C:\WINDOWS\system32\inetsrv\svcext.dll InMem: 1 Det [G] MD5: D54BF9ABD692F53DA2CA0B4A1EEE7E7B PX5: C6EAFB8C00C7EF93B651006623902E0011D63E84
C:\WINDOWS\system32\Security.dll InMem: 1 Det [G] MD5: 71ECCDFAED35071ECB63430732E4276F PX5: 6E962CC0006BCF2D162C007F8D738E00DB8BC691
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - PendingFileRenameOperations [\??\C:\Documents]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - [Security]
C:\WINDOWS\system32\inetsrv\w3svc.dll InMem: 1 Det [G] MD5: 5B3C39D9DA505BC3AD8AD692CB4941CE PX5: 10D6DAB200169443A0BC0563E70F1E00B900E84B
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll InMem: 1 Det [G] MD5: 6D15C86176A21FF182E211C9B65DD737 PX5: 1F46A524006B45F2EC7703F289D29300C717BD62
C:\WINDOWS\system32\inetsrv\ISATQ.dll InMem: 1 Det [G] MD5: 97AD0DB3BA52482AB61206E2AB13BAD3 PX5: 8E0E47FE000168AE0C95011C669F0E0065C753C9
C:\WINDOWS\system32\inetsrv\IISFECNV.dll InMem: 1 Det [G] MD5: 2431A105D813B4782FE9E9E67EEDBBB1 PX5: 0C1341D500D756B61C14006C440093000917A002
C:\WINDOWS\system32\inetsrv\lonsint.dll InMem: 1 Det [G] MD5: D7BD5D92287E8EDF280B3F3CB36C2FC6 PX5: DDF831D200129A3434CF00053E8E43000817D827
C:\WINDOWS\system32\inetsrv\iscomlog.dll InMem: 1 Det [G] MD5: F80C8BDFAD6E7DFF7B9EE28B3E512321 PX5: E259039E00039EDE6C880014C4DB1B002672BCA1
C:\WINDOWS\system32\inetsrv\sspifilt.dll InMem: 1 Det [G] MD5: A996ACBDA89CA5ACC4874722339186B8 PX5: 4184BAF300C97E7EB62C00024FCF9900059BD1F2
C:\WINDOWS\system32\inetsrv\compfilt.dll InMem: 1 Det [G] MD5: A508BA01828E186E696FC42C8CD84CDB PX5: BEF083630025D9E85E6800A10511A200CDE7CF4E
C:\WINDOWS\system32\inetsrv\gzip.dll InMem: 1 Det [G] MD5: AACF52A1ACB6501141AA19AE9FCCC49B PX5: 44C90FF50007F34E7E930080FF571100289CC0CD
C:\WINDOWS\system32\inetsrv\pwsdata.dll InMem: 1 Det [G] MD5: 7F98EBF485791CDB18B3F9423501A38A PX5: A29FD6940008B9AA1EF3000E2E4F1B001C39D49E
C:\WINDOWS\system32\inetsrv\md5filt.dll InMem: 1 Det [G] MD5: B95FEB9015150C56713F2BEA68897390 PX5: 584956CE0021DAAA9432000521C08C0033D363C5
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll InMem: 1 Det [G] MD5: BF23E14090506392633FCA653A9C2FB4 PX5: 422E11D50899CEFA56A10065F50C9800916CCC0C
C:\WINDOWS\system32\inetsrv\httpext.dll InMem: 1 Det [G] MD5: 2312379661D7A943C88F18B6405D526A PX5: CFE233DB0095A75F180404E4D29D85003424B617
C:\WINDOWS\system32\inetsrv\iislog.dll InMem: 1 Det [G] MD5: 120EF93BDE9B8B7F1985E1726A62DB13 PX5: 01587D1200E239E038C901C699E5780070C0706A
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe InMem: 1 Det [G] PX5: BE49081A7043EC47398ABD39302FA00174278074
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSSQL$SQLEXPRESS - ImagePath [C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.ex]
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll InMem: 1 Det [G] MD5: 3F06B87841589F20C842BA71DE4434D3 PX5: 5705CBCE00CDFB7384FA08D41193B300A8C4800C
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll InMem: 1 Det [G] MD5: E111CED19D6A9FF9BBA5C219D0C5A3CE PX5: B078A195D85EF541527000708868EC00699773F0
C:\Programmi\Microsoft SQL Server\90\Shared\instapi.dll InMem: 1 Det [G] MD5: 7B193BA3F0245D5867B71AD1CF631474 PX5: DAC26554D893AC24883A00B596217B00B9C73125
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1040\sqlevn70.RLL InMem: 1 Det [G] MD5: 4189B456FD01B542E163F36318F678DC PX5: 499EE2207014DA9E89101F07F6D529009842E2E9
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.RLL InMem: 1 Det [G] MD5: C7581E9078A6DB347DC52561A0FD148F PX5: 42787C3B70FC12B68D531AE7F01F3400FEB71321
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLOS.DLL InMem: 1 Det [G] MD5: F09654453EE685C2AD58ADA2BED46DC8 PX5: C28849F6709E27BA459800A64672AA00CBCBCAD8
C:\WINDOWS\system32\MSCOREE.DLL InMem: 1 Det [G] MD5: 94C96B183968FEB35A60668C2DB0972E PX5: 2FF012BA00BB752D4E8504215026F6009A6054D1
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe InMem: 1 Det [G] MD5: 5C4910FC70D2D3DB20398EF680E34AAB PX5: F59EAB8B006B9387B0380602BA1B2900B2EEEA33
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - LogitechCameraAssistant [C:\Programmi\Acer\OrbiCam\CameraAssistant.exe]
C:\WINDOWS\system32\MFC71.DLL InMem: 1 Det [G] MD5: F35A584E947A5B401FEB0FE01DB4A0D7 PX5: 6CC9C2640078308D309410C7EE8D9E0004FCAA75
C:\WINDOWS\system32\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\Programmi\Acer\OrbiCam\VLib.dll InMem: 1 Det [G] MD5: E87AF743D73EFBC88E501F3609F39561 PX5: 1CACEB08001923BA507A026D32C31D004BAA0162
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll InMem: 1 Det [G] MD5: 100136F3C317B3FBFFD33B9409AED1C3 PX5: EEECA2A200AE193420E61AFE5130B8009DDBAA0F
C:\WINDOWS\system32\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\Programmi\Acer\OrbiCam\VxLib.dll InMem: 1 Det [G] MD5: D720F2AA187211D2D1A856B812739BCC PX5: BCDE47B800B924529077021D3242CC000C1F8179
C:\Programmi\Acer\OrbiCam\VxLibRes.dll InMem: 1 Det [G] MD5: 398D918D07F44DAD2769B217D749543D PX5: 676603300002E9D0A07000DAEB045C003E9A8BBF
C:\Programmi\Acer\OrbiCam\CameraAssistantRes.dll InMem: 1 Det [G] MD5: 9DF02C8362B02145BDD4E97E69BDE193 PX5: 000CA20800829582A0B609F46002C8009A450FD3
C:\WINDOWS\system32\lvmaenum.dll InMem: 1 Det [G] MD5: 9348CD749E2915D04FD0E2E3B68FCFCF PX5: 7B5F371D00E5E52120910426171C6800877913BE
C:\WINDOWS\system32\lvcomcx.dll InMem: 1 Det [G] MD5: B4747D22E0E2A536FE9537A43CE03EC0 PX5: D8C96968005A7ED03086019F00472600B0D1EAF4
C:\Programmi\NDAS\System\ndassvc.exe InMem: 1 Det [G] MD5: 8A537C1230BC44529CEE7835BBA27CE2 PX5: 7FAF7F1E00AC8D71C89805F92B9E8800C5CA9FF4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ndassvc - ImagePath [C:\Programmi\NDAS\System\ndassvc.exe]
C:\WINDOWS\system32\wshlpx.dll InMem: 1 Det [G] MD5: 3C1C9F5DCEC06B1961938D08106B22A6 PX5: 8326232C00EA00C730AF0028757BF2005F1EE40B
C:\Programmi\CDBurnerXP\NMSAccessU.exe InMem: 1 Det [G] MD5: FD306FBCCE7ADB1077B709742E7148E9 PX5: C8EDCE31B8222D5715A6015EAEA95300545ADED3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NMSAccessU - ImagePath [C:\Programmi\CDBurnerXP\NMSAccessU.exe]
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe InMem: 1 Det [G] MD5: 1B2857EF12D79A9F9ADBA14B0637CBF8 PX5: 6516AFBE4CC96AE750ED03B84C74570050A0BEAF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RegSrvc - ImagePath [C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe]
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe InMem: 1 Det [G] MD5: 3EE0CBB405AF078F7C25FDB64E4B68F5 PX5: A8B7E4AA40A46C97267903DDD3BBFA0095FD9C56
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SentinelProtectionServer - ImagePath [C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Se]
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dll InMem: 1 Det [G] MD5: 544B93903BA58C125B362B81593F1AEB PX5: 6F4DD84740079D15E6CB00E300E1CC00F46F1C7E
C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe InMem: 1 Det [G] MD5: D2B096CD2F56FAC6EEEED9A77DDF6DC8 PX5: 490926EA702F0E61B39603B3B1CACB00ECF47DC3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SQLBrowser - ImagePath [C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe]
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe InMem: 1 Det [G] MD5: 54902536AAD0E9B99BC65F89C0CAF93F PX5: E18E290D7048C3C65F6F0116C44A8D007D80866B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SQLWriter - ImagePath [C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe]
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll InMem: 1 Det [G] MD5: 7913192BBE5A5B6253668C60DC5682D6 PX5: FA06244E70BD0987BFA30231FD71CD008F0D6E9F
c:\windows\system32\wiaservc.dll InMem: 1 Det [G] MD5: 385CF0E9C4679D23E1E8715AF2116D03 PX5: B69A81C6002918EE1A4705E2549FBB00ED5C7BBD
c:\windows\system32\mscms.dll InMem: 1 Det [G] MD5: CD669D359DAD2AB7EE5F6E09010A6167 PX5: DF52A2B9002BAEF722FE01B4E2E8B900D4427BF9
C:\WINDOWS\system32\wiavusd.dll InMem: 1 Det [G] MD5: DAE4E1AD7CF2AA78424BD2B6BF2DB366 PX5: CC2C64DB009D9F813874022307DBEE003E1E8A5C
C:\WINDOWS\system32\sti.dll InMem: 1 Det [G] MD5: 8F44BA342774B5CC5E5A6A0B68E5ECC3 PX5: D0C61BDE00B5681C0CA40120655A6E00CC4935F5
C:\WINDOWS\system32\mqsvc.exe InMem: 1 Det [G] MD5: 3334F9371C592F1DA1153DF28E833548 PX5: B63A7FBE00C58F1A1208003017489B004D41F422
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSMQ - ImagePath [C:\WINDOWS\system32\mqsvc.exe]
C:\WINDOWS\system32\MQQM.dll InMem: 1 Det [G] MD5: C8DC0D46E9EA3C1603821CF49067CFEF PX5: D56C9D92007056F116A90AD751AB1C000074C7A6
C:\WINDOWS\system32\mqutil.dll InMem: 1 Det [G] MD5: EF3773F38E9833CD61A18DFC21CEAF1B PX5: 44AE7E7A0036F4EAEC91073277ABD1006CE9A5F6
C:\WINDOWS\system32\mqsec.dll InMem: 1 Det [G] MD5: 57429EE0E8CC11992DFF2FBE6D503432 PX5: 97B4A7260043551F766901C352562B00D592B92C
C:\WINDOWS\system32\MqLogMgr.dll InMem: 1 Det [G] MD5: AC5A4DFD789AB13EA5DCD3A22FEFAD04 PX5: AFA6469E00E7127A5C0801932AC1D7007E274DFA
C:\Programmi\Ahead\InCD\InCD.exe InMem: 1 Det [G] MD5: 31A6D3677409FA765D7A771D467F90B7 PX5: 400C9C3F004F84D5560915327E069A0056ED9715
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - InCD [C:\Programmi\Ahead\InCD\InCD.exe]
C:\Programmi\Ahead\InCD\InCdApi.dll InMem: 1 Det [G] MD5: 6D1DD6824310AE51CD03EBDE6A8F69AB PX5: 2D288A530035E250021F0B515317CA0097CCAA5E
C:\WINDOWS\system32\CAP3RSK.EXE InMem: 1 Det [G] MD5: 286E0970EA8816C5E272677D6273B2C0 PX5: 2727654848795F35F0F800A2A12BFB00BF0279FF
C:\WINDOWS\system32\ElkCtrl.exe InMem: 1 Det [G] MD5: 35CADFC53E7D7E4336E7C9C04D66C82B PX5: 3D33DD1600E1A10C006104A597E263004DF0CBF5
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - LogitechCameraService(E) [C:\WINDOWS\system32\ElkCtrl.exe /automation]
C:\WINDOWS\system32\oledlg.dll InMem: 1 Det [G] MD5: FB53B33D3BE4F5CCA3FB284C174D64DD PX5: 0B349EEF008794C4E808012EA6CE1B00B3F527C5
C:\WINDOWS\system32\LVCOMSX.EXE InMem: 1 Det [G] MD5: 9315E6E806CFD11268E43524CD27CF8F PX5: 0BF8301900BBBA29709103C214CE4000E266C8CC
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - LVCOMSX [C:\WINDOWS\system32\LVCOMSX.EXE]
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe InMem: 1 Det [G] MD5: EB95CE92F946230D8FEC416DF0D51593 PX5: 1D8F6121459E5F0DB07B0814DF824300A96C2423
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - EOUApp ["C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"]
C:\Programmi\Intel\Wireless\Bin\MurocApi.dll InMem: 1 Det [G] MD5: D83C6B696759A652BC746D0158B3D216 PX5: 7558D94E456A824410940323E36E68001CF3194C
C:\Programmi\Intel\Wireless\Bin\S24MUDLL.dll InMem: 1 Det [G] MD5: BC16F9AED00313E3B10DB3CE9E713711 PX5: 7FFFBABD496D759650CF01D864F06C00D216D4DD
C:\Programmi\Intel\Wireless\Bin\PfMgrApi.dll InMem: 1 Det [G] MD5: 0ED8F17F620942BE311D8C2EB4A688A1 PX5: 9C4D70994A0ACF48A06D09B9AEAE3800B870E4CA
C:\Programmi\Intel\Wireless\Bin\DbEngine.dll InMem: 1 Det [G] MD5: 332F6EF90E6E257A5F84272964C59746 PX5: 4340BCBC4B2C54E180B3037B1A8DC60069383A78
C:\Programmi\Intel\Wireless\Bin\EOUWzITA.dll InMem: 1 Det [G] MD5: 9802D6000425A8FC051404260E500025 PX5: 981CABD8005EB187D06F0163806C76001662E4FC
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe InMem: 1 Det [G] MD5: D4830448B45CDD45F4285DC6E152764F PX5: 7786295B463AC2ED30B909E742831A00C6EA4765
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - IntelWireless ["C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/]
C:\Programmi\Intel\Wireless\Bin\FrWrkITA.dll InMem: 1 Det [G] MD5: A8EC33B4D52DE138A5D157BDFD62F572 PX5: 228B7EBE00BAA269B0F700210607410006C5D11E
C:\Programmi\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll InMem: 1 Det [G] MD5: 271D5498DF24D11F01B2CC639ED6A4B1 PX5: 8382EEFA4365228AE07F10E5389015000AD45419
C:\Programmi\Intel\Wireless\Bin\IntWAITA.dll InMem: 1 Det [G] MD5: 79BB53E8179891373A542FF8D3CBF6ED PX5: AB2C02090035D2269055050BB35ED800E86145AA
C:\WINDOWS\system32\wbem\wbemprox.dll InMem: 1 Det [G] MD5: CECE259D273771497D2C96C8121D9C58 PX5: 118AA1B200D76A754A3B0017C7664600A1463C19
C:\WINDOWS\system32\mqtgsvc.exe InMem: 1 Det [G] MD5: E996F75167E1F90B161E68688E626FDA PX5: 0229A99D00F51B8DCA2C012555ADC10009A24A5A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSMQTriggers - ImagePath [C:\WINDOWS\system32\mqtgsvc.exe]
C:\WINDOWS\system32\mqrt.dll InMem: 1 Det [G] MD5: 676F57EB9D7A46DB64A693480963B7C6 PX5: 3FC21652006CB2DEB4C602A829CA46009B6CFBFF
C:\WINDOWS\system32\MQTRIG.DLL InMem: 1 Det [G] MD5: 9663C06B92F71F7D4E33954CA98EBC1A PX5: 27CFF56A00CAE262DAD902CE6CB77B0096C00772
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe InMem: 1 Det [G] MD5: B402D4C987ED57B0DE3E2667409785C1 PX5: 295396BC4630556930BE0A1C17C68B002A16B81B
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - IntelZeroConfig ["C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"]
C:\Programmi\Intel\Wireless\Bin\ZcSvcITA.dll InMem: 1 Det [G] MD5: D6FE8BC829BBE27A843CFE0441743248 PX5: 8E7AB7BD004FC962E0260016404CDE002C2AFE06
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe InMem: 1 Det [G] MD5: 6F0AA1F6467793B7651AF71C8508D69A PX5: 35564EB85BE56B0D90AA0A608190CA00DF776BE8
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SynTPEnh [C:\Programmi\Synaptics\SynTP\SynTPEnh.exe]
C:\WINDOWS\system32\SynCOM.dll InMem: 1 Det [G] MD5: 2DB337F8AC30114BE595A8C0E66F7846 PX5: EA9C01D45E83138440D7013A7663FD00EE52993D
C:\WINDOWS\system32\SynTPAPI.dll InMem: 1 Det [G] MD5: E477785F0F1445D73DC2EA3AA174690F PX5: E70D682D5B77923A60C001A3DA520F00DA74391E
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe InMem: 1 Det [G] MD5: 402541819CA99CD10E730E80F73CD7ED PX5: EDBFC8155BD734349059013C04877C00E4EB18C6
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SynTPLpr [C:\Programmi\Synaptics\SynTP\SynTPLpr.exe]
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe InMem: 1 Det [G] MD5: D4F0F7437327DBAA264338BAAFB5E5AF PX5: 658E1F1B905B4E3D05360276C335CD0058FB5A32
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SunJavaUpdateSched ["C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"]
C:\WINDOWS\system32\ctfmon.exe InMem: 1 Det [G] MD5: 5B33B4265966EE063C7FBEA28958D9C2 PX5: 7BE460C100E5509F3C0D00F14B5A510097B91217
REGRUNKEY - \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-21-1482476501-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run - ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe]
REGRUNKEY - \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
C:\WINDOWS\system32\MSUTB.dll InMem: 1 Det [G] MD5: FC6C38A1249D86FC62F72C8A5E3379DB PX5: 7A3AA486004261ECFC5902E8FBAFDA00B6B25BB1
C:\WINDOWS\system32\wscntfy.exe InMem: 1 Det [G] MD5: A49C11376727F7ADC7E206E4C89B24E1 PX5: A36EE43900E6E09B3694008A88863A00DD6FF528
C:\Programmi\Microsoft ActiveSync\wcescomm.exe InMem: 1 Det [G] MD5: 98B43AE3E9DDC065C7191D1CF10EFDB3 PX5: 8629DAFF28DBB1D77B191203C0DAA300457A1405
REGRUNKEY - \REGISTRY\User\S-1-5-21-1482476501-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run - H/PC Connection Agent ["C:\Programmi\Microsoft ActiveSync\wcescomm.exe"]
C:\WINDOWS\system32\CEUTIL.dll InMem: 1 Det [G] MD5: D07C02C6E1A63EAA4D0E751DC01EB071 PX5: 99935D2028F37FF74F7300C5376C8F001A73DB9B
C:\WINDOWS\system32\RAPI.dll InMem: 1 Det [G] MD5: 5272B3351793BA4CDC0E7A8601641398 PX5: F23C9B7128D2B014FB790105A15DC400594535AD
C:\Programmi\Microsoft ActiveSync\TCP2UDP.dll InMem: 1 Det [G] MD5: 2F4008BA94B1143F3364F5A0E63EEE77 PX5: 06E02C64285A89A355180097A5F44A00A55C959B
C:\Programmi\Microsoft ActiveSync\rapiproxystub.dll InMem: 1 Det [G] MD5: 178CA7028BB5788E09ABA754F1A58FDA PX5: 0DF8ABC828EACD0C45A500788C877F00FF609A22
C:\Programmi\Microsoft ActiveSync\dtptdns.dll InMem: 1 Det [G] MD5: 839EE66941046394564FEA94B169EC27 PX5: C3EE37DA28A5547F3F3E00E78590CA006DD8E9A0
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE InMem: 1 Det [G] MD5: 244BBD4AE7B7BCE2648524D9680F588F PX5: FF90EA95001E8CA8185F02A2F91BE600F666398A
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3PMN.DLL InMem: 1 Det [G] MD5: 15BB7357B6D0E89A31013B1A5BC31CF9 PX5: 14C2BA5E003571A90ECB0207986E4100AF44B67F
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SMK.DLL InMem: 1 Det [G] MD5: 11EF6AE723581D8905B04E3BF251A675 PX5: 97EC6ABF00C0919FA0EA003792FB770061639559
C:\Programmi\Microsoft ActiveSync\rapimgr.exe InMem: 1 Det [G] MD5: CB39A9971C647515F9F81C4237D9EC03 PX5: 9E2A06E128F239B7DB710209F68FFE0037D84C57
C:\Programmi\Microsoft ActiveSync\msvcp71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe InMem: 1 Det [G] MD5: CFE5228556C93D03D6753E7953CCD4A9 PX5: B5AA2BA16A979DE250CE0313031F4700AEE03EC0
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.ita InMem: 1 Det [G] MD5: FEB79FB44BEA59E110A2CBA7330CFE80 PX5: D77CFC560044324F708B00D65A10A400843D1848
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe InMem: 1 Det [G] MD5: 7790196AED5771815F7DF3FAF7D4B3B4 PX5: 88A8E5BF3D99DBC9706809339498FA00BBB15D7B
C:\WINDOWS\system32\btosif.dll InMem: 1 Det [G] MD5: B7CD0D7A30472C5A3A31A1180EB2CDF2 PX5: 02F767F5005C21A5E08B01A1570EAC0098DF4895
C:\WINDOWS\system32\btwhidcs.DLL InMem: 1 Det [G] MD5: F0C62AAF2CBE1F7D25D132E87B92C35B PX5: 0621BACE0045EEFEA09403979D4311001306201F
C:\Programmi\WIDCOMM\Bluetooth Software\BtBalloon.dll InMem: 1 Det [G] MD5: EF6B9AA9152592524BA8B7DEEF8AEE3A PX5: DCA8E0CD007BE6D2C0C100C603326A00F29B3E75
C:\WINDOWS\system32\btrez.dll InMem: 1 Det [G] PX5: CF55A4300023A44B30EF3010F2B13000EFAD391A
C:\WINDOWS\system32\CSH.dll InMem: 1 Det [G] MD5: 26AA1984EC4E50E4D91C25EC46E11AA8 PX5: D420C6B30003F1F4C44C00DCCDBD83008BBDDB89
C:\WINDOWS\System32\alg.exe InMem: 1 Det [G] MD5: D4A42BF3C11302AA3CCD857034EF1E54 PX5: A1E5D90F00A84BB2AEC200E087F3A200AB0BF90E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG - ImagePath [C:\WINDOWS\System32\alg.exe]
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe InMem: 1 Det [G] MD5: 0335FD5493864EAC41785FA92C3D5E1D PX5: 34D914DB45F8C864108106F666589A00DD576262
C:\Programmi\Intel\Wireless\Bin\acAuth.dll InMem: 1 Det [G] MD5: 7AA09D937F0B77241D42310FACFF762E PX5: AE0074416E448D95D0C00E80B30E9000AFBB6444
C:\Programmi\Intel\Wireless\Bin\C1XStngs.dll InMem: 1 Det [G] MD5: 489A05416A58822995F5C03F235D3786 PX5: AFA1E8964BD526CBF0E9082D658AF700208CEAC2
C:\Programmi\Intel\Wireless\Bin\C8021ITA.dll InMem: 1 Det [G] MD5: 4FA866E8113F31C21C85D0024C2C1A65 PX5: 981CABD8005EB187706F0163806C7600BBAE8239
C:\Programmi\Intel\Wireless\Bin\LSAWRAPI.DLL InMem: 1 Det [G] MD5: 6DAF61E973FFCC4F62DE2AA8B5C044A2 PX5: D9F113AE4A399A53C0B6004C52311D002398727D
C:\WINDOWS\system32\cidaemon.exe InMem: 1 Det [G] MD5: C51532501E042BC1948AE3735C04C919 PX5: 294C30670067C14D209300448CFCAF0090848BF3
C:\WINDOWS\system32\infosoft.dll InMem: 1 Det [G] MD5: 360EC47679ACA2205598E71349B8B2E9 PX5: 2CDB31710086C2C1E08406D1C61673004093D560
C:\WINDOWS\system32\WISPTIS.EXE InMem: 1 Det [G] MD5: 9C492FEC0D62844ADFA1FD910F0AF3B8 PX5: 07CADFFC004725127A4A04D3FFF08100FDC17ABB
C:\Programmi\File comuni\Microsoft Shared\INK\TPCPS.DLL InMem: 1 Det [G] MD5: 33A823764E5C96B602127DCE7B0A1187 PX5: A644483A00E03422BE24000E7CC35100A11785F2
C:\Programmi\Avira\Avira Premium Security Suite\avcenter.exe InMem: 1 Det [G] MD5: 23A1670A51C783908223EF948FDC7A7E PX5: DD121246285E7F3750FE0A4D006809000CC7F4CC
C:\Programmi\Avira\Avira Premium Security Suite\cclib.dll InMem: 1 Det [G] MD5: 044AA0D0E4C7F8A1D76C234D19A57148 PX5: 768B5AC4280EA7FD7074011097BB14002920CD4B
C:\Programmi\Avira\Avira Premium Security Suite\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
c:\programmi\avira\avira premium security suite\ccmainrc.dll InMem: 1 Det [G] MD5: 97E2E5255271BB3B522272B00F99960D PX5: 495E5BD2286C53FB503600670E0EB80096F4B314
C:\WINDOWS\system32\hhctrl.ocx InMem: 1 Det [G] MD5: ACF5FAE68ECE86C536346DD7013B66CD PX5: 3A3A400300CF41F6565408AC6071460085CCA9C8
C:\WINDOWS\system32\mui\0010\hhctrlui.dll InMem: 1 Det [G] MD5: 126A1B4A38BDEEB1CDF0E06E5A547669 PX5: BA28999700DF7F81607B01C7951F4A005B77C7B8
c:\programmi\avira\avira premium security suite\ccgen.dll InMem: 1 Det [G] MD5: 9BB8D9C196C085516D9DA1CF8031E159 PX5: 77B3089D2809DF07F09E077D541981004083B838
c:\programmi\avira\avira premium security suite\ccgenrc.dll InMem: 1 Det [G] MD5: 9909BC3EEF21F91C7847702186121F4F PX5: 56FEBF3028719D3840C600639B4D0000B0AAE95A
c:\programmi\avira\avira premium security suite\ccprofil.dll InMem: 1 Det [G] MD5: C7784BD4C8E8EAAA1E4D48FACBF0D485 PX5: BAD014A62827CC3B304E04FCFC57E800F8EBBA0C
c:\programmi\avira\avira premium security suite\ccscanrc.dll InMem: 1 Det [G] MD5: 496D632E995E5CE34D315C22DE157B97 PX5: FB83DC9928A2D39A5685001524798200CB56C877
c:\programmi\avira\avira premium security suite\ccguard.dll InMem: 1 Det [G] MD5: 279EA6186246BCB7B84463FCAD96FEE2 PX5: 412784692838408BB0A3036F7902180063948CB0
C:\Programmi\Avira\Avira Premium Security Suite\avipc.dll InMem: 1 Det [G] MD5: 5C9F889BA6D8B232EDC51D3BE271BE88 PX5: 9DF4EB73280E779520AB013F5A09370023B11150
c:\programmi\avira\avira premium security suite\ccgrdrc.dll InMem: 1 Det [G] MD5: 90C292654D01AB40C91B0C63D7437C85 PX5: 0089EED028BC276F4CAF003CD44DB300482FECA1
c:\programmi\avira\avira premium security suite\ccmguard.dll InMem: 1 Det [u] MD5: 339896149AAC5C97CDC7A663C976DC3B PX5: 4116693128E44350D0730452F5E04800F4475928
c:\programmi\avira\avira premium security suite\ccmgrdrc.dll InMem: 1 Det [u] MD5: E869ABEDA04CDA60C0CB61EEC157EC38 PX5: 6EF3C5FE286D70495022000C27181B005BC047DB
c:\programmi\avira\avira premium security suite\ccwgrd.dll InMem: 1 Det [u] MD5: 3D42096D0479E03F94288F8215C4C3AD PX5: 9292EC53285F82B140E40226BE7676004172928C
c:\programmi\avira\avira premium security suite\ccwgrdrc.dll InMem: 1 Det [u] MD5: 20BC2DB86058517A591403B172C38995 PX5: F916494E28E7B4472E9800772FE65600F61E13B6
c:\programmi\avira\avira premium security suite\ccfw.dll InMem: 1 Det [G] MD5: B0F39F17D0FCCED723AC051F2E0355C6 PX5: 6E191A602843BFBA003F0FDA18CC87003E751B5C
c:\programmi\avira\avira premium security suite\ccfwitf.dll InMem: 1 Det [G] MD5: 39D5AFCF71EA223803ACC88F33BB82D5 PX5: 6125CAB7287A6A09C0AA020EF9D774003BFDFACB
c:\programmi\avira\avira premium security suite\ccfwrc.dll InMem: 1 Det [G] MD5: F37A00532F2D8F52CED1D68D0EBB3DF4 PX5: EE3BF6FA282B1436309D011477AEBF00D146723B
c:\programmi\avira\avira premium security suite\ccquamgr.dll InMem: 1 Det [G] MD5: 0A6645EF7282706A6A957A4AD42D5C36 PX5: 4127D3BD28A2AB2B802B03766CBCA10063B44BD2
c:\programmi\avira\avira premium security suite\ccquarc.dll InMem: 1 Det [G] MD5: 1BE5474B712C4F6CC983ACC907D01C85 PX5: 11088AAC28D766DD3C0600C44AED2C0075CFDDB9
c:\programmi\avira\avira premium security suite\ccsched.dll InMem: 1 Det [G] MD5: D97501678D87106BC0E780FE83A1172C PX5: 1FC72D3D28B4A38DA0E80240B09C8E00E8B5ADEB
c:\programmi\avira\avira premium security suite\ccscherc.dll InMem: 1 Det [G] MD5: 85FA3E99452EB072A63C8E91A2275BE6 PX5: F5AC17B1283FE569427600F763CDFB0028231DF0
c:\programmi\avira\avira premium security suite\ccreport.dll InMem: 1 Det [G] MD5: 48F26009061F7F71621F0B036A7935AF PX5: DD100C122822C2F1509F0276DDE12800ECB2AF77
c:\programmi\avira\avira premium security suite\ccreporc.dll InMem: 1 Det [G] MD5: 461B80EAA9A7C81522987854E2AE6E2D PX5: 1BA7C2BB28A3847A2CCE00F3C9B8460045308FBB
c:\programmi\avira\avira premium security suite\ccev.dll InMem: 1 Det [G] MD5: ECA941E3CA8FB3652063C2C1C6C018C5 PX5: C9035E6F2891ED9490F402A33A6A0100E6E7BB93
c:\programmi\avira\avira premium security suite\ccevrc.dll InMem: 1 Det [G] MD5: 92B94893F476C3BE127B6175CF5EDCC3 PX5: 78D193132836BE7132F700ACA9883900645C1EF6
c:\programmi\avira\avira premium security suite\ccupdate.dll InMem: 1 Det [G] MD5: 004A9D1F0B794F9D561EC17D6008CDE3 PX5: 8A544ADF284FDD9AD03401092B9E1A004E4F6B6C
c:\programmi\avira\avira premium security suite\ccupdrc.dll InMem: 1 Det [G] MD5: 043F03BF6AECEB4CAB16EB2475AC1EB2 PX5: 3063D35A28592AD2264E00B7320D13007837D14F
c:\programmi\avira\avira premium security suite\cclic.dll InMem: 1 Det [G] MD5: 2D1F21120B282CE3ACC8A4F4295BA277 PX5: F27BB84A283B9DE30045016B83B6EF0098C5BF89
c:\programmi\avira\avira premium security suite\cclicrc.dll InMem: 1 Det [G] MD5: 7D55FCA8962D057DF4428C70B943E31D PX5: 4F74237E286ABDD4166100C4FD144400D0B373C9
C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe InMem: 1 Det [G] MD5: 6E898F5959E7195D64594C30E9251938 PX5: 6531FF2628CBABF3D063037C6653E4001102191E
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - avgnt ["C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe" /min]
c:\programmi\avira\avira premium security suite\ccmsg.dll InMem: 1 Det [G] MD5: AF3924D3778AA3FAD35952FBE35464F3 PX5: A23F9BB12832A836303701D5CDAC5A0092517C41
C:\Programmi\Avira\Avira Premium Security Suite\sched.exe InMem: 1 Det [G] MD5: A6FA9C14E649B2F3DE15390A1840774D PX5: 6CAA4D9428FF4181F652007A83AB0A00DA55705B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AntiVirScheduler - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\sched.exe]
C:\Programmi\Avira\Avira Premium Security Suite\schedr.dll InMem: 1 Det [G] MD5: D2C00391662797FACF1812E6EE048DEA PX5: 3EED313928836D741CBC00D8F972DA00C8B9EAE0
C:\Programmi\Avira\Avira Premium Security Suite\avevtlog.dll InMem: 1 Det [G] MD5: FCFB14DDB8998946812564DD9EB5668D PX5: 6C69B2232898B1DB502001E74E98D40006DE7750
C:\Programmi\Avira\Avira Premium Security Suite\sqlite3.dll InMem: 1 Det [G] MD5: 27EBFAA2F4C2611655534A73D2F62A3F PX5: C028A8800040DCC9302C050FDBBC7600AB5D37C6
C:\Documents and Settings\Alberto\Desktop\avenger.exe InMem: 1 Det [GP] MD5: 632F23BFF4BC7BB9F880E5C6E144C0D6 PX5: FFB1D6FF00A6E24EFCBA01DBF6C6720030D24BA8
C:\WINDOWS\system32\wbem\wmiprvse.exe InMem: 1 Det [G] MD5: C6A8E291E783ACBCDEF2742776E4FC39 PX5: E8727A81009B6F67547D03755F885300B29A27AB
C:\WINDOWS\system32\wbem\cimwin32.dll InMem: 1 Det [G] MD5: 5E64BA8EE777713C590912639F32A02A PX5: 517C956500EBC173A45D14722CBE3100ACD79F1A
C:\WINDOWS\system32\wbem\framedyn.dll InMem: 1 Det [G] MD5: 95F398A46A0C449F220D5B6CE5897905 PX5: 277AC8E500749021D640021DA8B978008E053355
C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe InMem: 1 Det [G] MD5: EF30730223860B8BA1ADCC4AC069CD12 PX5: E806C644540DB889501415C1BE7FE7001D2CA113
C:\WINDOWS\system32\btins.dll InMem: 1 Det [G] MD5: 35BD1C20004D1406247B9AD59ED4FA91 PX5: F2DE8B9200C017C010470738359C700068F56E8D
C:\WINDOWS\system32\BtAudioHelper.dll InMem: 1 Det [G] MD5: 41292884A9B75553CF713A088A4EDF92 PX5: 60C3743600122CED20320168EB52320024444A44
D:\Documenti\File ricevuti\PREVXCSIFREE.EXE InMem: 1 Det [G] MD5: 5B3F4F9E32EAFE0A975BAFC596BAED9D PX5: 3043F13238834E377CDF093924CA370089D32B25
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\Tmp___28092\prevxcsi.exe InMem: 1 Det [GP] MD5: 0A142F5C52D56C947CB14DCF2DAAFFBB PX5: 8C75877B00DBED6E5E6B018A7647BF00E2C6767C
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\Tmp___28092\csicore.dll InMem: 1 Det [GP] MD5: A0D72E93B9799CDAD4188C85E248A0F7 PX5: F7966D21001605564AE204900658AF008C09D10D
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\Tmp___28092\csiLang.dll InMem: 1 Det [GP] MD5: 40BC04CD06528EBCFC414AD6F7C845C1 PX5: 44FC3B0000F3E5169AC801313D264500534E49D3
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\Tmp___28092\csiPart.dll InMem: 1 Det [GP] MD5: 038037C580B4D4C276407F44F3848D91 PX5: 459EEE08004BB0E8AC8A0015FA256700572E1113
C:\WINDOWS\system32\DRIVERS\ACPI.sys InMem: 0 Det [G] MD5: AD825CB3397C837D1FB91D566D78DE04 PX5: 6EB7D724001F4D96E0A8029EF0BB700070C5BA93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI - ImagePath [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
C:\WINDOWS\system32\DRIVERS\ACPIEC.sys InMem: 0 Det [G] MD5: 49AC5CD87FBDDA62F3E25190019E7627 PX5: F21BE3DC800E8A0A2F3C009238A73C008905B399
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPIEC - ImagePath [C:\WINDOWS\system32\DRIVERS\ACPIEC.sys]
C:\WINDOWS\system32\drivers\aec.sys InMem: 0 Det [G] MD5: 1EE7B434BA961EF845DE136224C30FEC PX5: E884BE24808C5EEB2C92028B464629005484ED65
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec - ImagePath [C:\WINDOWS\system32\drivers\aec.sys]
C:\WINDOWS\system32\DRIVERS\AegisP.sys InMem: 0 Det [G] MD5: 12DAFD934641DCF61E446313BC261EC2 PX5: 253D0DCA1B4E2E6953C60021E164AD00420640FC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AegisP - ImagePath [C:\WINDOWS\system32\DRIVERS\AegisP.sys]
C:\WINDOWS\System32\drivers\afd.sys InMem: 0 Det [G] MD5: 5AC495F4CB807B2B98AD2AD591E6D92E PX5: EE224F5C0089E9241DEF0273688B740025971F4C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD - ImagePath [C:\WINDOWS\System32\drivers\afd.sys]
C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe InMem: 0 Det [G] MD5: 998AB578AFAAC69D39D95FCD3D7B15BD PX5: 2873CD432885DF8A905004F0A0E23E00664D867E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AntiVirFirewallService - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe]
C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe InMem: 0 Det [G] MD5: 16576FC1D3DA3BDE0D39BAE4F32598AB PX5: F629C64F2857037410C20249BC0DE100DFB13B2F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AntiVirMailService - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe]
C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe InMem: 0 Det [G] MD5: F640EA98231D7B1DB730385813BFCE79 PX5: 040D894228A9A34A44E403C487AA3900C738BCB4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AntiVirService - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe]
C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE InMem: 0 Det [G] MD5: 85F611D4E56B1444E6389CA45CEBDAAD PX5: 2DD5D5E928E5317550F303D4730DF5005D7FE035
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\antivirwebservice - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\AVWEBGRD.EXE]
C:\WINDOWS\system32\DRIVERS\arp1394.sys InMem: 0 Det [G] MD5: F0D692B0BFFB46E30EB3CEA168BBC49F PX5: E79B803D809043E9ED9C00655C5EAE00E1E46E49
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Arp1394 - ImagePath [C:\WINDOWS\system32\DRIVERS\arp1394.sys]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe InMem: 0 Det [G] MD5: 4EABF511B1AF176A971C3271E48FA3A8 PX5: 700BB9B808038308846600EF74731100EEABDE2B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aspnet_state - ImagePath [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe]
C:\WINDOWS\system32\DRIVERS\asyncmac.sys InMem: 0 Det [G] MD5: 02000ABF34AF4C218C35D257024807D6 PX5: 8BD45D2B002F3B40389D007E91CC59004B62F8E9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac - ImagePath [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
C:\WINDOWS\system32\DRIVERS\atapi.sys InMem: 0 Det [G] MD5: CDFE4411A69C224BD1D11B2DA92DAC51 PX5: 9D6081B280209DE174C2011395153C00E47C5A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi - ImagePath [C:\WINDOWS\system32\DRIVERS\atapi.sys]
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys InMem: 0 Det [G] MD5: D81980C64543BA5C39DD2A92DC1D2DAF PX5: E4C51B6C00FF78FD8E1A1503F36F6500164DBB12
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ati2mtag - ImagePath [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]
C:\WINDOWS\system32\DRIVERS\atmarpc.sys InMem: 0 Det [G] MD5: EC88DA854AB7D7752EC8BE11A741BB7F PX5: C41A09F600246E0AEA81009B2DE4BF0073057136
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc - ImagePath [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
C:\WINDOWS\System32\drivers\atmepvcc.sys InMem: 0 Det [u] MD5: BCF99261AC772E6C8DBA0FD3F1A01445 PX5: 5E1BBE0480CF2BBC501201D44C5B1D0002E3B327
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atmepvcc - ImagePath [C:\WINDOWS\System32\drivers\atmepvcc.sys]
C:\WINDOWS\system32\DRIVERS\audstub.sys InMem: 0 Det [G] MD5: D9F724AA26C010A217C97606B160ED68 PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub - ImagePath [C:\WINDOWS\system32\DRIVERS\audstub.sys]
C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe InMem: 0 Det [G] MD5: 55246E659CD90422801791F6610D5BE7 PX5: F69851DB287CFF3932F8000B9ED1E90046266061
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AVEService - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe]
C:\WINDOWS\system32\DRIVERS\avfwim.sys InMem: 0 Det [G] MD5: 78C36BA43CC0F4EAA886A834E0B77048 PX5: BC8D4822A8558BA6EE0600035D5F340060E89DBD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avfwim - ImagePath [C:\WINDOWS\system32\DRIVERS\avfwim.sys]
C:\WINDOWS\system32\DRIVERS\avfwot.sys InMem: 0 Det [G] MD5: F1769A87D7A1006641188B764F2D1551 PX5: 6BEB2A8200F8F5DEF88F006A62806F00469E6325
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avfwot - ImagePath [C:\WINDOWS\system32\DRIVERS\avfwot.sys]
C:\Programmi\Avira\Avira Premium Security Suite\avgio.sys InMem: 0 Det [G] MD5: 53D688E5F619EDD01232B649A0C06008 PX5: 9E7183A14012359F2ECF00C7B7B630002CC224EB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avgio - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\avgio.sys]
C:\Programmi\Avira\Avira Premium Security Suite\avgntflt.sys InMem: 0 Det [G] MD5: 0E33EFF6F7C8E8AE38536489E5C9EAED PX5: 08737A9540715B7BBDA900C5BAA5EC00E5296568
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avgntflt - ImagePath [C:\Programmi\Avira\Avira Premium Security Suite\avgntflt.sys]
C:\WINDOWS\system32\DRIVERS\avipbb.sys InMem: 0 Det [G] MD5: F2842C754AA6C8C93F852636D1117813 PX5: 3D518CE0C0CB4665F0FB00D9D1E75300221910E3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avipbb - ImagePath [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
C:\WINDOWS\system32\DRIVERS\b57xp32.sys InMem: 0 Det [G] MD5: 48BF91CFFBCDD12A710207F2A08FEC4D PX5: 891AFA98007753E2052602DF421F7B005FDF8DBB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\b57w2k - ImagePath [C:\WINDOWS\system32\DRIVERS\b57xp32.sys]
C:\WINDOWS\system32\drivers\btaudio.sys InMem: 0 Det [G] MD5: 0C7B763ABDA79B53E2016AF1AF8B9706 PX5: 7101F9C4CD18EF4501850589041D8F00E049903E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\btaudio - ImagePath [C:\WINDOWS\system32\drivers\btaudio.sys]
C:\WINDOWS\system32\DRIVERS\btport.sys InMem: 0 Det [G] MD5: 1B24333D2BCB4DC1C5C3B15BEDACE5B4 PX5: A8EFB0359B65AB2E764C004F362866003D278DCA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTDriver - ImagePath [C:\WINDOWS\system32\DRIVERS\btport.sys]
C:\WINDOWS\system32\DRIVERS\btkrnl.sys InMem: 0 Det [G] MD5: 54E368A1768C627F2ADB8AB5624D0BC4 PX5: 3773590A2AD6B5F80BE10DF954B39000C9CDBA49
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTKRNL - ImagePath [C:\WINDOWS\system32\DRIVERS\btkrnl.sys]
C:\WINDOWS\system32\drivers\btserial.sys InMem: 0 Det [G] MD5: 8AECA4330654DA58423E7FE03A704513 PX5: 932D376DE771D6735AAC003754A74800BA2B98BF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTSERIAL - ImagePath [C:\WINDOWS\system32\drivers\btserial.sys]
C:\WINDOWS\system32\DRIVERS\btwdndis.sys InMem: 0 Det [G] MD5: BDE1502AABE76F71D32178E5C6A58E89 PX5: D3C574C108B193FD442F02EEA780DE00010C995A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTWDNDIS - ImagePath [C:\WINDOWS\system32\DRIVERS\btwdndis.sys]
C:\WINDOWS\system32\DRIVERS\btwmodem.sys InMem: 0 Det [G] MD5: 458B6CCD6B2A5AC5B483F0F31DB28171 PX5: 811626560D41C17C767F004384540F00EA861277
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\btwmodem - ImagePath [C:\WINDOWS\system32\DRIVERS\btwmodem.sys]
C:\WINDOWS\System32\Drivers\btwusb.sys InMem: 0 Det [G] MD5: FCA94255E0A0E65C7C93530BDF10ADCA PX5: 87EFB6D1F8F82C54FD6E002DC9678800AD7E7045
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTWUSB - ImagePath [C:\WINDOWS\System32\Drivers\btwusb.sys]
C:\Programmi\Canon\CAL\CALMAIN.exe InMem: 0 Det [G] MD5: 5753532C476B83119D85AA43B1B10AB3 PX5: 72CF43045548DA5978D7017D9B1BD2005F262DFE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CCALib8 - ImagePath [C:\Programmi\Canon\CAL\CALMAIN.exe]
C:\WINDOWS\system32\DRIVERS\CCDECODE.sys InMem: 0 Det [G] MD5: 6163ED60B684BAB19D3352AB22FC48B2 PX5: 4E4CADF380552430426F00BC05FF9D0038FB5853
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CCDECODE - ImagePath [C:\WINDOWS\system32\DRIVERS\CCDECODE.sys]
C:\WINDOWS\system32\DRIVERS\cdrom.sys InMem: 0 Det [G] MD5: AF9C19B3100FE010496B1A27181FBF72 PX5: B3CE44DD80DABE80C1400031E25C450069663A5F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom - ImagePath [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
C:\WINDOWS\system32\clipsrv.exe InMem: 0 Det [G] MD5: 0A215E4BAC9A1A9381D88C67517C850B PX5: 50E35C41004F616D823700EBB15ECF008A4FA87F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv - ImagePath [C:\WINDOWS\system32\clipsrv.exe]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe InMem: 0 Det [G] MD5: 234B1BC2796483E1F5C3F26649FB3388 PX5: 6EFAD9B8005FFA1B128A0113E3634300FEFA54C7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32 - ImagePath [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
C:\WINDOWS\system32\DRIVERS\CmBatt.sys InMem: 0 Det [G] MD5: 4266BE808F85826AEDF3C64C1E240203 PX5: 91BBA2540094CF733705005E75072E008A264A98
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CmBatt - ImagePath [C:\WINDOWS\system32\DRIVERS\CmBatt.sys]
C:\WINDOWS\system32\DRIVERS\compbatt.sys InMem: 0 Det [G] MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50 PX5: E36FE59D80DA9ACD24410031217DCA008249322A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Compbatt - ImagePath [C:\WINDOWS\system32\DRIVERS\compbatt.sys]
C:\WINDOWS\system32\dllhost.exe InMem: 0 Det [G] MD5: F4B3C65E2A3406F32D220019DEB522F8 PX5: 6EA1D06F0041EB21141900B4A32FF2002F6B8881
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp - ImagePath [C:\WINDOWS\system32\dllhost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv - ImagePath [C:\WINDOWS\system32\dllhost.exe]
C:\WINDOWS\system32\DRIVERS\disk.sys InMem: 0 Det [G] MD5: 00CA44E4534865F8A3B64F7C0984BFF0 PX5: 61E4E34300C80A908E6D00C10934AF006F571071
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk - ImagePath [C:\WINDOWS\system32\DRIVERS\disk.sys]
C:\WINDOWS\System32\dmadmin.exe InMem: 0 Det [G] MD5: 6C9AAA1AA9BF1699D23DEC4D4113226F PX5: CB8A3D6900018319702703238C5916001DF268F6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin - ImagePath [C:\WINDOWS\System32\dmadmin.exe]
C:\WINDOWS\System32\drivers\dmboot.sys InMem: 0 Det [G] MD5: 6570B4C952F0D8FEE4C6EF2FF5E10C08 PX5: 917F152000320DE9366A0C362239380089D45879
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmboot - ImagePath [C:\WINDOWS\System32\drivers\dmboot.sys]
C:\WINDOWS\System32\drivers\dmio.sys InMem: 0 Det [G] MD5: C57D35621782C7F40770F3E5CA20A182 PX5: 33A7916180B2EE7E5AC702A49AA6DC00E6795F14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmio - ImagePath [C:\WINDOWS\System32\drivers\dmio.sys]
C:\WINDOWS\System32\drivers\dmload.sys InMem: 0 Det [G] MD5: E9317282A63CA4D188C0DF5E09C6AC5F PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmload - ImagePath [C:\WINDOWS\System32\drivers\dmload.sys]
C:\WINDOWS\system32\drivers\DMusic.sys InMem: 0 Det [G] MD5: A6F881284AC1150E37D9AE47FF601267 PX5: 64B493018066E6FACEE6008D21636D008F236B03
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DMusic - ImagePath [C:\WINDOWS\system32\drivers\DMusic.sys]
C:\WINDOWS\system32\drivers\drmkaud.sys InMem: 0 Det [G] MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E PX5: FA93CCC9802BA0DD0B8800D3A4C66500B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\drmkaud - ImagePath [C:\WINDOWS\system32\drivers\drmkaud.sys]
C:\WINDOWS\system32\fxssvc.exe InMem: 0 Det [G] MD5: 3CEBA41F3E0EF013E4F7AE05A227FD8C PX5: 6602748D00AECFA4184704CBFF06DC000839594C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Fax - ImagePath [C:\WINDOWS\system32\fxssvc.exe]
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe InMem: 0 Det [G] MD5: 227846995AFEEFA70D328BF5334A86A5 PX5: 1DF0F05C001C564AFEAD09E72969BB0036C2AF88
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service - ImagePath [C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FN]
C:\WINDOWS\system32\DRIVERS\fltMgr.sys InMem: 0 Det [G] MD5: 3D234FB6D6EE875EB009864A299BEA29 PX5: DD494D2180C4BB98F7F901405AA62900817D3A94
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FltMgr - ImagePath [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
C:\WINDOWS\system32\DRIVERS\ftdisk.sys InMem: 0 Det [G] MD5: F3269A6EE547EA87B949A1CEA4816B38 PX5: D543638280F1FAF5EBA30154BD3E7700D3ED2EEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ftdisk - ImagePath [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
C:\WINDOWS\System32\DRIVERS\gmer.sys InMem: 0 Det [G] MD5: 4C1D146C43492AF31B0B64C0A11BBF71 PX5: B87D52D1D1F367944E430102E68A50001008FA22
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gmer - ImagePath [C:\WINDOWS\System32\DRIVERS\gmer.sys]
C:\WINDOWS\system32\DRIVERS\msgpc.sys InMem: 0 Det [G] MD5: C0F1D4A21DE5A415DF8170616703DEBF PX5: A6DC8C520088C979894600B57B2B1A00363C4157
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Gpc - ImagePath [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys InMem: 0 Det [G] MD5: 3FCC124B6E08EE0E9351F717DD136939 PX5: 0BF29F2900ECCC301EAB02F054A1A700522B006C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HDAudBus - ImagePath [C:\WINDOWS\system32\DRIVERS\HDAudBus.sys]
C:\WINDOWS\system32\DRIVERS\hidusb.sys InMem: 0 Det [G] MD5: 1DE6783B918F540149AA69943BDFEBA8 PX5: 1484F98A807906C3258400E49D6D650019C14BBC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\hidusb - ImagePath [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys InMem: 0 Det [G] MD5: A30D7011C1B80A0BC16602D99218D522 PX5: 5647784D003BE90016E103961BEA7400E9997A7C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HSFHWAZL - ImagePath [C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys]
C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys InMem: 0 Det [G] MD5: 5A5A7721D9C62D77FC0FABA9B2CF5BE9 PX5: 248BAE7400AF97F0389F0FE571B0640015D49701
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HSF_DPV - ImagePath [C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys]
C:\WINDOWS\System32\Drivers\HTTP.sys InMem: 0 Det [G] MD5: CB77BB47E67E84DEB17BA29632501730 PX5: 1A572A9180D9F92E022704747529EC0016C1652C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTP - ImagePath [C:\WINDOWS\System32\Drivers\HTTP.sys]
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys InMem: 0 Det [G] MD5: 200AB8DAF659C7324601FCC824D7F910 PX5: 3A9FA04E801D74D35B4301803F3C6800A359A262
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\hwdatacard - ImagePath [C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys]
C:\WINDOWS\system32\DRIVERS\i8042prt.sys InMem: 0 Det [G] MD5: 30E64DFA4EFAACC8142EA07766181FB4 PX5: 5176B379805D75ECD1900002BF9BC2003FF0C0D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\i8042prt - ImagePath [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
C:\WINDOWS\system32\DRIVERS\imapi.sys InMem: 0 Det [G] MD5: F8AA320C6A0409C0380E5D8A99D76EC6 PX5: A6DE19768012C7FDA37F00B5535D7900050612BF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Imapi - ImagePath [C:\WINDOWS\system32\DRIVERS\imapi.sys]
C:\WINDOWS\system32\imapi.exe InMem: 0 Det [G] MD5: ED7ABB35C81709FB41972D30FE15311E PX5: 74CFCD09009BDDD14A8402202B1E530034B0D214
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ImapiService - ImagePath [C:\WINDOWS\system32\imapi.exe]
C:\WINDOWS\System32\DRIVERS\InCDPass.sys InMem: 0 Det [G] MD5: 433BB499BCEA1C88B55AA67D1B3EF1DC PX5: EC17A7C800800425730C00C322648E00463E2FC2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\InCDPass - ImagePath [C:\WINDOWS\System32\DRIVERS\InCDPass.sys]
C:\WINDOWS\system32\drivers\RtkHDAud.sys InMem: 0 Det [G] PX5: BC1BBC4300D7AF396EDC446607331800A529236E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IntcAzAudAddService - ImagePath [C:\WINDOWS\system32\drivers\RtkHDAud.sys]
C:\WINDOWS\system32\DRIVERS\intelppm.sys InMem: 0 Det [G] MD5: EBC07787034BBE312020D30198A9F362 PX5: 308DA7E000DC5FE09D58006BABC91A0052CD17AF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\intelppm - ImagePath [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys InMem: 0 Det [G] MD5: 4448006B6BC60E6C027932CFC38D6855 PX5: 554B18088049820E711F003BBA86E4005B660DCC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ip6Fw - ImagePath [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys InMem: 0 Det [G] MD5: 731F22BA402EE4B62748ADAF6363C182 PX5: E130718C809C039180F700DA0AC8EE00F2B31814
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpFilterDriver - ImagePath [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
C:\WINDOWS\system32\DRIVERS\ipinip.sys InMem: 0 Det [G] MD5: E1EC7F5DA720B640CD8FB8424F1B14BB PX5: 9655BFAF0030F62E523A00C352D248003081C413
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpInIp - ImagePath [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
C:\WINDOWS\system32\DRIVERS\ipnat.sys InMem: 0 Det [G] MD5: E2168CBC7098FFE963C6F23F472A3593 PX5: 16BC903800541BF40F8E02F0609797000CA3B3FE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpNat - ImagePath [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
C:\WINDOWS\system32\DRIVERS\ipsec.sys InMem: 0 Det [G] MD5: 64537AA5C003A6AFEEE1DF819062D0D1 PX5: 84ED89D600412A2C245201A3F8A740006B772EC6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IPSec - ImagePath [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
C:\WINDOWS\system32\DRIVERS\irda.sys InMem: 0 Det [G] MD5: 86C204836FEEC22510D434982D4221B8 PX5: 8E3E330D80498C3355E4015E39491300BFC79D07
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\irda - ImagePath [C:\WINDOWS\system32\DRIVERS\irda.sys]
C:\WINDOWS\system32\DRIVERS\irenum.sys InMem: 0 Det [G] MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 PX5: 42D7DCAC001BE9A12C7B00EF915041002AED16BC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IRENUM - ImagePath [C:\WINDOWS\system32\DRIVERS\irenum.sys]
C:\WINDOWS\system32\DRIVERS\isapnp.sys InMem: 0 Det [G] MD5: EA3245A8E8758D6B84DE189A5CAAA75E PX5: 8A87001A0002BFB48D1F0066402D8A00BD468997
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\isapnp - ImagePath [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
C:\WINDOWS\system32\DRIVERS\kbdclass.sys InMem: 0 Det [G] MD5: E883AE6EA0B313E659225AA32E449CE9 PX5: 11013D51001BA498620F00A282D06D00135D5A16
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Kbdclass - ImagePath [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
C:\WINDOWS\system32\drivers\kmixer.sys InMem: 0 Det [G] MD5: BA5DEDA4D934E6288C2F66CAF58D2562 PX5: 1C3250A68067C4B7A11302D8512D99006E8A628F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kmixer - ImagePath [C:\WINDOWS\system32\drivers\kmixer.sys]
C:\WINDOWS\system32\DRIVERS\lfsfilt.sys InMem: 0 Det [G] MD5: 0B76C2BAF154127F6985420645044942 PX5: 89C7FAC480505372D7FA016EF016D80041FAC2AA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lfsfilt - ImagePath [C:\WINDOWS\system32\DRIVERS\lfsfilt.sys]
C:\WINDOWS\system32\DRIVERS\lpx.sys InMem: 0 Det [G] MD5: 12A7E34318209DA670D855C41FD31FD3 PX5: 836C3AAD802DF9F4AA9501FC92C6AE0004BB22BD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lpx - ImagePath [C:\WINDOWS\system32\DRIVERS\lpx.sys]
C:\WINDOWS\System32\Drivers\lv321av.sys InMem: 0 Det [G] MD5: 8E983F827EDAB91BAA424977C6EFDDEE PX5: 320758168018FB299D29103735B04D0022C88004
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lv321av - ImagePath [C:\WINDOWS\System32\Drivers\lv321av.sys]
C:\WINDOWS\system32\drivers\lvmvdrv.sys InMem: 0 Det [G] MD5: 5492F579AD7BF7DD61BE35AD18FF0AD7 PX5: 28D87090801E5D389FA12468AAD2E900818A228C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lvmvdrv - ImagePath [C:\WINDOWS\system32\drivers\lvmvdrv.sys]
C:\WINDOWS\system32\drivers\LVPrcMon.sys InMem: 0 Det [G] MD5: D8CF31431AA398C1D79931203A75332F PX5: 03F6B2A88011DD264196009897933E00F56C1D01
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LVPrcMon - ImagePath [C:\WINDOWS\system32\drivers\LVPrcMon.sys]
C:\WINDOWS\system32\drivers\lvusbsta.sys InMem: 0 Det [G] MD5: 2A3A8361192DE05DE7D51D1F04F58B28 PX5: F11A61CE005D916A9A1C004A2C89470049964AC5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LVUSBSta - ImagePath [C:\WINDOWS\system32\drivers\lvusbsta.sys]
C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys InMem: 0 Det [G] MD5: E246A32C445056996074A397DA56E815 PX5: 508718DA00F4230831A1005444D92900F3A75FB9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mdmxsdk - ImagePath [C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys]
C:\WINDOWS\system32\mnmsrvc.exe InMem: 0 Det [G] MD5: 940A4E02B7F03C2592A52E16DDDB3E46 PX5: F2F6E69800D71BFC80AE00AF40E07800F93A911A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mnmsrvc - ImagePath [C:\WINDOWS\system32\mnmsrvc.exe]
C:\WINDOWS\system32\DRIVERS\mouclass.sys InMem: 0 Det [G] MD5: C458E314B8722253897C94A714C2E0C0 PX5: 7E80CA6A0038C59C5C6F0047F0E35500920EB276
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mouclass - ImagePath [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
C:\WINDOWS\system32\DRIVERS\mouhid.sys InMem: 0 Det [G] MD5: D7662F0CF5B77BBBE3202716F5BD5318 PX5: 2301F35080287EAB2F80000FDBBFFD00349EAF96
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mouhid - ImagePath [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
C:\WINDOWS\system32\drivers\mqac.sys InMem: 0 Det [G] MD5: 157A32DDC6A019A4E31B19D604D2F127 PX5: A4B93ADE00A3CC201DAC01B48E57ED00D6108E71
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MQAC - ImagePath [C:\WINDOWS\system32\drivers\mqac.sys]
C:\WINDOWS\system32\DRIVERS\mrxdav.sys InMem: 0 Det [G] MD5: 46EDCC8F2DB2F322C24F48785CB46366 PX5: 2A28D206005617C9C4F8026FCC47BD006A62BA75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxDAV - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys InMem: 0 Det [G] MD5: 025AF03CE51645C62F3B6907A7E2BE5E PX5: 3A6FDF2E00838449EA5E06BDEF52FE0062D6AA8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxSmb - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
C:\WINDOWS\System32\DRIVERS\MS1000.sys InMem: 0 Det [G] MD5: FBBB1A51EB6E43B40144A05932766D6C PX5: 19793EF200000B4415A2009187F35D004ABA93BF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MS1000 - ImagePath [C:\WINDOWS\System32\DRIVERS\MS1000.sys]
C:\WINDOWS\system32\msiexec.exe InMem: 0 Det [L] MD5: F5F0146580E7023ADB963879840777F8 PX5: 2199A4A600D88009341401C8D9AE0A004C78202A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSIServer - ImagePath [C:\WINDOWS\system32\msiexec.exe]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Package\shell\open\command - ["C:\WINDOWS\system32\msiexec.exe" /i "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Patch\shell\open\command - ["C:\WINDOWS\system32\msiexec.exe" /p "%1" %*]
C:\WINDOWS\system32\drivers\MSKSSRV.sys InMem: 0 Det [G] MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 PX5: 441E162B80A429811D1500CB9CEDF700CED69BEA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSKSSRV - ImagePath [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
C:\WINDOWS\system32\drivers\MSPCLOCK.sys InMem: 0 Det [G] MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 PX5: 3656535900693AA115D1001337247B009D5BCE4B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPCLOCK - ImagePath [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
C:\WINDOWS\system32\drivers\MSPQM.sys InMem: 0 Det [G] MD5: 1988A33FF19242576C3D0EF9CE785DA7 PX5: 5D7EA63E804A637C13CA0078C414AC000E912E93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPQM - ImagePath [C:\WINDOWS\system32\drivers\MSPQM.sys]
C:\WINDOWS\system32\DRIVERS\mssmbios.sys InMem: 0 Det [G] MD5: 469541F8BFD2B32659D5D463A6714BCE PX5: 5C75220680F731D03C3D001BD399CC00D7DBED29
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mssmbios - ImagePath [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
C:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe InMem: 0 Det [G] MD5: ADAF062116B4E6D96E44D26486A87AF6 PX5: 06AF60D3D8F95B65B0CB005DD3686400954911FE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSSQLServerADHelper - ImagePath [C:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe]
C:\WINDOWS\system32\drivers\MSTEE.sys InMem: 0 Det [G] MD5: BF13612142995096AB084F2DB7F40F77 PX5: EF9F4FE18003FE44154E00AC0DDE6800FF407119
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSTEE - ImagePath [C:\WINDOWS\system32\drivers\MSTEE.sys]
C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys InMem: 0 Det [G] MD5: 5C8DC6429C43DC6177C1FA5B76290D1A PX5: 37E661E8803A144B4DFD01732787D600D94FD14F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NABTSFEC - ImagePath [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
C:\WINDOWS\system32\DRIVERS\ndasbus.sys InMem: 0 Det [G] MD5: F1819447E5C0FE4A4611803FDE1D2DA4 PX5: F1BD1A0C00BC2C3899BE00065CAE84002BE1A2A4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ndasbus - ImagePath [C:\WINDOWS\system32\DRIVERS\ndasbus.sys]
C:\WINDOWS\system32\DRIVERS\ndasscsi.sys InMem: 0 Det [G] MD5: C379EDF0F0EC6CD9CEA9063D2B2DB8C1 PX5: 071E49A400A403C865CF01D1B4AC0D007D9DD403
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ndasscsi - ImagePath [C:\WINDOWS\system32\DRIVERS\ndasscsi.sys]
C:\WINDOWS\system32\DRIVERS\NdisIP.sys InMem: 0 Det [G] MD5: 520CE427A8B298F54112857BCF6BDE15 PX5: 92D82929807F4CDE2A6000D7EF7E8C008BDE37E2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisIP - ImagePath [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
C:\WINDOWS\system32\DRIVERS\ndistapi.sys InMem: 0 Det [G] MD5: 08D43BBDACDF23F34D79E44ED35C1B4C PX5: 25AEC9EA809D4D4825A500A2A9E22F00CCB1FFC8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisTapi - ImagePath [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
C:\WINDOWS\system32\DRIVERS\ndisuio.sys InMem: 0 Det [G] MD5: 34D6CD56409DA9A7ED573E1C90A308BF PX5: 0BF3AB388038D73732EB00A9A855ED006D3C0384
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ndisuio - ImagePath [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
C:\WINDOWS\system32\DRIVERS\ndiswan.sys InMem: 0 Det [G] MD5: 0B90E255A9490166AB368CD55A529893 PX5: 304E26E9803B344266FF0104DAA0B500E6B358BD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisWan - ImagePath [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
C:\WINDOWS\system32\DRIVERS\netbios.sys InMem: 0 Det [G] MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 PX5: 6F5EDA40008AE18787EB007972CAB100F174D35C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBIOS - ImagePath [C:\WINDOWS\system32\DRIVERS\netbios.sys]
C:\WINDOWS\system32\DRIVERS\netbt.sys InMem: 0 Det [G] MD5: 0C80E410CD2F47134407EE7DD19CC86B PX5: 7D3B6A2A0069D5737CDE020A47DE6F00F472D659
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBT - ImagePath [C:\WINDOWS\system32\DRIVERS\netbt.sys]
C:\WINDOWS\system32\netdde.exe InMem: 0 Det [G] MD5: DE62EE316FAB09DE3D7A5180F0775ABF PX5: AAA3C89900BB76ABBADC01BFB3AC1B00E2E8A55F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDE - ImagePath [C:\WINDOWS\system32\netdde.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDEdsdm - ImagePath [C:\WINDOWS\system32\netdde.exe]
C:\WINDOWS\system32\DRIVERS\nic1394.sys InMem: 0 Det [G] MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC PX5: 720917AF800A6EE8F12400F5E9C6E000F750E215
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NIC1394 - ImagePath [C:\WINDOWS\system32\DRIVERS\nic1394.sys]
C:\WINDOWS\system32\NSNDIS5.SYS InMem: 0 Det [G] MD5: 53F7546E8DAEFB3A0813F5E19C4613C9 PX5: 3D8C9BF28097D174436400967A9A3300F07727E4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NSNDIS5 - ImagePath [C:\WINDOWS\system32\NSNDIS5.SYS]
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys InMem: 0 Det [G] MD5: B305F3FAD35083837EF46A0BBCE2FC57 PX5: A826BA3A803B83AE30C000488911C200DC3CA878
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFlt - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys InMem: 0 Det [G] MD5: C99B3415198D1AAB7227F2C88FD664B9 PX5: B9B73139006979BB7FBC0031EA7E320032D237D0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFwd - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE InMem: 0 Det [GP] MD5: E54AA592A65F317390EEE386A8821692 PX5: 0AD576DD80101066C51606BB2E2EBD008D15B081
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\odserv - ImagePath [C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE]
C:\WINDOWS\system32\DRIVERS\ohci1394.sys InMem: 0 Det [G] MD5: 0951DB8E5823EA366B0E408D71E1BA2A PX5: 4A6E8F7F8033FF34EE4200E871B4F300047CEC38
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ohci1394 - ImagePath [C:\WINDOWS\system32\DRIVERS\ohci1394.sys]
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE InMem: 0 Det [G] MD5: 5A432A042DAE460ABE7199B758E8606C PX5: 70BFBB612075A40537DB02A8E0C1B70069455692
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ose - ImagePath [C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE]
C:\WINDOWS\system32\DRIVERS\pci.sys InMem: 0 Det [G] MD5: 91FC1D483D900B1C0600A08B871C39D5 PX5: 9DA3602E807459480C5D01595A918400CA482387
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCI - ImagePath [C:\WINDOWS\system32\DRIVERS\pci.sys]
C:\WINDOWS\system32\DRIVERS\pciide.sys InMem: 0 Det [G] MD5: B2DF00D650FD6C4EE781740ED3C8E67F PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCIIde - ImagePath [C:\WINDOWS\system32\DRIVERS\pciide.sys]
C:\WINDOWS\system32\DRIVERS\pcmcia.sys InMem: 0 Det [G] MD5: 28F3538A2091993A03506311A05053E8 PX5: 1E5E2DAE80A234A7D5E1011E8065A7000BABC19F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Pcmcia - ImagePath [C:\WINDOWS\system32\DRIVERS\pcmcia.sys]
C:\WINDOWS\system32\DRIVERS\raspptp.sys InMem: 0 Det [G] MD5: 1C5CC65AAC0783C344F16353E60B72AC PX5: F406FA260016D348BD2800EFDBDF52003203F53C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PptpMiniport - ImagePath [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
C:\WINDOWS\system32\DRIVERS\psched.sys InMem: 0 Det [G] MD5: 48671F327553DCF1D27F6197F622A668 PX5: C7C1320E008655110E77011715C66E0009C5AE75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PSched - ImagePath [C:\WINDOWS\system32\DRIVERS\psched.sys]
C:\WINDOWS\system32\DRIVERS\ptilink.sys InMem: 0 Det [G] MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD PX5: F96F182D805891FA452B007EBD870E004C25BA07
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ptilink - ImagePath [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
C:\WINDOWS\System32\drivers\pxark.sys InMem: 0 Det [G] MD5: 5366C15BFB99502A5A0DD218BFBACCBF PX5: 50698F1300612E502B6C00001ED8EE00020A0AD1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pxark - ImagePath [C:\WINDOWS\System32\drivers\pxark.sys]
C:\WINDOWS\System32\Drivers\PxHelp20.sys InMem: 0 Det [G] MD5: D86B4A68565E444D76457F14172C875A PX5: CEED5A5408FE9DE2AA3300585AD0A300BEEAAC3B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PxHelp20 - ImagePath [C:\WINDOWS\System32\Drivers\PxHelp20.sys]
C:\WINDOWS\System32\Drivers\RAINPORT.SYS InMem: 0 Det [G] MD5: 28145EBE3DA12F4E9C5E4D0B80DD28F9 PX5: FE6A3E9000AE9D6750DC0009D93DAA00EC09A5FB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rainport - ImagePath [C:\WINDOWS\System32\Drivers\RAINPORT.SYS]
C:\WINDOWS\system32\DRIVERS\rasacd.sys InMem: 0 Det [G] MD5: FE0D99D6F31E4FAD8159F690D68DED9C PX5: EF519CA180B540A42200002C4F06E3005372DD33
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAcd - ImagePath [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
C:\WINDOWS\system32\DRIVERS\rasirda.sys InMem: 0 Det [G] MD5: 0207D26DDF796A193CCD9F83047BB5FC PX5: 8CCCA2B7808E55A34CD8006092BBF6006631AD45
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasirda - ImagePath [C:\WINDOWS\system32\DRIVERS\rasirda.sys]
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys InMem: 0 Det [G] MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C PX5: C15C1546804EC8E6C8410037F34FAD00B1FBF6DF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasl2tp - ImagePath [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
C:\WINDOWS\system32\DRIVERS\raspppoe.sys InMem: 0 Det [G] MD5: 7306EEED8895454CBED4669BE9F79FAA PX5: A8F2C94800B2E031A21A00F0EC682E009B5794D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasPppoe - ImagePath [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
C:\WINDOWS\system32\DRIVERS\raspti.sys InMem: 0 Det [G] MD5: FDBB1D60066FCFBB7452FD8F9829B242 PX5: 506F10F380FEE57C406900BE351741009F00F0DE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Raspti - ImagePath [C:\WINDOWS\system32\DRIVERS\raspti.sys]
C:\WINDOWS\system32\DRIVERS\rdbss.sys InMem: 0 Det [G] MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF PX5: EE21D17900972EBEAA93023D87A14E0013D2E867
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rdbss - ImagePath [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys InMem: 0 Det [G] MD5: 4912D5B403614CE99C28420F75353332 PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDPCDD - ImagePath [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
C:\WINDOWS\system32\DRIVERS\rdpdr.sys InMem: 0 Det [G] MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD PX5: 02477783007980B5019E03607F7E03003B692115
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rdpdr - ImagePath [C:\WINDOWS\system32\DRIVERS\rdpdr.sys]
C:\WINDOWS\system32\sessmgr.exe InMem: 0 Det [G] MD5: CC0693C481502844A24EF71B90A7195E PX5: 2C67C68B0020C05D2C3E02893D0F09005D1CF7F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDSessMgr - ImagePath [C:\WINDOWS\system32\sessmgr.exe]
C:\WINDOWS\system32\DRIVERS\redbook.sys InMem: 0 Det [G] MD5: A8EEE004A16AF1D583D9DE9F6DE250E0 PX5: AEF2FC7D804F986FE3C7004FF2D91D0029FD0FC2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\redbook - ImagePath [C:\WINDOWS\system32\DRIVERS\redbook.sys]
C:\WINDOWS\system32\drivers\RMCast.sys InMem: 0 Det [G] MD5: 9D54C7C15847B933E03D6E7C9307BAE5 PX5: 51F889B700FC9166166A03256E7AAC00D3C16FD6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RMCAST - ImagePath [C:\WINDOWS\system32\drivers\RMCast.sys]
C:\WINDOWS\system32\locator.exe InMem: 0 Det [G] MD5: 33A8F0FE0005B2D79DF53441679F5149 PX5: C3C0A8550045DDC726E601EBB10B83000E4A4556
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcLocator - ImagePath [C:\WINDOWS\system32\locator.exe]
C:\WINDOWS\system32\rsvp.exe InMem: 0 Det [G] MD5: DCE0D20F8FB66DF41D53734BFF9D66F0 PX5: 2057508700E163D906880231F30F2D00E5519440
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RSVP - ImagePath [C:\WINDOWS\system32\rsvp.exe]
C:\WINDOWS\system32\DRIVERS\s24trans.sys InMem: 0 Det [G] MD5: 1CC074E0D48383D4E9BFFC6A26C2A58A PX5: 5A6BA75F00FB0AC03581006949A2E0009D38FADA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\s24trans - ImagePath [C:\WINDOWS\system32\DRIVERS\s24trans.sys]
C:\WINDOWS\System32\SCardSvr.exe InMem: 0 Det [G] MD5: 74B1E7FCFCA9A3A23871AA014144013E PX5: FFC6D19800BAA7847E46014ECC3CD200949D4E12
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SCardSvr - ImagePath [C:\WINDOWS\System32\SCardSvr.exe]
C:\WINDOWS\system32\DRIVERS\secdrv.sys InMem: 0 Det [G] MD5: 90A3935D05B494A5A39D37E71F09A677 PX5: 84A9A7CB006F9ECC508100883E7135006D51A95C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Secdrv - ImagePath [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
C:\WINDOWS\System32\Drivers\SENTINEL.SYS InMem: 0 Det [G] MD5: 7E5C2C58FC4E3862E7BF88BFB809A9B0 PX5: 03D318954036D217622801DFB4EE19000E9D7E16
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Sentinel - ImagePath [C:\WINDOWS\System32\Drivers\SENTINEL.SYS]
C:\WINDOWS\system32\DRIVERS\SLIP.sys InMem: 0 Det [G] MD5: 5CAEED86821FA2C6139E32E9E05CCDC9 PX5: C05453A580D50DE62B1A00E6C96F380022C2D117
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SLIP - ImagePath [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
C:\WINDOWS\system32\DRIVERS\smcirda.sys InMem: 0 Det [G] MD5: 62556D170F22C43A544481E4EE16D2E2 PX5: AADA5111002B84FEB6B700629BA88800F27CBA6D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SMCIRDA - ImagePath [C:\WINDOWS\system32\DRIVERS\smcirda.sys]
C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS InMem: 0 Det [G] MD5: 1475A9533649935A048EA5E27F8C3B37 PX5: C7BDB425E04016478272009695409A00E07C07F7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SNTNLUSB - ImagePath [C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS]
C:\WINDOWS\system32\drivers\splitter.sys InMem: 0 Det [G] MD5: 0CE218578FFF5F4F7E4201539C45C78F PX5: 249A00630095166C194E008C6AC35800063B57CE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\splitter - ImagePath [C:\WINDOWS\system32\drivers\splitter.sys]
C:\WINDOWS\system32\DRIVERS\sr.sys InMem: 0 Det [G] MD5: 896F566AFC498077172EAE8A50E8BAF8 PX5: 4D90659E00D8A4771F1A013E6E421F00F36027A5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sr - ImagePath [C:\WINDOWS\system32\DRIVERS\sr.sys]
C:\WINDOWS\system32\DRIVERS\srv.sys InMem: 0 Det [G] MD5: EA554A3FFC3F536FE8320EB38F5E4843 PX5: 75BFBC608040FEEB14BC05A8A20D28000AA8481B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Srv - ImagePath [C:\WINDOWS\system32\DRIVERS\srv.sys]
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys InMem: 0 Det [G] MD5: 3D2829FDE1C52FC64DA5413889CE4DEE PX5: 9DFE8017C052ACA56EB900980E18520079AEADB0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ssmdrv - ImagePath [C:\WINDOWS\system32\DRIVERS\ssmdrv.sys]
C:\WINDOWS\system32\DRIVERS\StreamIP.sys InMem: 0 Det [G] MD5: 284C57DF5DC7ABCA656BC2B96A667AFB PX5: 37C869AE00A1D1423CD000F9D66948002AC47A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\streamip - ImagePath [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
C:\WINDOWS\system32\DRIVERS\swenum.sys InMem: 0 Det [G] MD5: 03C1BAE4766E2450219D20B993D6E046 PX5: FDB253C8004ADC8E110200CB82EF3C003BACCEF1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swenum - ImagePath [C:\WINDOWS\system32\DRIVERS\swenum.sys]
C:\WINDOWS\system32\drivers\swmidi.sys InMem: 0 Det [G] MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D PX5: D73823E800EBA9D4D48400057CBBEE004EA1E5C8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swmidi - ImagePath [C:\WINDOWS\system32\drivers\swmidi.sys]
C:\WINDOWS\system32\DRIVERS\SynTP.sys InMem: 0 Det [G] MD5: A63401D180863A2CEFCE51798542AE5F PX5: 436595EEE08A1E10EB4502C6A25B73007EED9033
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SynTP - ImagePath [C:\WINDOWS\system32\DRIVERS\SynTP.sys]
C:\WINDOWS\system32\drivers\sysaudio.sys InMem: 0 Det [G] MD5: 650AD082D46BAC0E64C9C0E0928492FD PX5: 23CF2276806778A5EDCF00D9512FDE00BB195FEF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sysaudio - ImagePath [C:\WINDOWS\system32\drivers\sysaudio.sys]
C:\WINDOWS\system32\smlogsvc.exe InMem: 0 Det [G] MD5: BC8B8694DEF74B4E6C626322D4321A54 PX5: C0E6801A0095AB606A660128541E440050C06325
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SysmonLog - ImagePath [C:\WINDOWS\system32\smlogsvc.exe]
C:\WINDOWS\system32\DRIVERS\tcpip.sys InMem: 0 Det [u] MD5: FA5A2F3233C8AFE4612D9D00EE85032F PX5: 9F6EEC1C80D7CCB57E0F0545DD505C009D3550E5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Tcpip - ImagePath [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
C:\WINDOWS\system32\DRIVERS\termdd.sys InMem: 0 Det [G] MD5: A540A99C281D933F3D69D55E48727F47 PX5: 3111E3EA882052CE9F39002D38F46900A7415306
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermDD - ImagePath [C:\WINDOWS\system32\DRIVERS\termdd.sys]
C:\WINDOWS\system32\drivers\tifm21.sys InMem: 0 Det [G] MD5: 0EDC3CF7B38F4260EB006C38E4A44DE4 PX5: 5C9A1EA7807CB6F579E802A7D71A3200E47510A0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\tifm21 - ImagePath [C:\WINDOWS\system32\drivers\tifm21.sys]
C:\WINDOWS\system32\tlntsvr.exe InMem: 0 Det [G] MD5: 2A9DAAEF2CC0333DB6F129F2F8B3D3FD PX5: F869AF89008EB51B24EC0113A0DCBB001FBDD7D2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TlntSvr - ImagePath [C:\WINDOWS\system32\tlntsvr.exe]
C:\WINDOWS\System32\DRIVERS\ultradfg.sys InMem: 0 Det [u] MD5: 7356B2465BF2328265BA3800BF75A4B1 PX5: 012886BB008D040F5C7500B8C92F1700E94EF410
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ultradfg - ImagePath [C:\WINDOWS\System32\DRIVERS\ultradfg.sys]
C:\Programmi\Unlocker\UnlockerDriver5.sys InMem: 0 Det [G] MD5: B2AF2BA8A3205A8458B61F638FB431DD PX5: D90FC9D600B91FAB100D00594066CB00B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UnlockerDriver5 - ImagePath [C:\Programmi\Unlocker\UnlockerDriver5.sys]
C:\WINDOWS\system32\DRIVERS\update.sys InMem: 0 Det [G] MD5: 5A51B4CD1709C6A12FE6715B51229ED0 PX5: 37B410DB80262FFE8EE30568C414F400A242B791
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Update - ImagePath [C:\WINDOWS\system32\DRIVERS\update.sys]
C:\WINDOWS\System32\ups.exe InMem: 0 Det [G] MD5: E4896F38A3F8DACEA6EA8D7EC9889D91 PX5: B1B748F7000750CB484000B4D1F04D00484BD2C2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UPS - ImagePath [C:\WINDOWS\System32\ups.exe]
C:\WINDOWS\system32\DRIVERS\usbccgp.sys InMem: 0 Det [G] MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79 PX5: 3051DD5F80B0E02D7BC400CFE2D7F10086CC5663
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbccgp - ImagePath [C:\WINDOWS\system32\DRIVERS\usbccgp.sys]
C:\WINDOWS\system32\DRIVERS\usbehci.sys InMem: 0 Det [G] MD5: 15E993BA2F6946B2BFBBFCD30398621E PX5: 42E57CAC00DC4FAF684000867EE93C003087E4F7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbehci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
C:\WINDOWS\system32\DRIVERS\usbhub.sys InMem: 0 Det [G] MD5: C72F40947F92CEA56A8FB532EDF025F1 PX5: 1972CD35009EF197E1E10053A918EE0090181966
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbhub - ImagePath [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
C:\WINDOWS\system32\DRIVERS\usbohci.sys InMem: 0 Det [G] MD5: BDFE799A8531BAD8A5A985821FE78760 PX5: 97A6F69780D7B5F44212000A79EBE000E5CEE5D9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbohci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbohci.sys]
C:\WINDOWS\system32\DRIVERS\usbprint.sys InMem: 0 Det [G] MD5: A42369B7CD8886CD7C70F33DA6FCBCF5 PX5: C449F0710094064A6580004CDAAF0B00CAA1349A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbprint - ImagePath [C:\WINDOWS\system32\DRIVERS\usbprint.sys]
C:\WINDOWS\system32\DRIVERS\usbscan.sys InMem: 0 Det [G] MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85 PX5: A345B33E004758873B29000DE02C9B00A6455141
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbscan - ImagePath [C:\WINDOWS\system32\DRIVERS\usbscan.sys]
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS InMem: 0 Det [G] MD5: 6CD7B22193718F1D17A47A1CD6D37E75 PX5: 6135CAAA80509344675C002A218295006093CEAA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\USBSTOR - ImagePath [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
C:\WINDOWS\system32\DRIVERS\usbuhci.sys InMem: 0 Det [G] MD5: F8FD1400092E23C8F2F31406EF06167B PX5: 4756F37D00016D8B5030004DF844F10054C11836
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbuhci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
C:\WINDOWS\System32\Drivers\usbvideo.sys InMem: 0 Det [G] MD5: 8968FF3973A883C49E8B564200F565B9 PX5: 865C9DB9801BE3CC320C012527936E006B940059
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbvideo - ImagePath [C:\WINDOWS\System32\Drivers\usbvideo.sys]
C:\WINDOWS\System32\drivers\vga.sys InMem: 0 Det [G] MD5: 8A60EDD72B4EA5AEA8202DAF0E427925 PX5: 14B18202007EA0B752C8003693833D00BCED634F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VgaSave - ImagePath [C:\WINDOWS\System32\drivers\vga.sys]
C:\WINDOWS\System32\vssvc.exe InMem: 0 Det [G] MD5: 147C653AD61BD01556723B3C8C4FAFC8 PX5: F8FD01E1006746AE7C9C04ADE2180F00B254A617
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VSS - ImagePath [C:\WINDOWS\System32\vssvc.exe]
C:\WINDOWS\system32\DRIVERS\w39n51.sys InMem: 0 Det [G] MD5: 73395A19FC86461A151D3C330604E8B3 PX5: FA40BF6500704C53CA3A15F548ACAA0039481257
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\w39n51 - ImagePath [C:\WINDOWS\system32\DRIVERS\w39n51.sys]
C:\WINDOWS\system32\DRIVERS\wanarp.sys InMem: 0 Det [G] MD5: 984EF0B9788ABF89974CFED4BFBAACBC PX5: D61BDDFF00BF41D487E5002B87E94900EE92AF43
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wanarp - ImagePath [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
C:\WINDOWS\system32\DRIVERS\wceusbsh.sys InMem: 0 Det [G] MD5: 4A954A20A4C73D6DB13C0FE25F3F1B0C PX5: 5E621E0F80F4337A984C01AC450E4400759BD954
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wceusbsh - ImagePath [C:\WINDOWS\system32\DRIVERS\wceusbsh.sys]
C:\WINDOWS\system32\drivers\wdmaud.sys InMem: 0 Det [G] MD5: EFD235CA22B57C81118C1AEB4798F1C1 PX5: 1A706C8200C406CF446E0184AD924B00FE330A09
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wdmaud - ImagePath [C:\WINDOWS\system32\drivers\wdmaud.sys]
C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys InMem: 0 Det [G] MD5: E0A00B06EA067C84E124B407DFFA1AF1 PX5: 93B11210007B77670B5F0BE4E14394006A766DFC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winachsf - ImagePath [C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys]
C:\WINDOWS\system32\DRIVERS\wmiacpi.sys InMem: 0 Det [G] MD5: AE2C8544E747C20062DB27456EA2D67A PX5: FA16E8828047BC8722190022B5F8B1008F134680
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiAcpi - ImagePath [C:\WINDOWS\system32\DRIVERS\wmiacpi.sys]
C:\WINDOWS\system32\wbem\wmiapsrv.exe InMem: 0 Det [G] MD5: 0EE2A2754039B13A632489726689DAD0 PX5: A8EB9B0C007C19C1EE9501FD1D31580061EB57F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiApSrv - ImagePath [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
C:\Programmi\Windows Media Player\WMPNetwk.exe InMem: 0 Det [G] MD5: F30DC8F80CF65A323E8B6A2DB81561E3 PX5: AF2881470070FC5204AF0EFACB168500F7ECD6E8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WMPNetworkSvc - ImagePath [C:\Programmi\Windows Media Player\WMPNetwk.exe]
C:\WINDOWS\System32\drivers\ws2ifsl.sys InMem: 0 Det [G] MD5: 6ABE6E225ADB5A751622A9CC3BC19CE8 PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WS2IFSL - ImagePath [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS InMem: 0 Det [G] MD5: D5842484F05E12121C511AA93F6439EC PX5: B2CFBF068074D4084BB4001A2B9A35007D8AF7A1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WSTCODEC - ImagePath [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
C:\WINDOWS\system32\DRIVERS\WudfPf.sys InMem: 0 Det [G] MD5: F15FEAFFFBB3644CCC80C5DA584E6311 PX5: 0CF32E7D00C942692FB1016FE6CD6B005D0F67E4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfPf - ImagePath [C:\WINDOWS\system32\DRIVERS\WudfPf.sys]
C:\WINDOWS\system32\DRIVERS\wudfrd.sys InMem: 0 Det [G] MD5: 28B524262BCE6DE1F7EF9F510BA3985B PX5: 938378B8001690D3445C01DE64563A001F0572DD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfRd - ImagePath [C:\WINDOWS\system32\DRIVERS\wudfrd.sys]
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE InMem: 0 Det [G] MD5: 77CDC42567369B248D7B9E71AC2AD20C PX5: BEF410DF00EC394D58BF0008C8DFD9007025EE9E
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - CAP3ON [C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE]
C:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE InMem: 0 Det [GP] MD5: E108B79EEEE444335A9F300E4C756F6A PX5: F3921474A8C5B1FEAB0806C9FA8E4200F2F87AEE
REGRUNKEY - \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - DWQueuedReporting ["C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t]
REGRUNKEY - \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - DWQueuedReporting ["C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t]
C:\Programmi\Ahead\Nero BackItUp\NBJ.exe InMem: 0 Det [G] MD5: A459E38E7C878A57B03280A000038764 PX5: 1CA3025E00E0A150F0DF1DBF9E772E001BDECFAE
REGRUNKEY - \REGISTRY\User\S-1-5-21-1482476501-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run - NBJ ["C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"]
C:\WINDOWS\system32\userinit.exe InMem: 0 Det [G] MD5: C1E7FE19F98A877BF8F941BF48148695 PX5: 33A4BB2F001DA1EB620B00510674AE00F15A5361
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UserInit [C:\WINDOWS\system32\userinit.exe]
C:\WINDOWS\system32\logonui.exe InMem: 0 Det [G] MD5: 43BDF167CE792A5639D99AD7F1EABC1C PX5: 6B3184960083D65DDE0B0761A134100078FE806C
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UIHost [logonui.exe]
C:\WINDOWS\system32\rundll32.exe InMem: 0 Det [G] MD5: F88CDB0CCC416B3778736BE74CDEBB94 PX5: 797CA9E8007174E38209003396ABA600D9E79205
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.i]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} - StubPath [C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dl]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\system32\autochk.exe InMem: 0 Det [G] MD5: 779768A0A8091EDB749DCB8FE60213E1 PX5: 38890F3300760B775A86096430A56A00DB68AE82
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - BootExecute [autocheck]
C:\WINDOWS\system32\Java.exe InMem: 0 Det [G] MD5: 08996DD4135EEDCB346BC4AD97B88A72 PX5: CF91D0AB004CEFDC1058024195AB4E00D7A77728
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} - [Java (Sun)]
C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll InMem: 0 Det [G] MD5: 1FC79CF17ECA1F4E0FC784ABB8D72C31 PX5: 18FDF0650029FF2F9067038B74E5FB00E6236711
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} - KeyFileName [C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll]
C:\WINDOWS\system32\msieftp.dll InMem: 0 Det [G] MD5: 9BA0424BF46A751E9F68829A9AFBE680 PX5: 44133DFB00C5C1B9D64903B9EB9B6E00A95E5477
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9} - KeyFileName [C:\WINDOWS\system32\msieftp.dll]
C:\WINDOWS\system32\ieudinit.exe InMem: 0 Det [G] MD5: 324ECD19DB11EBDBA37E1F69D887B565 PX5: 73CA61DA00728720360A0021165ED300383A334D
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - StubPath [C:\WINDOWS\system32\ieudinit.exe]
C:\WINDOWS\inf\unregmp2.exe InMem: 0 Det [G] MD5: 720FE9EDDFA670D2BDF98C13AA6305AF PX5: 62D1ABBC006680A4DC3104F3FD5F6600BA9B55C1
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Stubpath [C:\WINDOWS\inf\unregmp2.exe /ShowWMP]
C:\WINDOWS\system32\ie4uinit.exe InMem: 0 Det [G] MD5: 5082EB7CEBC228028E5326D1CB05B925 PX5: 4744B054003C4032144001425FEA5D00DFFD0625
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - StubPath [C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - StubPath [C:\WINDOWS\system32\ie4uinit.exe -BaseSettings]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - LocalizedName [@C:\WINDOWS\system32\ie4uinit.exe,-21]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - LocalizedName [@C:\WINDOWS\system32\ie4uinit.exe,-20]
C:\WINDOWS\system32\IEDKCS32.DLL InMem: 0 Det [G] MD5: 78A279D37A53D5617E61F23AAFF505D1 PX5: 9FB6E06100A76C9BDE4E054D2A167800B0FE311E
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - LocalizedName [@C:\WINDOWS\system32\iedkcs32.dll,-3052]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} - DllName [iedkcs32.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} - DllName [iedkcs32.dll]
C:\WINDOWS\system32\shmgrate.exe InMem: 0 Det [G] MD5: F8CBCDAA8C509F6A424834FE51956E21 PX5: 20602ECB00AD0F89A6D6007CC62E8E00FE74C13B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - StubPath [%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE]
C:\WINDOWS\system32\regsvr32.exe InMem: 0 Det [G] MD5: DA9623D7E0CA24DD3E08523287E05A4C PX5: 9F2DE48F0086912530FD001A3E083800D58E0872
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} - StubPath [%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %System]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} - StubPath [regsvr32.exe /s /n /i:U shell32.dll]
C:\Programmi\Outlook Express\setup50.exe InMem: 0 Det [G] MD5: 5565E7539564F955441DE6FDCBE447A9 PX5: 990052A900467F972069015D0AA93E00C6116D6B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WI]
C:\WINDOWS\system32\advpack.dll InMem: 0 Det [G] MD5: 73AA55C0280088EECAFE208CD0560A38 PX5: 3DF6892B001811DCE8EF01709A8D58000B11E7BD
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.i]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.]
C:\WINDOWS\system32\mscories.dll InMem: 0 Det [G] MD5: AFB968670E3AEB359567F70297568ADE PX5: A1E5D46000077E234AFE018627387200E6C886DB
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} - StubPath [C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dl]
C:\WINDOWS\system32\logon.scr InMem: 0 Det [G] MD5: 6FA8411D60C4FAEE5102EEE1367AB34D PX5: 509D0B6F00114C175E1803F3B4819D004996445C
REGSCRNSAVE - \REGISTRY\User\.DEFAULT\Control Panel\Desktop - SCRNSAVE.EXE [C:\WINDOWS\system32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-19\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-20\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-21-1482476501-1229272821-725345543-1003\Control Panel\Desktop - SCRNSAVE.EXE [C:\WINDOWS\system32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-18\Control Panel\Desktop - SCRNSAVE.EXE [C:\WINDOWS\system32\logon.scr]
C:\WINDOWS\system32\gptext.dll InMem: 0 Det [G] MD5: F286C70F59F434B6DDBAB5738B6B029B PX5: 3937BBDB001CF5150EDE03108010A6002700AFB6
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} - DllName [gptext.dll]
C:\WINDOWS\system32\fdeploy.dll InMem: 0 Det [G] MD5: B4767457D286EBB4767C5EC1DF9A7424 PX5: 4B245433003392E32A140131FF3EF30000999A70
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} - DllName [fdeploy.dll]
C:\WINDOWS\system32\dskquota.dll InMem: 0 Det [G] MD5: 78B72D69EE065560A89B7ECE65ED7E2C PX5: 67A29FF30003BFCF6E3801450DA1040095E8819B
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} - DllName [dskquota.dll]
C:\WINDOWS\system32\appmgmts.dll InMem: 0 Det [G] MD5: 00E50CD4D9247CB56EFC1360C32AB755 PX5: D38F92810065B7EDAC840228F23E3C004E625C37
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} - DllName [appmgmts.dll]
C:\WINDOWS\system32\cryptnet.dll InMem: 0 Det [G] MD5: F8DD2E38ECC275AE94EDC7C0492416EF PX5: 7068F9AD00A507EDF8EF0072A0BBE3005197631B
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet - DllName [cryptnet.dll]
C:\WINDOWS\system32\sclgntfy.dll InMem: 0 Det [G] MD5: 5FF2551A3D740476F06B20F59CD7F0BE PX5: 164435B300B5B4E0548400AA1F6E0800C2CDD06A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy - DllName [sclgntfy.dll]
C:\WINDOWS\system32\comm.drv InMem: 0 Det [G] MD5: 01B656374912D7CCF7465A3893F18982 PX5: 0D8B262B3068553F296F004B25B4F300F3172575
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - comm.drv [comm.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\vga.drv InMem: 0 Det [G] MD5: 9C86BBB80450AF95B6A4EA8EBDA93D76 PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - display.drv [vga.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mmsystem.dll InMem: 0 Det [G] MD5: 7B3633A771FFAD1CFB8D999FB5FC2687 PX5: B7018ADE208113FC103101C8EB6DD700B1D99765
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - drivers [mmsystem.dll]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\keyboard.drv InMem: 0 Det [G] MD5: ED4BF709AAD8B665075DE06A0945B030 PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - keyboard.drv [keyboard.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mouse.drv InMem: 0 Det [G] MD5: 7D29780AC88BB7292CDCFF71BA67433D PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - mouse.drv [mouse.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wfwnet.drv InMem: 0 Det [G] MD5: 5302ADA9B0793C84151FC463DD65D7BF PX5: E9641F0220200734353000D28FC59A003BEC664C
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - network.drv [wfwnet.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\progman.exe InMem: 0 Det [G] MD5: DF0960F73F899D517FFE5A96F8715E0E PX5: C0D0815600445D69AC3B01B2DAB067005DE0E11A
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - shell [progman.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\sound.drv InMem: 0 Det [G] MD5: 028A1F74926DC3DF2D9629EDC9AEBAFB PX5: E70CAE91D00DCE52067C00647C846400B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - sound.drv [sound.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\system.drv InMem: 0 Det [G] MD5: 4A00D59AE6D75BDFC2C8E5182C4B1376 PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - system.drv [system.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntvdm.exe InMem: 0 Det [G] MD5: 0FEA136CC628C6182E91598F7990229C PX5: DFD881F400018F016A4F06473E7EAA001AE7779E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - cmdline [%SystemRoot%\system32\ntvdm.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - wowcmdline [%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386]
C:\WINDOWS\system32\commdlg.dll InMem: 0 Det [G] MD5: 282C6A1E0565458CE162C907A84043F4 PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ctl3dv2.dll InMem: 0 Det [G] MD5: 637D88E7A1BEDC4457C80DBC8BA9F135 PX5: C84734B440655DC66A4D00304EF8AC0014627D07
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ddeml.dll InMem: 0 Det [G] MD5: BF6529DE6619C4970E727F58E0AD48D1 PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\lanman.drv InMem: 0 Det [G] MD5: E9D142FEAA02E867C8DCDDFE84E29E20 PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\netapi.dll InMem: 0 Det [G] MD5: 0F4AD2E828A6CB0F100CB36F3AC6FAEE PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olecli.dll InMem: 0 Det [G] MD5: CA0305757C0648715F6D92BA0C43992F PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olesvr.dll InMem: 0 Det [G] MD5: 16BF834A84A7DC0D24EDC8E924C90637 PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\pmspl.dll InMem: 0 Det [G] MD5: 57F8A50513E43AAF6A7B23389E389BBC PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\shell.dll InMem: 0 Det [G] MD5: DC8A8C47542EDD026AD8F4AC3D6C2292 PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\toolhelp.dll InMem: 0 Det [G] MD5: C86363C599E5D6836C21A3A3FD21C388 PX5: 87219368400265353643009B30E21C003936EBD7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\win87em.dll InMem: 0 Det [G] MD5: C980C971AD4FF3CA5CEFDEF40932D3A1 PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winoldap.mod InMem: 0 Det [G] MD5: 0DDFD6315DA4B29D09D09B6873EA460B PX5: E19A53B2202676D208C7002132DA8800B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winsock.dll InMem: 0 Det [G] MD5: 68485C5EF0E2EFCEBF21BBB1042B823B PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winspool.exe InMem: 0 Det [G] MD5: 0B4B94B78123E8035B84105BC024F9F8 PX5: F5BB157440E5748C08D600021F9AD300B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wowdeb.exe InMem: 0 Det [G] MD5: A7B82D6B38A2ACD3B2684E7371C6CE93 PX5: C1613D5DB0A80A260ABB006471357400B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\timer.drv InMem: 0 Det [G] MD5: 01DC53809B29550424FDB88345F6872C PX5: 01DC5380F09B29550F040024FDB8830045F6872C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\compobj.dll InMem: 0 Det [G] MD5: 40F9FC896B2BA69FDC04D75E9D00DD01 PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\storage.dll InMem: 0 Det [G] MD5: 3A5CD674ADA85BCC1FF26B81B4CDEFB5 PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2.dll InMem: 0 Det [G] MD5: 145AA8ECF0526C093F71117C181694AB PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2disp.dll InMem: 0 Det [G] MD5: EB38BE7D7CF9EC15442A9D24CB39A2AC PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2nls.dll InMem: 0 Det [G] MD5: 32CFCC848A57F87638E31E8735515F80 PX5: 09B13294B021FA9E558F026E08072F00900228B5
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\typelib.dll InMem: 0 Det [G] MD5: 7161255DFA81E67B66B746D2504D2F2B PX5: C0620321C004C14EB60D020DCCE16200701F9AEA
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msvideo.dll InMem: 0 Det [G] MD5: 0FEC57467004486CF202ED7BDFA5DCEE PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avifile.dll InMem: 0 Det [G] MD5: 92FBB472D13A6CC283529301810922FB PX5: 23078576D07C879BAB0E016052733100CC123BD6
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msacm.dll InMem: 0 Det [G] MD5: B3E0E6C925D333FDCA47808EBF787CB2 PX5: 9509859960B48961EF3C0048E192C7002EB67DBB
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciavi.drv InMem: 0 Det [G] MD5: E6A1BB6F039486BCEB825B365AA5548D PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciseq.drv InMem: 0 Det [G] MD5: 6F3561B8890792B0F61C353D1FC85F9C PX5: 6F3561B8D089079262B000F61C353D001FC85F9C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciwave.drv InMem: 0 Det [G] MD5: 2D1A8D96222A829884C50D453B805765 PX5: 2D1A8D9600222A826E980084C50D45003B805765
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avicap.dll InMem: 0 Det [G] MD5: 4A78D6C08D90BDE538D5B538A082C1C9 PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mapi.dll InMem: 0 Det [G] MD5: 7979E5E1A1FEBEBE6478108C1691B3A9 PX5: 26070C10A0AAA3E5F53707B6FD82F000CE7ADC57
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntsd.exe InMem: 0 Det [G] MD5: 3ECFFB9259462ACCCAF0063841E85E9B PX5: 834FBBDD002D211C7C10004432E9BD00FC3D4F55
REGIFEO - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a - Debugger [ntsd -d]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll InMem: 0 Det [G] MD5: 0D58A186D9F14255AF153323536C64B9 PX5: E2013C5B089BFF1A8CEF0C4A6B2DEC00D18DCB05
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll]
C:\WINDOWS\system32\msapsspc.dll InMem: 0 Det [G] MD5: 9B6E96F4EC4104BCB180C5BEA2787B3F PX5: 8C479BBA0065475850000105207F00002CA02E51
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\digest.dll InMem: 0 Det [G] MD5: 9B4CD31081F2CE1D69D2580D015C82EA PX5: 2283761F0087EB020C9B01CC3CCBC600B4AB6B96
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\msnsspc.dll InMem: 0 Det [G] MD5: A99939BAE7757437683F4D6B1021A499 PX5: 5FC3C3D6008FE4D0702D042D3521CB003038EB19
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\Resources\themes\Luna\Luna.msstyles InMem: 0 Det [G] PX5: D4AC08E190E1815FF0763FFB772E82003759142D
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Themes - InstallVisualStyle [%SystemRoot%\Resources\themes\Luna\Luna.msstyles]
C:\WINDOWS\system32\rdpclip.exe InMem: 0 Det [G] MD5: 456E33D8A5B34B0B9B5DE1270E13C7A3 PX5: 3129DB34009CADCFF4300018D68AB90013FA4372
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - StartupPrograms [rdpclip]
C:\WINDOWS\system32\rdpwsx.dll InMem: 0 Det [G] MD5: 98B543037E34C640622FA61E895326C4 PX5: 2D4F90888862EA65546401DF11DAFF009FB4CACF
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - WsxDll [rdpwsx]
C:\WINDOWS\system32\RDPCFGEX.DLL InMem: 0 Det [G] MD5: 0F6F4433F47441C14F17D5348CF609B0 PX5: 648184F200AE0568123C00C1F661D900A8042FB8
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - CfgDll [RDPCFGEX.DLL]
C:\WINDOWS\System32\cmd.exe InMem: 0 Det [G] MD5: 94744851B6A9BDCEFCD26CC61A6AFD12 PX5: 174F65020044C14C121406F23AA7F300C65DE81F
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\1.0 - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\Defaults - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGSAFESEC - \REGISTRY\Machine\System\CurrentControlSet\Control\SafeBoot - AlternateShell [cmd.exe]
C:\WINDOWS\system32\rdpsnd.dll InMem: 0 Det [G] MD5: 1C5C414CC29D507B89E355E1733A7491 PX5: 34FBA65500CFB6AF4EE7003742BB470065937B12
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wave [rdpsnd.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - mixer [rdpsnd.dll]
C:\WINDOWS\system32\imaadp32.acm InMem: 0 Det [G] MD5: 316F81B3EC381C1C76E07CA43FC12BFC PX5: 528D926A00EB3B4A408A0067B777E0007219DE4B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.imaadpcm [imaadp32.acm]
C:\WINDOWS\system32\msadp32.acm InMem: 0 Det [G] MD5: 147BA07670FA18D112D631B9EEC2CA21 PX5: 9896734D003A7B4A3AD6001B2D129300C6CAD27F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msadpcm [msadp32.acm]
C:\WINDOWS\system32\msg711.acm InMem: 0 Det [G] MD5: D609EDECB9692217BCA166C09A8AA6D0 PX5: 98836843004ECD5624170012D62AF300ADA7FDE1
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg711 [msg711.acm]
C:\WINDOWS\system32\msgsm32.acm InMem: 0 Det [G] MD5: DBB6C6DBA7C404BF266E064889C45907 PX5: 7715C6930008610D4E5300A5AC1D5400348AB758
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msgsm610 [msgsm32.acm]
C:\WINDOWS\system32\tssoft32.acm InMem: 0 Det [G] MD5: 49445261FFAAB7F8B915C4D3041AA7F4 PX5: 9DB260C30072F5C620530046E6B0DC000EF1898D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.trspch [tssoft32.acm]
C:\WINDOWS\system32\iccvid.dll InMem: 0 Det [G] MD5: BE4DE2539B3DB9D31D75FE0D323C52EE PX5: 0CEE20B80002FE623A80014E667E0900EDC97E34
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.cvid [iccvid.dll]
C:\WINDOWS\system32\ir32_32.dll InMem: 0 Det [G] MD5: CDE3AEAEEFF57DBB43133F46E96AD8C5 PX5: 48C6FD2800CF7D770AB40340E9EE0B00336C0935
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv31 [ir32_32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv32 [ir32_32.dll]
C:\WINDOWS\system32\ir41_32.ax InMem: 0 Det [G] MD5: 757C7944EB0D518020BB59A1A3AE9826 PX5: 88C1844600D60C2BF2960C06110E8900D716354E
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv41 [ir41_32.ax]
C:\WINDOWS\system32\iyuv_32.dll InMem: 0 Det [G] MD5: 193315B73270BAD33A3C2F527C8380F6 PX5: 8D2F485A000F6953BA8B00EF89F3AE0028DCEE98
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.IYUV [iyuv_32.dll]
C:\WINDOWS\system32\msrle32.dll InMem: 0 Det [G] MD5: 7B999CA58C6276D885F17ABC73982009 PX5: 6AD29AC5008293D12C2D00B216F74700B26503F0
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mrle [msrle32.dll]
C:\WINDOWS\system32\msvidc32.dll InMem: 0 Det [G] MD5: D648EDBA85278839E30979CE627E5C81 PX5: CE4E524C0073A8EC64FF00E1300C68000D8D97A8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.msvc [msvidc32.dll]
C:\WINDOWS\system32\msyuv.dll InMem: 0 Det [G] MD5: B35E1E08BF94E68DAF5D9F52485EA368 PX5: 92EC75E800DB9BE5440C000A47ABC3009642377A
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.UYVY [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YUY2 [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YVYU [msyuv.dll]
C:\WINDOWS\system32\tsbyuv.dll InMem: 0 Det [G] MD5: A892EC07DFFC3D8BF879102982F08721 PX5: 86646A040019522320A100B4BB4D900094B11477
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YVU9 [tsbyuv.dll]
C:\WINDOWS\system32\msg723.acm InMem: 0 Det [G] MD5: D53BDE174AD076AE58C8245A524CFB85 PX5: 11020CC8008FB79ED00601EAD6C03900AA679A83
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg723 [msg723.acm]
C:\WINDOWS\system32\msh263.drv InMem: 0 Det [G] MD5: B2E67E6045966C14A746627DCCF3F67D PX5: D1EBECF00092F1C390AB04548720B200A8771D55
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M263 [msh263.drv]
C:\WINDOWS\system32\msh261.drv InMem: 0 Det [G] MD5: 35F5338123495C871C4C7CC9FCE784F6 PX5: A41AA5420008DA3EF0B402388EE55600B25D24F8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M261 [msh261.drv]
C:\WINDOWS\system32\msaud32.acm InMem: 0 Det [G] MD5: 9EFCA60A4BDCF77FC5E2337E3AB61B1E PX5: C38F33CC0026C9E080B10460DFC46F004CE633B9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msaudio1 [msaud32.acm]
C:\WINDOWS\system32\sl_anet.acm InMem: 0 Det [G] MD5: C2E1907DDE505F02585E7C85F927333A PX5: 3DA8D952002B67BF508D01A57E615F00B2B2EA92
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.sl_anet [sl_anet.acm]
C:\WINDOWS\system32\iac25_32.ax InMem: 0 Det [G] MD5: 60B88C336EF385EB0ED77B73852712F3 PX5: D062C8E7003B5A390C1703C014BB9700CE1BED53
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.iac2 [C:\WINDOWS\system32\iac25_32.ax]
C:\WINDOWS\system32\ir50_32.dll InMem: 0 Det [G] MD5: B11FB596034932DC55A7638911F482C2 PX5: 8FA030FE0030B5D3865F0B4087D0420068F6854C
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv50 [ir50_32.dll]
C:\WINDOWS\system32\vfwwdm32.dll InMem: 0 Det [G] MD5: 148B5330921C365FA4A2DB6C431A9B2C PX5: 50A7CDEB00FEFE76D6A800E76B929700EFCC0032
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - MSVideo [vfwwdm32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - MSVideo8 [VfWWDM32.dll]
C:\WINDOWS\system32\mpg4c32.dll InMem: 0 Det [G] MD5: AF91E5DB83377132D9F885FD8467D1C8 PX5: 455AB90B90B2E3D769720615355FB9006D2AC8ED
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.MP42 [mpg4c32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.MPG4 [mpg4c32.dll]
C:\WINDOWS\system32\rani386.dll InMem: 0 Det [G] MD5: 04AA64428ADD865457B1F735ED00E42B PX5: 6F32BC490090A18972CC00D678B2C0008540CF8F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - PORT [rani386.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - PORT [rani386.dll]
C:\WINDOWS\system32\CSvidcap.dll InMem: 0 Det [G] MD5: 25BD54B5BB30DB5E359C7F9A317DDC45 PX5: B91AF4A900562DD0B03500183E88D000F18881AC
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - MSVideo1 [CSvidcap.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - MSVideo1 [CSvidcap.dll]
C:\WINDOWS\system32\tsccvid.dll InMem: 0 Det [G] MD5: A6D28943A33DC7E717795AF68581C624 PX5: E37B022000CD3ED2903701F7A4549E00EBE60794
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.tscc [tsccvid.dll]
C:\WINDOWS\system32\rsvpsp.dll InMem: 0 Det [G] MD5: B4B4BC22821A8A0AC357297B784B996E PX5: 316FAA8C007F4493605401B98234D5008F685EE8
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
C:\WINDOWS\system32\ipxrip.dll InMem: 0 Det [G] MD5: 2DAC54A61B837FAC36FFD92B7E39B3FF PX5: 859821B9009D40A9548200AD83A363008B36EF0D
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXRIP - DllName [ipxrip.dll]
C:\WINDOWS\system32\ipxsap.dll InMem: 0 Det [G] MD5: 3EEA6D343B3D6FCF500DB1837C07DF06 PX5: 85797B9500D099280499015DBB948C00AAAAF548
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXSAP - DllName [ipxsap.dll]
C:\WINDOWS\System32\iprtrmgr.dll InMem: 0 Det [G] MD5: 30584106B1E3C4F836D35C92BA38B184 PX5: D40494A6008ED12A98FE023AAD1857000DD8C7B5
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip - DllPath [%SystemRoot%\System32\iprtrmgr.dll]
C:\WINDOWS\System32\ipxrtmgr.dll InMem: 0 Det [G] MD5: 7FF943A30BA413C3F43E8441A28B7AA7 PX5: 4718448E00AA1CC09C1B00C6E262700012078A35
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx - DllPath [%SystemRoot%\System32\ipxrtmgr.dll]
C:\WINDOWS\system32\Firewall.cpl InMem: 0 Det [G] MD5: 486C95D7867757EF75946CDC7FA547DD PX5: C6AD4E5900619E5B3AA801566FFF65004318E0B5
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Internet Connection Firewall [Firewall.cpl]
C:\WINDOWS\system32\NetSetup.cpl InMem: 0 Det [G] MD5: 6C00E8B5734CD98456E36A1919393597 PX5: 1727E2B500CA6EDF648A0091303FF7003D7EE312
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - NetSetupWizard [NetSetup.cpl]
C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl InMem: 0 Det [G] MD5: B281E4E0C7DE6016F067191AA0B10047 PX5: 4B95DF2F0028608F7026024663B5470081E40772
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Speech [C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl]
C:\Programmi\Microsoft Office\Office12\MLCFG32.CPL InMem: 0 Det [G] MD5: CD2E930E206F5D6647C12C0BCB614101 PX5: 7C810CE440F34A90451701C7F0577100E02E8640
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - mlcfg32.cpl [C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL]
C:\Programmi\Avira\Avira Premium Security Suite\avconfig.cpl InMem: 0 Det [G] MD5: D0FEBA1B5E4A52C24B258DE203385E86 PX5: 1A59653128BA4FDE102E012AB3D61B007C08E6B9
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Avira Premium Security Suite [C:\PROGRA~1\Avira\AVIRAP~1\avconfig.cpl]
C:\WINDOWS\system32\Magnify.exe InMem: 0 Det [G] MD5: B8485B1B335C0C00397DD7ABC041475D PX5: 8FD0DD1200F1CC211E520147693D72005CC20F83
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier - Application path [Magnify.exe]
C:\WINDOWS\system32\osk.exe InMem: 0 Det [G] MD5: 7D5B9DD2D397E5D323C5DE2D0B4CAEB6 PX5: 865A974F008F100B4EF6035F16FFB2007D13E899
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard - Application path [osk.exe]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\GIFIMP32.FLT InMem: 0 Det [G] MD5: 3EA24F7FC44D3853E83426C12B67C681 PX5: 84D2B872308981F9BF570329B226A900908A8352
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\GIF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\GIF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\JPEGIM32.FLT InMem: 0 Det [G] MD5: 13B49FCD0B41B7DBB5872F0055E6EF14 PX5: 01E5873538811227C15E021F73B8120041AB700B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\JPEG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\JPEG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\PNG32.FLT InMem: 0 Det [G] MD5: 25EBC1E36D19BEF849D1BB269F0EB705 PX5: 3DC90F9B580731FB899903BA4067C600560CECF6
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\PNG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PNG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\TIFFIM32.FLT InMem: 0 Det [G] MD5: 6F2343F8E2B4F8F3561DC9D4D8453274 PX5: 6A65288600710C5E10250304BA3E68002583ACD3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\TIFF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\TIFFIM32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\TIFF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\TIFFIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\WPGEXP32.FLT InMem: 0 Det [G] MD5: C95E14E015F59FCFA506E285F2CDF8CD PX5: AD28D8EA00A2E2DE50320171DF11DA000E7571BC
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\WPG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\WPGEXP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\BMPIMP32.FLT InMem: 0 Det [G] MD5: 3E747480AA108B914826E258D6F1ADDF PX5: 93747641008297F45017019294DF89004BA0EA98
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\BMP - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\BMPIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\CDRIMP32.FLT InMem: 0 Det [G] MD5: 77ABD20B8F8EFD6FD2FDB2C4CBD3D09E PX5: 08219BE2581A9C48DAA4068E99590D00DEE0B657
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CDR - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\CDRIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\CGMIMP32.FLT InMem: 0 Det [G] MD5: C9E3FB4BDE38B40624895D6EC5456168 PX5: 647345C080677B4E6F890467F3A5A0006554453E
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CGM - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\CGMIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\EMFIMP32.FLT InMem: 0 Det [G] MD5: DED9D932A6901C31A2B7C8C432444869 PX5: F0FCD40F0010BE9F5E66058999A28D000941C64B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\EMF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\EMFIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\EPSIMP32.FLT InMem: 0 Det [G] MD5: A186964EDE2165E145F420936FDDD66E PX5: 6FB5275F983CC648D72F063F64C51700EF66019A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\EPS - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\EPSIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\FPX32.FLT InMem: 0 Det [G] MD5: AFD70D86E1B0F8636A43CFFCA6D04BCE PX5: 1FAFD681002AD5B7923117E42029BC00BC3C2102
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\FPX - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\FPX32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\MIX - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\FPX32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\PCDIMP32.FLT InMem: 0 Det [G] MD5: FED29896B3EF427D1279E3E0A317F33B PX5: 81D40021C0550913EA7C00520E003800EE4B74D9
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PCD - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PCDIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\PCXIMP32.FLT InMem: 0 Det [G] MD5: 17F65B900AFECB480B0A5CBC240C9600 PX5: 786B79BE0043616D4033013060AF85003F0FC68D
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PCX - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PCXIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\PICTIM32.FLT InMem: 0 Det [G] MD5: 82A21B613A60FF51973447EEE5373A8D PX5: 8BC032BE90B0E37CFF77008BEC533C0064CAF5C9
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PICT - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PICTIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\WMFIMP32.FLT InMem: 0 Det [G] MD5: 2001DD82C92F49B57FFC641BC420FAFE PX5: 971F6A2B00A27CEF908B002DDDE82A0027089C88
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\WMF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\WMFIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\Grphflt\WPGIMP32.FLT InMem: 0 Det [G] MD5: A4A3A73334B673A744229EDCAECBECFE PX5: 61FB3A4150D1E8CFB92E02968B03DB008EFABF2A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\WPG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\WPGIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx InMem: 0 Det [G] MD5: 7CFDD7F54C64BFF62F64665A7E567896 PX5: D9CCCE7600AE330472C5014263EDAE006E08A176
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\ieinfo5 - [C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSIOFF9.OCX InMem: 0 Det [G] MD5: B614C1970CE6475E1B42122DE65056F4 PX5: F0B49B890050375CC0D0058F9D133E00582C04D5
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\msioff9 - [C:\PROGRA~1\FILECO~1\MICROS~1\Msinfo\MSIOFF9.OCX]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\OINFO11.OCX InMem: 0 Det [G] MD5: 9ACB2586F450DF349826EB51E0ABC950 PX5: 5C5178108086295C69610BF97958AD000535240B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\OInfo11 - [C:\PROGRA~1\FILECO~1\MICROS~1\MSINFO\OINFO11.OCX]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\OINFO12.OCX InMem: 0 Det [G] MD5: 532A16ACFBE3043E0ED03F7FFD34C079 PX5: B45475B3587EA55E8B680852EEE51400718D8FC5
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\OInfo12 - [C:\PROGRA~1\FILECO~1\MICROS~1\MSINFO\OINFO12.OCX]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\msinfo32.exe InMem: 0 Det [G] MD5: 12644A48270558AEC35230E476534F48 PX5: DCC20BBB0036A3BB9EFA00953DF8F200E6CDE36A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo - Path [C:\Programmi\File comuni\Microsoft Shared\MSInfo\msinfo32.exe]
C:\Programmi\Microsoft Office\Office12\MSQRY32.EXE InMem: 0 Det [G] MD5: 45A7ED7271221CEEE72EEFFAD0FBF8BE PX5: 44E8AA7D68600C3E4B850A26C5850700B9AD2703
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSQuery - Path [C:\PROGRA~1\MICROS~2\Office12\MSQRY32.EXE]
C:\Programmi\File comuni\Microsoft Shared\Proof\MSPFR32.DLL InMem: 0 Det [G] MD5: 0859D4ADC27C6D406363D4BCA88880DF PX5: 28008D7C00D1A3C6487704A9645A9400B534CDB3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Proofing Tools\Spelling\1036\Normal\Clients - [C:\PROGRA~1\FILECO~1\MICROS~1\Proof\MSPFR32.DLL]
C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv InMem: 0 Det [G] MD5: 20B2A413BEFA1B0D309416BF8228DC95 PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\HTML - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\HTML - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv]
C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv InMem: 0 Det [G] MD5: C396093CF40FC44D54390B6DE5B5A975 PX5: 866A893D1893730D69BA00B5F7B862005D0684E8
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MEWord12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\Word12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\Word97 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MEWord12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Word12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Word97 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll InMem: 0 Det [G] MD5: DD9F7882E9E496BEFFE36C3D6AF339B1 PX5: 7D873FB32864797D67B000BB756DEB000BFCA5B7
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSInkWriter - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSPocketInkWord - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSInkWriter - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSInkWriterTemplate - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSPocketInkWord - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
C:\Programmi\Microsoft ActiveSync\pwoffcnv.dll InMem: 0 Det [G] MD5: E867A8DF2778C3F97C4302DB742A79F8 PX5: 73FA1B0C28B8EA39915700DD504C0A00B97D98E7
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSPocketWord - Path [C:\PROGRA~1\MI3AA1~1\pwoffcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSPocketWord - Path [C:\PROGRA~1\MI3AA1~1\pwoffcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSPocketWordTemplate - Path [C:\PROGRA~1\MI3AA1~1\pwoffcnv.dll]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WRD6EX32.CNV InMem: 0 Det [G] MD5: 44EC72DED0D48AB55AAD3A01C8B17802 PX5: 743FDB17009C26A4708310E2A2136C00091A7106
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWord6Exp - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WRD6EX32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WRD6ER32.CNV InMem: 0 Det [G] MD5: 058CC301D6F29466F54313736591C47E PX5: C22C201100980EF64C390098BC179700512CB6D3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWord6RTFExp - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WRD6ER32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\DOSWRD32.CNV InMem: 0 Det [G] MD5: 8700DFADC2BD39980D0ABF7E77F5F2B8 PX5: 81E8789700A44AA4488F039850E2F500690D72EC
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordDOS - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\DOSWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordDOS6 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\DOSWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordDOS - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\DOSWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordDOS6 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\DOSWRD32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\MACWRD32.CNV InMem: 0 Det [G] MD5: 2D96257DECA87A19EF6B373041CDEBE8 PX5: 47A5E45500D44F04C88202AA48BA5600B7072175
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordMac4 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordMac5 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordMac51 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordMac - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordMacSJ - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WNWRD232.CNV InMem: 0 Det [G] MD5: 938917FB74ACDABAF097B57F73DFEB1E PX5: 2BDF980F00F8180DD0F4029EE3CD660071FC2517
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordWin2 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WNWRD232.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordWin2 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WNWRD232.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WORKS432.CNV InMem: 0 Det [G] MD5: 980D0D9D71553AF8A83AC04489D2563E PX5: 6FFFA7710086EF08F81003EF6D5B1200BEAF73F5
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWorksWin4 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WORKS432.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWorksWin4 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WORKS432.CNV]
C:\Programmi\File comuni\Microsoft Shared\Textconv\works632.cnv InMem: 0 Det [G] MD5: CC9698CB84AC18DF14E70580FC4028F1 PX5: 5B8862FF082FB0E34BA60152692FD400F277144C
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWorksWin6 - Path [C:\Programmi\File comuni\Microsoft Shared\Textconv\works632.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWorksWin6 - Path [C:\Programmi\File comuni\Microsoft Shared\Textconv\works632.cnv]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT532.CNV InMem: 0 Det [G] MD5: 51FF14E5BF248C0DACBDFCA354F0C359 PX5: 8C60AC67A067501DCB5902995E744B00131061F7
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDat - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDat50 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDOS50 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDOS51 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctWin - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WrdPrfctDos - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WPFT532.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\LOTUS32.CNV InMem: 0 Det [G] MD5: 085D5F29842F0FEDDA387E6070CA76A4 PX5: 3A99224E00D8E0D4AEBE01A6391D2900C312AE5A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Lotus123 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\LOTUS32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\EXCEL32.CNV InMem: 0 Det [G] MD5: 821B3AC2591F662764967499B7385661 PX5: 4FAA2E4B00B5FD741ACC02D04954AC00F9246168
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSBiff - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\EXCEL32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc InMem: 0 Det [G] MD5: AFD63CA25E43793FD7C42C5F74961559 PX5: 71A6A3C449C4AC08B01A01656F55D100B9B2E691
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWinWrite.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\MSWRD632.CNV InMem: 0 Det [G] MD5: 24ABD0009146D3CA5D34C09B19388A13 PX5: 6186521B000BD8E41A75027F2991DF00428009B2
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MSWRD632.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordJ6 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MSWRD632.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc InMem: 0 Det [G] MD5: DA91B90D37135534D061B7E3480FC11C PX5: 255241CE4A8E0D0D40E903D813E15E00D95525A3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv InMem: 0 Det [G] MD5: 40A28E9CC57F760A213A71FCE642CEDD PX5: E4DB25CE10AF0B4B41E904034C3FBD003A7F764C
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord8 - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv]
C:\Programmi\File comuni\Microsoft Shared\TextConv\RECOVR32.CNV InMem: 0 Det [G] MD5: 5F4E49DF2A1A4648E9EB116A13B61721 PX5: 2BFA84C39005DA8389BB007F5B705600C551264F
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Recover - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\RECOVR32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT632.CNV InMem: 0 Det [G] MD5: 59D91416E394AC9F74EAC4AEAE68CC39 PX5: 80F67AE5A0DA6D95875B0300FD96CD00A87BDB39
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WordPerfect6x - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WPFT632.CNV]
C:\Programmi\File comuni\Microsoft Shared\Works Shared\EULAREG.DLL InMem: 0 Det [G] MD5: C7E2FAB1F9BF88CBBC19A0E7428E2E9D PX5: 4B4AEC5D0002A112A070007DA7DFB400D8F9285D
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\UserReg - Path [C:\Programmi\File comuni\Microsoft Shared\Works Shared\EULAREG.D]
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WKERLANG.DLL InMem: 0 Det [G] MD5: EC6EC4934EFD4E2ABD426954B66BA185 PX5: 2333EBFC002EBC8650E400021AED4400C4766F65
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Wkerlang - Path [C:\Programmi\File comuni\Microsoft Shared\Works Shared\WKERLANG.]
C:\WINDOWS\bdoscandel.exe InMem: 0 Det [G] MD5: B75E2A565AE6B03DD3941A5DD4E2F31C PX5: 65CB6D9C003C12EFD09800C1D7EA160028AA89FE
REGEXPSHELL - \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - Exec [%windir%\bdoscandel.exe]
C:\WINDOWS\system32\mshta.exe InMem: 0 Det [G] MD5: 08A8931DB4D9302F9804C4DFA14596D1 PX5: 718367AA002A4EB4B2EB00A2C177ED00FAF63606
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\htafile\shell\open\command - [C:\WINDOWS\system32\mshta.exe "%1" %*]
C:\WINDOWS\system32\shscrap.dll InMem: 0 Det [G] MD5: 886E25758E76F75B62955E031EAAA7E5 PX5: CEE438A6004ACC126CE400DA76EA3300F6FBD343
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\System32\WScript.exe InMem: 0 Det [G] MD5: F5AFF05C4B08EF753084D19690CFB5F3 PX5: 6955E35B00E6FD67C0C30150882FFB00E6346771
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSHFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSFFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
C:\Programmi\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe InMem: 0 Det [G] MD5: 08D03AAD574FC48D406D5F46C3F01185 PX5: 7EFFE88000A9BE8AA08A1173A163E0000F41D507
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\NeroMediaPlayer.Playlist\shell\open\command - ["C:\Programmi\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe" "%1"]
C:\WINDOWS\system32\mmc.exe InMem: 0 Det [G] MD5: B0B93DE885F03974C12B6238D68A6F67 PX5: C6EB514E00915CDD74820CD0EB0CF8007694B8C8
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\MSCFile\shell\open\command - [%SystemRoot%\system32\mmc.exe "%1" %*]
C:\Programmi\Mozilla Thunderbird\thunderbird.exe InMem: 0 Det [G] PX5: 8B834F2C7023E074648D8123E0FEE7000823D0D3
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\mailto\shell\open\command - ["C:\Programmi\Mozilla Thunderbird\thunderbird.exe" -osint -compo]
C:\Programmi\Mozilla Firefox\firefox.exe InMem: 0 Det [G] PX5: 74432CAC70EB96A0BC50745EE4728B00F8FAE799
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ftp\shell\open\command - [C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1]
C:\Documents and Settings\Alberto\Desktop\ComboFix.exe InMem: 0 Det [u] MD5: DE52A5EBA55086D1EB8A959FA929583C PX5: 5C70F20521C0174C524B18D33CB94700051FB475
C:\Documents and Settings\Alberto\Desktop\gmer.exe InMem: 0 Det [G] MD5: 8CB03E445724628524A9C9BF17489A53 PX5: C8F8E9E7008F542290090BCC464D9800878FA181
C:\WINDOWS\system32\shutdown.exe InMem: 0 Det [G] MD5: 84CCD340EC55853564264D8C03D0E009 PX5: BA0F54D800D065E74EDC009947127A0096E480E4
C:\Documents and Settings\Alberto\Desktop\rku37300509.exe InMem: 0 Det [UP] MD5: A043DF46903C717093972609721C7DA5 PX5: 2C420E8600F78AB676F101112C8975001B36BFDE
C:\Documents and Settings\Alberto\Desktop\SmitfraudFix.exe InMem: 0 Det [u] MD5: A5FB39AAE43FB6F29313C0F9F945F17B PX5: 6865DB796E5C4DFC81441250518955005F4F4B69
C:\WINDOWS\system32\drivers\1394bus.sys InMem: 0 Det [G] MD5: 009927DB8019C54477DABF6F9D795053 PX5: A01D29000095FDD3D05B00D74275E7003170E933
C:\WINDOWS\system32\drivers\abp480n5.sys InMem: 0 Det [G] MD5: 6ABB91494FE6C59089B9336452AB2EA3 PX5: C1BD84230067F4EA5CEF003B6C801800F0A16602
C:\WINDOWS\system32\drivers\adpu160m.sys InMem: 0 Det [G] MD5: 9A11864873DA202C996558B2106B0BBC PX5: A646098B00C8A7478EF4012AC693E40053E6B855
C:\WINDOWS\system32\drivers\aha154x.sys InMem: 0 Det [G] MD5: C23EA9B5F46C7F7910DB3EAB648FF013 PX5: B5CCD41400024B8C3232007262F16400589648E4
C:\WINDOWS\system32\drivers\aic78u2.sys InMem: 0 Det [G] MD5: 19DD0FB48B0C18892F70E2E7D61A1529 PX5: 841F37AC80EF3F36D7BD000A10720200E4552005
C:\WINDOWS\system32\drivers\aic78xx.sys InMem: 0 Det [G] MD5: B7FE594A7468AA0132DEB03FB8E34326 PX5: 645E88DA8053B973DE9500E552F9DF00FDCB4867
C:\WINDOWS\system32\drivers\aliide.sys InMem: 0 Det [G] MD5: 1140AB9938809700B46BB88E46D72A96 PX5: BC6DDD5E808533E01498005CD48AF0000F761377
C:\WINDOWS\system32\drivers\amdk6.sys InMem: 0 Det [G] MD5: 03BBCA770830A6FFC5A57B697D150F2F PX5: 4242D904806C60F8A08300740C09B400A99A704A
C:\WINDOWS\system32\drivers\amdk7.sys InMem: 0 Det [G] MD5: A4FF6CFCD83941B3628779CB32959C2B PX5: EABF85AE00CF7D2BA2F600B95331A000E92CF98B
C:\WINDOWS\system32\drivers\amsint.sys InMem: 0 Det [G] MD5: 79F5ADD8D24BD6893F2903A3E2F3FAD6 PX5: 983BFBAD005D94832FCE00E56154ED006EF2904F
C:\WINDOWS\system32\drivers\asc.sys InMem: 0 Det [G] MD5: 62D318E9A0C8FC9B780008E724283707 PX5: 57B586F580FE82A86794006034353E00FFEDC97A
C:\WINDOWS\system32\drivers\asc3350p.sys InMem: 0 Det [G] MD5: 69EB0CC7714B32896CCBFD5EDCBEA447 PX5: AD3D9E1A803A53B9579300764BBA6D0023C757B9
C:\WINDOWS\system32\drivers\asc3550.sys InMem: 0 Det [G] MD5: 5D8DE112AA0254B907861E9E9C31D597 PX5: F329E1C6001CB2953AAF005BD8D557009377D482
C:\WINDOWS\system32\drivers\ati2erec.dll InMem: 0 Det [G] MD5: DB99D0A7271B3C1CB0B55FCB1AB3F8CF PX5: 9AE95B2600A924F1A0B00014BADC760088A45B5D
C:\WINDOWS\system32\drivers\atmepvc.sys InMem: 0 Det [G] MD5: 39A0A59180F19946374275745B21AEBA PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B
C:\WINDOWS\system32\drivers\atmlane.sys InMem: 0 Det [G] MD5: 0128E78FE835F074E469F03DB681CA9E PX5: 823332B380717184DAFD00B035ED9500F95C0458
C:\WINDOWS\system32\drivers\atmuni.sys InMem: 0 Det [G] MD5: E7EF69B38D17BA01F914AE8F66216A38 PX5: 92E7BF650082565E607E05AD216E0900953642D5
C:\WINDOWS\system32\drivers\avgntdd.sys InMem: 0 Det [G] MD5: FEFF0EE6B3BCECE911B455C74304DE5C PX5: 4FDDF02D4079335D9FA90087A8D3250085164350
C:\WINDOWS\system32\drivers\avgntmgr.sys InMem: 0 Det [G] MD5: AB1B39C8C3279271757CA622C93C716B PX5: ACFEEBF140BFB8705331007B127CAA00D6F58870
C:\WINDOWS\system32\drivers\battc.sys InMem: 0 Det [G] MD5: EA22EDADF90C0ABA8319454B2A07B700 PX5: EB6F1BAC00003DE437C500D2CB8267002617D2AD
C:\WINDOWS\system32\drivers\bcbthub.sys InMem: 0 Det [G] MD5: 3292260A6AE8F328C7EF698B6EBD56E2 PX5: 66E69F733A2B985E45EB02C652DD58009855062A
C:\WINDOWS\system32\drivers\beep.sys InMem: 0 Det [G] MD5: DA1F27D85E0D1525F6621372E7B685E9 PX5: F62FA4F780D77A5110B2005CD7507900637E04C1
C:\WINDOWS\system32\drivers\bridge.sys InMem: 0 Det [G] MD5: E4E6A0922E3D983728C9AD4E8D466954 PX5: 69CABDC3803104ED17D001BEA902E2004A7836B0
C:\WINDOWS\system32\drivers\btslbcsp.sys InMem: 0 Det [G] MD5: 4E137E223AA8164327A336594F780CA9 PX5: 147D9E7E9CAB748266D003AFDE91820015D31305
C:\WINDOWS\system32\drivers\cbidf2k.sys InMem: 0 Det [G] MD5: 90A673FC8E12A79AFBED2576F6A7AAF9 PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7
C:\WINDOWS\system32\drivers\cd20xrnt.sys InMem: 0 Det [G] MD5: F3EC03299634490E97BBCE94CD2954C7 PX5: 585C4579008238981E0B00FA57DBFC004069176C
C:\WINDOWS\system32\drivers\cdaudio.sys InMem: 0 Det [G] MD5: C1B486A7658353D33A10CC15211A873B PX5: 7D0D30B9001A5352491B006D9C79D000079079B1
C:\WINDOWS\system32\drivers\cdfs.sys InMem: 0 Det [G] MD5: CD7D5152DF32B47F4E36F710B35AAE02 PX5: 0225C13D004CC9CDF93000922132D000BA57D976
C:\WINDOWS\system32\drivers\changer.sys InMem: 0 Det [G] MD5: DAF1A8193B6CAF0FB858CADCC5C4AF4A PX5: FEBC5C5B00A5D832203A00C9150B3C0054623664
C:\WINDOWS\system32\drivers\cinemst2.sys InMem: 0 Det [G] MD5: 0CCCBD6EF94910804921BF04A2107EF8 PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424
C:\WINDOWS\system32\drivers\classpnp.sys InMem: 0 Det [G] MD5: D86173B401470F06D9810F7962969DDF PX5: 61280642007AE0BEC20400D8EC4D8200079FF3CE
C:\WINDOWS\system32\drivers\cmdide.sys InMem: 0 Det [G] MD5: 03A71B880380D15A0F951612B0F52BE8 PX5: 1090D35F00826C091A0300BA9B616000882568E7
C:\WINDOWS\system32\drivers\cpqarray.sys InMem: 0 Det [G] MD5: 3EE529119EED34CD212A215E8C40D4B6 PX5: 83BD9FEC80CF65303A83008B3639D70054F0FDB8
C:\WINDOWS\system32\drivers\cpqdap01.sys InMem: 0 Det [G] MD5: 9624293E55AD405415862B504CA95B73 PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3
C:\WINDOWS\system32\drivers\crusoe.sys InMem: 0 Det [G] MD5: F8C288D89AD71BF1AFF0F9E4DB5D3A10 PX5: E4FE1A7080AF31429EBC00A2612936006E0D7B97
C:\WINDOWS\system32\drivers\dac2w2k.sys InMem: 0 Det [G] MD5: E550E7418984B65A78299D248F0A7F36 PX5: 2988280A8061B19BBDB80278B0C05C0011F9526A
C:\WINDOWS\system32\drivers\dac960nt.sys InMem: 0 Det [G] MD5: 683789CAA3864EB46125AE86FF677D34 PX5: 4A76D57C80C85C4939AF009F3428130045C96C9B
C:\WINDOWS\system32\drivers\diskdump.sys InMem: 0 Det [G] MD5: D16C81677A9BE399C63CD2EA486472A5 PX5: 6D7A5F848072A37B37EB00C342763700264F9014
C:\WINDOWS\system32\drivers\dpti2o.sys InMem: 0 Det [G] MD5: 40F3B93B4E5B0126F2F5C0A7A5E22660 PX5: 1646100FE09545F24E5D003D74376C00785BB51E
C:\WINDOWS\system32\drivers\drmk.sys InMem: 0 Det [G] MD5: FF86422268DE771D571E123EB7092C6A PX5: 73B664558055CFD9EB9800CC44976A00031F37A9
C:\WINDOWS\system32\drivers\dxapi.sys InMem: 0 Det [G] MD5: FE97D0343ACFDEBDD578FC67CC91FA87 PX5: D0E069F50027643C29470029619BD400B7B7054A
C:\WINDOWS\system32\drivers\dxg.sys InMem: 0 Det [G] MD5: D3DAC8432110AAD0B02A58B4459AB835 PX5: 3F54B7A780F0ED98157C011AE18D4A00EE6485EB
C:\WINDOWS\system32\drivers\dxgthk.sys InMem: 0 Det [G] MD5: A73F5D6705B1D820C19B18782E176EFD PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14
C:\WINDOWS\system32\drivers\enum1394.sys InMem: 0 Det [G] MD5: 80D1B490B60E74E002DC116EC5D41748 PX5: 4E7FF71200A58CFF197100D1CCE6B600C8D9E0FF
C:\WINDOWS\system32\drivers\fastfat.sys InMem: 0 Det [G] MD5: 3117F595E9615E04F05A54FC15A03B20 PX5: 1E68B78D00BA4E2F30E102605EF38B00BED2E67D
C:\WINDOWS\system32\drivers\fdc.sys InMem: 0 Det [G] MD5: CED2E8396A8838E59D8FD529C680E02C PX5: 030113CC009ED3836B77000B64308F0030511E66
C:\WINDOWS\system32\drivers\fips.sys InMem: 0 Det [G] MD5: 333FBBC71BDCBB46C58A3B51B3D51184 PX5: 1007D8C50089CEC889D600EFFDE6B800D02A5DA9
C:\WINDOWS\system32\drivers\flpydisk.sys InMem: 0 Det [G] MD5: 0DD1DE43115B93F4D85E889D7A86F548 PX5: 60E1171000EEA79E50BF00391F7EE000F2860CEC
C:\WINDOWS\system32\drivers\fsvga.sys InMem: 0 Det [G] MD5: 25A7F5539209BE062D4BB3F9CD84BD16 PX5: 78ACD409008333CF30C90046F776F800BAB458CE
C:\WINDOWS\system32\drivers\fs_rec.sys InMem: 0 Det [G] MD5: 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A PX5: 2E3179C900CB71741FBA004F645EEB00865149D3
C:\WINDOWS\system32\drivers\Hdaudio.sys InMem: 0 Det [G] MD5: 2A013E7530BEAB6E569FAA83F517E836 PX5: B7BDAA0200E26E383AB10225F4727C00EB8C3B5A
C:\WINDOWS\system32\drivers\hidclass.sys InMem: 0 Det [G] MD5: 378055AB8DDA86228683C697C4E11685 PX5: 800EAA28801FAC928DC800F3F0296600134890AF
C:\WINDOWS\system32\drivers\hidparse.sys InMem: 0 Det [G] MD5: 5FFF41CD5108E9051D255C37825AF697 PX5: 202AE5AF805FDB4161470039E900C0009EB401B0
C:\WINDOWS\system32\drivers\hpn.sys InMem: 0 Det [G] MD5: B028377DEA0546A5FCFBA928A8AEFAE0 PX5: E3E88DDE608451A865E100EA998B2E0037855B2B
C:\WINDOWS\system32\drivers\i2omgmt.sys InMem: 0 Det [G] MD5: 8F09F91B5C91363B77BCD15599570F2C PX5: 510CA09D0048E0B620E4008D21A9D3008D5A0DA2
C:\WINDOWS\system32\drivers\i2omp.sys InMem: 0 Det [G] MD5: ED6BF9E441FDEA13292A6D30A64A24C3 PX5: 53DD5A928056D71F48AC00DEF5424100686103FA
C:\WINDOWS\system32\drivers\imagedrv.sys InMem: 0 Det [G] MD5: 25EDD75E23C5EF6B33D0FBCCE125A601 PX5: 3C11D7B200AF52D217B100E01B523C0062C31D17
C:\WINDOWS\system32\drivers\imagesrv.sys InMem: 0 Det [G] MD5: 9C4BBACF4E9B9543C3CE23F1FE556941 PX5: 3AE6FD8C0077A269F23F01BAA2ECA40083866402
C:\WINDOWS\system32\drivers\incdfs.sys InMem: 0 Det [G] MD5: D8A77FC386F9297CE4B692FC83B4BA02 PX5: 3C1D96D8803DD44B8ED7019EE20A0F00A7A157DD
C:\WINDOWS\system32\drivers\incdrec.sys InMem: 0 Det [G] MD5: 12DBB035CD2ED0313FAB864470F31C23 PX5: B2F6F3BF009F1D65229D009CEE1E170086A82D9D
C:\WINDOWS\system32\drivers\InCDrm.sys InMem: 0 Det [G] MD5: 9D1ADFE6CE5C2E2A42F3B8AA57821D87 PX5: 04D7A57F0004A04783DD0030708B540006A04B1E
C:\WINDOWS\system32\drivers\ini910u.sys InMem: 0 Det [G] MD5: 4A40E045FAEE58631FD8D91AFC620719 PX5: C7702821802D11853E090094CBC4E400E259EFF7
C:\WINDOWS\system32\drivers\inport.sys InMem: 0 Det [G] MD5: C290ED1483C883F2B305F532B15328C9 PX5: E4210BC7001F01C0359F00D22ED78A00619C2001
C:\WINDOWS\system32\drivers\intelide.sys InMem: 0 Det [G] MD5: 7C15B34147134381421D7044479A1D73 PX5: 13577194803FCB8815F90068ABEFAF00861C758E
C:\WINDOWS\system32\drivers\ks.sys InMem: 0 Det [G] MD5: B9540E258F952650DE8DEC68719A5C97 PX5: 78D9F49380D52F3B2603022FFE8CE100B4CA1585
C:\WINDOWS\system32\drivers\ksecdd.sys InMem: 0 Det [G] MD5: EB7FFE87FD367EA8FCA0506F74A87FBB PX5: 774C935980F76922670D01959D71E6009D9267E6
C:\WINDOWS\system32\drivers\lbrtfdc.sys InMem: 0 Det [G] MD5: CC50A66548C2F285BC8A7B0B8AA578E3 PX5: D3D99067805CCB65878500557D5D27003CEC0276
C:\WINDOWS\system32\drivers\mcd.sys InMem: 0 Det [G] MD5: D1F8BE91ED4DDB671D42E473E3FE71AB PX5: 874B185900D5916B1EF900C2FE181D00136FAB22
C:\WINDOWS\system32\drivers\mf.sys InMem: 0 Det [G] MD5: 729D83E56C29C510258A6E9E79FFDDC3 PX5: F49C56310087ADB9F998009652109C00BB35FCB1
C:\WINDOWS\system32\drivers\mnmdd.sys InMem: 0 Det [G] MD5: 4AE068242760A1FB6E1A44BF4E16AFA6 PX5: 33A41DEC8064684210700001C4EA1400320E2D4F
C:\WINDOWS\system32\drivers\modem.sys InMem: 0 Det [G] MD5: B30D2DB351E3191BD71232036CFE711A PX5: F22F2ACE0067686F7617004AA04CD400DCD5102E
C:\WINDOWS\system32\drivers\mountmgr.sys InMem: 0 Det [G] MD5: 65653F3B4477F3C63E68A9659F85EE2E PX5: 7309084F00AE944FA5B9001585E15200FF872CDC
C:\WINDOWS\system32\drivers\mraid35x.sys InMem: 0 Det [G] MD5: 3F4BB95E5A44F3BE34824E8E7CAF0737 PX5: C698A15680F72A6A43410027AE857800E03AD3D3
C:\WINDOWS\system32\drivers\msfs.sys InMem: 0 Det [G] MD5: 561B3A4333CA2DBDBA28B5B956822519 PX5: 075BA4B3803111464A9700E6E20263008B5F85A4
C:\WINDOWS\system32\drivers\mup.sys InMem: 0 Det [G] MD5: 82035E0F41C2DD05AE41D27FE6CF7DE1 PX5: 488AE40380446D0EA57D014A890CCF00C681450A
C:\WINDOWS\system32\drivers\ndis.sys InMem: 0 Det [G] MD5: 558635D3AF1C7546D26067D5D9B6959E PX5: D3D6286080F2E0F0CA7A02249DEC7F001D734284
C:\WINDOWS\system32\drivers\NdisFilt.sys InMem: 0 Det [G] MD5: 1F76996253071CBAE0A5AB5D8551EF88 PX5: 0D76497E283E1A4311AB0058DFBFE500EEAEF421
C:\WINDOWS\system32\drivers\ndproxy.sys InMem: 0 Det [G] MD5: 59FC3FB44D2669BC144FD87826BB571F PX5: FB8873A080F72F00942D005DFF5068001A60ED1C
C:\WINDOWS\system32\drivers\NETMNT.sys InMem: 0 Det [G] MD5: 6A25F27202F3122A44A6B74EE46E7A76 PX5: C1DCEB7780BE4C1E25F3002FA6A0C6004811F4C1
C:\WINDOWS\system32\drivers\nikedrv.sys InMem: 0 Det [G] MD5: BE984D604D91C217355CDD3737AAD25D PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9
C:\WINDOWS\system32\drivers\nmnt.sys InMem: 0 Det [G] MD5: 60CF8C7192B3614F240838DDBAA4A245 PX5: 4F6E51DE803D5E299DD30090E39024009FB3BD94
C:\WINDOWS\system32\drivers\npfs.sys InMem: 0 Det [G] MD5: 4F601BCB8F64EA3AC0994F98FED03F8E PX5: 20DA5FD280719B5A789A008E44C90300CCA72CD2
C:\WINDOWS\system32\drivers\ntfs.sys InMem: 0 Det [G] MD5: 19A811EF5F1ED5C926A028CE107FF1AF PX5: F6D2D4BD008F0B21C44F08EC65529C002F16FA15
C:\WINDOWS\system32\drivers\null.sys InMem: 0 Det [G] MD5: 73C1E1F395918BC2C6DD67AF7591A3AD PX5: 7047032880E19D2B0B4300F23A496700B79BCD14
C:\WINDOWS\system32\drivers\nwlnkipx.sys InMem: 0 Det [G] MD5: 79EA3FCDA7067977625B3363A2657C80 PX5: B455E8AE80D2C31959AC01662F7EE7009B9C1B54
C:\WINDOWS\system32\drivers\nwlnknb.sys InMem: 0 Det [G] MD5: 56D34A67C05E94E16377C60609741FF8 PX5: 04BB889700AAB944F73D0096D8122400A0912260
C:\WINDOWS\system32\drivers\nwlnkspx.sys InMem: 0 Det [G] MD5: C0BB7D1615E1ACBDC99757F6CEAF8CF0 PX5: 38D410228045AB3DDA820098A4E752008EA9780C
C:\WINDOWS\system32\drivers\nwrdr.sys InMem: 0 Det [G] MD5: 3F18D9365BE71C7B2E43B7CF4A0C1A10 PX5: 83E10CED0073D0907FCD02CE4498B500A105309E
C:\WINDOWS\system32\drivers\oprghdlr.sys InMem: 0 Det [G] MD5: 4BB30DDC53EBC76895E38694580CDFE9 PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14
C:\WINDOWS\system32\drivers\OsaFsLoc.sys InMem: 0 Det [G] MD5: 26C4A4B64D1DD8E6FDFB2F4897BE029C PX5: A95190964A62228F2F8600565128D000969D04F8
C:\WINDOWS\system32\drivers\osaio.sys InMem: 0 Det [G] MD5: 9D1177C2A8DE936B33D85FF75E8CBF1A PX5: 501745F58025402E1C38004D79DF880033CD0E68
C:\WINDOWS\system32\drivers\osanbm.sys InMem: 0 Det [G] MD5: 3245BEE5176697FAF0744A2E1288DC77 PX5: 6D9A97AAAA30B9C80FF200BC730C2D00B79BCD14
C:\WINDOWS\system32\drivers\p3.sys InMem: 0 Det [G] MD5: ACF18D9F903B29790B8F8E01535F37D4 PX5: BC6A682380C862C2B56A0022A0FE9B00ED93F9A1
C:\WINDOWS\system32\drivers\parport.sys InMem: 0 Det [G] MD5: 3490EAD0612BFD0E7C1B864EE24E6A4A PX5: 4A82394D8019443A393C017F618C1500973C174B
C:\WINDOWS\system32\drivers\partmgr.sys InMem: 0 Det [G] MD5: 3334430C29DC338092F79C38EF7B4CD0 PX5: CD5C0D6C00BC0D35496D00DCA66DE800E5B26EF9
C:\WINDOWS\system32\drivers\parvdm.sys InMem: 0 Det [G] MD5: 0DABEF655A444CB1E193626FB1D24B9F PX5: D78233F200E873FD1B40001BF0D2FD00501E1542
C:\WINDOWS\system32\drivers\pciidex.sys InMem: 0 Det [G] MD5: 520B91AB011456B940D9B05FC91108FF PX5: DD4713DB00668128625F00A6F0879B00FA781103
C:\WINDOWS\system32\drivers\perc2.sys InMem: 0 Det [G] MD5: 6C14B9C19BA84F73D3A86DBA11133101 PX5: A43AD585A01480D56AE700F494050400D8326688
C:\WINDOWS\system32\drivers\perc2hib.sys InMem: 0 Det [G] MD5: F50F7C27F131AFE7BEBA13E14A3B9416 PX5: 280C41CF809F7F2E153800F3159B7600EC8E5F7E
C:\WINDOWS\system32\drivers\portcls.sys InMem: 0 Det [G] MD5: BC6B2BC69C1E009443E8B1FE2DB96101 PX5: 4C3FDB6000983D64179702C05212D30014AEE1A4
C:\WINDOWS\system32\drivers\processr.sys InMem: 0 Det [G] MD5: 2BE7F01E46970E946AA18CBA3DE019EB PX5: AF0FBDFA005416189A000040A9FF7600B2B78287
C:\WINDOWS\system32\drivers\ql1080.sys InMem: 0 Det [G] MD5: 0A63FB54039EB5662433CABA3B26DBA7 PX5: A82C642380AE2BE59DA700943B27FD00DC447A6B
C:\WINDOWS\system32\drivers\ql10wnt.sys InMem: 0 Det [G] MD5: 6503449E1D43A0FF0201AD5CB1B8C706 PX5: 7595631F80DF50C381F200FF279FAF00F5EF7B24
C:\WINDOWS\system32\drivers\ql12160.sys InMem: 0 Det [G] MD5: 156ED0EF20C15114CA097A34A30D8A01 PX5: 36C6F79E008C7970B15D0042B56E550063C1516E
C:\WINDOWS\system32\drivers\ql1240.sys InMem: 0 Det [G] MD5: 70F016BEBDE6D29E864C1230A07CC5E6 PX5: F2BAC8600017931F9E4B00F553CCA000C43C7732
C:\WINDOWS\system32\drivers\ql1280.sys InMem: 0 Det [G] MD5: 907F0AEEA6BC451011611E732BD31FCF PX5: 0A6F8C92806C6174BFD3001253C5130062859538
C:\WINDOWS\system32\drivers\rawwan.sys InMem: 0 Det [G] MD5: 01524CD237223B18ADBB48F70083F101 PX5: 3623B25780ED679386B1006F511AA700A8DBED63
C:\WINDOWS\system32\drivers\rdpwd.sys InMem: 0 Det [G] MD5: B54CD38A9EBFBF2B3561426E3FE26F62 PX5: F059F0E3086A11EC2111023C258C8900CFC29C24
C:\WINDOWS\system32\drivers\rio8drv.sys InMem: 0 Det [G] MD5: A56FE08EC7473E8580A390BB1081CDD7 PX5: 689BF8B80051228F2F8000540597A5009049C8B5
C:\WINDOWS\system32\drivers\riodrv.sys InMem: 0 Det [G] MD5: 0A854DF84C77A0BE205BFEAB2AE4F0EC PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7
C:\WINDOWS\system32\drivers\rndismp.sys InMem: 0 Det [G] MD5: 224986203FC34BA21150CC87C4211840 PX5: 120F9F0E8086D832779500950845710097678050
C:\WINDOWS\system32\drivers\rndismpx.sys InMem: 0 Det [G] MD5: 443FEBD421787C018D657DF9E6A23EC7 PX5: 120F9F0E8086D83277950095084571009107002E
C:\WINDOWS\system32\drivers\rootmdm.sys InMem: 0 Det [G] MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7 PX5: F3E7979300A8EEA3177100743639FF0080591A18
C:\WINDOWS\system32\drivers\scsiport.sys InMem: 0 Det [G] MD5: D7FD0FF761E28AC0EA35AD71E0CD67E9 PX5: BAEDAB6C00163F8D78C6012DFF6A240038CAB5E8
C:\WINDOWS\system32\drivers\sdbus.sys InMem: 0 Det [G] MD5: 02FC71B020EC8700EE8A46C58BC6F276 PX5: BA494C87000D7A4F08B4013D43118E00EBAF0531
C:\WINDOWS\system32\drivers\serenum.sys InMem: 0 Det [G] MD5: A2D868AEEFF612E70E213C451A70CAFB PX5: 4F3C7EAD801665B83CEF00E324D68C009966C2DD
C:\WINDOWS\system32\drivers\serial.sys InMem: 0 Det [G] MD5: DBAB3260E7EB3398CB87267D1410FAD4 PX5: 84269A0C80DA4AE9020E01315B99420097A96A32
C:\WINDOWS\system32\drivers\sffdisk.sys InMem: 0 Det [G] MD5: 1D9F1BEC651815741F088A8FB88E17EE PX5: AF380F15808E7A972B3D001ABF251400652E930D
C:\WINDOWS\system32\drivers\sffp_sd.sys InMem: 0 Det [G] MD5: 586499FD312FFD7F78553F408E71682E PX5: 35A841FC0030CAF028AD002AAB39F600184DF1C4
C:\WINDOWS\system32\drivers\sfloppy.sys InMem: 0 Det [G] MD5: 0D13B6DF6E9E101013A7AFB0CE629FE0 PX5: 6884E1AE807AAB872CD300DC197E0C00B015D834
C:\WINDOWS\system32\drivers\SMCIRDA.SY_ InMem: 0 Det [G] MD5: F67092C18B1E1EE4D73447F293970A79 PX5: 741D53D2496CEC21903A00A08EFBFB00F4AFD3D1
C:\WINDOWS\system32\drivers\smclib.sys InMem: 0 Det [G] MD5: 017DAECF0ED3AA731313433601EC40FA PX5: 8A9722BD003AC63939580092009AC20088FC78D8
C:\WINDOWS\system32\drivers\sonydcam.sys InMem: 0 Det [G] MD5: ADDC9E4757A68AB60562AD3CB9C288D6 PX5: 0B9EAE4180F27A6F636900C11EF4E3002F2E7423
C:\WINDOWS\system32\drivers\sparrow.sys InMem: 0 Det [G] MD5: 83C0F71F86D3BDAF915685F3D568B20E PX5: 34EF085980E9566F4AC800ACA767DA00AD03B518
C:\WINDOWS\system32\drivers\StarOpen.sys InMem: 0 Det [G] MD5: 306521935042FC0A6988D528643619B3 PX5: 3A7574BC00CBB17816440095C402C300568EC676
C:\WINDOWS\system32\drivers\stream.sys InMem: 0 Det [G] MD5: C43356072EB3E88CD62958DB10CEAD47 PX5: E9758E5F00F11219BE3300252F112F00F38A6C5B
C:\WINDOWS\system32\drivers\symc810.sys InMem: 0 Det [G] MD5: 1FF3217614018630D0A6758630FC698C PX5: 726B03B580033B4F3FF70050993647004EA53D5F
C:\WINDOWS\system32\drivers\symc8xx.sys InMem: 0 Det [G] MD5: 070E001D95CF725186EF8B20335F933C PX5: A176C643801C41297FB00031AC7E6200A76AF5F8
C:\WINDOWS\system32\drivers\sym_hi.sys InMem: 0 Det [G] MD5: 80AC1C4ABBE2DF3B738BF15517A51F2C PX5: 71BB2597E0A078A96ED200558FFED400800CEC2F
C:\WINDOWS\system32\drivers\sym_u3.sys InMem: 0 Det [G] MD5: BF4FAB949A382A8E105F46EBB4937058 PX5: F7063075E0AC6E5A777A00060D477100337B9826
C:\WINDOWS\system32\drivers\tape.sys InMem: 0 Det [G] MD5: A2A9CA0D1A9AC1FF54220AA0789FE5CF PX5: 1278B1EF80B32A683A3F0096934CD200746C2998
C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL InMem: 0 Det [G] MD5: 90CAFF4B094573449A0872A0F919B178 PX5: 9F6EEC1C80D7CCB57E0F0545DD505C004B15302D
C:\WINDOWS\system32\drivers\tcpip6.sys InMem: 0 Det [G] MD5: DCCACDD2747ADA221AECE5C9ADA5D551 PX5: 5D79645C800A9DEE710003BFD457ED00F0D2E94E
C:\WINDOWS\system32\drivers\tdi.sys InMem: 0 Det [G] MD5: 6891B74AB9A016064E82A419388D0601 PX5: D2E197368059988748C500010EF1F2006AC8B3D9
C:\WINDOWS\system32\drivers\tdpipe.sys InMem: 0 Det [G] MD5: 38D437CF2D98965F239B0ABCD66DCB0F PX5: 3FCBC6C1086354332FFD003DE3512D00CB438F2A
C:\WINDOWS\system32\drivers\tdtcp.sys InMem: 0 Det [G] MD5: ED0580AF02502D00AD8C4C066B156BE9 PX5: 8942980688A6EF76558200032BC6D800A375DA91
C:\WINDOWS\system32\drivers\tosdvd.sys InMem: 0 Det [G] MD5: 699450901C5CCFD82357CBC531CEDD23 PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE
C:\WINDOWS\system32\drivers\toside.sys InMem: 0 Det [G] MD5: B5CEE774DA04340C6F4C0FD14286A50E PX5: 660069178081BD481391002BE0F151008E41C9CB
C:\WINDOWS\system32\drivers\tsbvcap.sys InMem: 0 Det [G] MD5: D74A8EC75305F1D3CFDE7C7FC1BD62A9 PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD
C:\WINDOWS\system32\drivers\tunmp.sys InMem: 0 Det [G] MD5: 87A0E9E18C10A9E454238E3330E2A26D PX5: CBD0AEE38035D6A5300B00CF5C419100CB427E52
C:\WINDOWS\system32\drivers\udfs.sys InMem: 0 Det [G] MD5: 12F70256F140CD7D52C58C7048FDE657 PX5: 5FD2643980FF4C93024701049FF5A900913F1B6B
C:\WINDOWS\system32\drivers\ultra.sys InMem: 0 Det [G] MD5: 1B698A51CD528D8DA4FFAED66DFC51B9 PX5: 41CE68A780B045778F98006DDDA3600052A1B522
C:\WINDOWS\system32\drivers\usb8023.sys InMem: 0 Det [G] MD5: E8983FC08B64851BBE2D4868D99AE9F7 PX5: 5DE6AA06000719C4324E00BD7F4FBD00DFF516C6
C:\WINDOWS\system32\drivers\usb8023x.sys InMem: 0 Det [G] MD5: AE4DF3B7D1DB9373B08DB4ED224E26B6 PX5: 5DE6AA06000719C4324E00BD7F4FBD00ED76E301
C:\WINDOWS\system32\drivers\usbcamd.sys InMem: 0 Det [G] MD5: 2654EECC6FB13603EBDDCD5C8EA943D1 PX5: D11C923000C0476E5DDA002FC1E34E00BC32EEBC
C:\WINDOWS\system32\drivers\usbcamd2.sys InMem: 0 Det [G] MD5: 61018BA9DF6B63E51D9753C980E73EC2 PX5: D11C923080C0476E5DDA002FC1E34E002B3DC035
C:\WINDOWS\system32\drivers\usbd.sys InMem: 0 Det [G] MD5: 596EB39B50D6EBD9B734DC4AE0544693 PX5: F328D8568037A02F12FA00A0B0E095005A1BACA9
C:\WINDOWS\system32\drivers\usbintel.sys InMem: 0 Det [G] MD5: 2853FD4C4489E0F8BFCF78EFCDB7E998 PX5: 46A2709480A8B9863E99007B5ED70B000E5AFC3D
C:\WINDOWS\system32\drivers\usbport.sys InMem: 0 Det [G] MD5: 2034CA78F9C6E787B4B76D81AC888351 PX5: A1EF174180FC34972E3902AA15903200854523B2
C:\WINDOWS\system32\drivers\vdmindvd.sys InMem: 0 Det [G] MD5: 55E01061C74A8CEFFF58DC36114A8D3F PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF
C:\WINDOWS\system32\drivers\viaide.sys InMem: 0 Det [G] MD5: 59CB1338AD3654417BEA49636457F65D PX5: 763F36E3001A65E115B100F2DCFD2A00D63490D3
C:\WINDOWS\system32\drivers\videoprt.sys InMem: 0 Det [G] MD5: D5A9D123F5ED7C9965A481BD20CF66D8 PX5: BBE87C52808D55E2379801ACFA738900C0632DEC
C:\WINDOWS\system32\drivers\volsnap.sys InMem: 0 Det [G] MD5: 698869E82C57169F2140C04A272BF12B PX5: AC3AFD0E80294768D03200EE1153E40098EF3DD1
C:\WINDOWS\system32\drivers\wmilib.sys InMem: 0 Det [G] MD5: 2F31B7F954BED437F2C75026C65CAF7B PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3
C:\WINDOWS\system32\drivers\wpdusb.sys InMem: 0 Det [G] MD5: CF4DEF1BF66F06964DC0D91844239104 PX5: E04E67C68020394F960F004FBC02B000DC6FED3C
C:\MetodoEvolus\Setupt\SetupMet.exe InMem: 0 Det [u] MD5: D68049C9E79F053211A05878790216AF PX5: 052F538100B752A7B076004901F5CA00EC238047
C:\WINDOWS\gmer.dll InMem: 0 Det [G] MD5: 47E6F2EDAAA04DD3E4303E55A00035E3 PX5: 49FC46350073A6D080870CCC7262CC0089B69073
C:\WINDOWS\gmer.exe InMem: 0 Det [G] MD5: 8CB03E445724628524A9C9BF17489A53 PX5: C8F8E9E7008F542290090BCC464D9800878FA181
C:\WINDOWS\system32\advpack.dll.mui InMem: 0 Det [G] MD5: 9CE8525C1766082857D3ACB9F01573B2 PX5: 5A12196A005E7A2E30A3009A60D51200ACCB3580
C:\WINDOWS\system32\defrag_native.exe InMem: 0 Det [u] MD5: B3EA00E4BE86D1906E82A387C40ADA47 PX5: BBFB8A8600B63BB11AA100B85F8D560072E2A2D8
C:\WINDOWS\system32\DivXCodecVersionChecker.exe InMem: 0 Det [G] MD5: A378F2C97850FBDEA78D6212DD268035 PX5: 3F29C8B5403A209C65C502F4FC359600F9E72939
C:\WINDOWS\system32\ieframe.dll.mui InMem: 0 Det [G] MD5: 5198FFAE588EAA2E66519325A821136A PX5: 7CFF633600E0BA21C0580FB2DDEACF0049B43F2E
C:\WINDOWS\system32\javacpl.cpl InMem: 0 Det [G] MD5: 88E46E21782BFAA2A558E4FBD1B0D7A9 PX5: E2629A0700F15ABB109D0113D8C36600259BF5C2
C:\WINDOWS\system32\javaw.exe InMem: 0 Det [G] MD5: 80D62C1F4C24794FF54CFE2F98BB307E PX5: C4E5ED02008194B4109E02C4245AB900A4B13B8B
C:\WINDOWS\system32\javaws.exe InMem: 0 Det [G] MD5: A84F2C13B9FF97E065E6A9E6C77FFF6A PX5: 5B6A409700FA1EA5203002AB525C97008C0B7F74
C:\WINDOWS\system32\kmd.exe InMem: 0 Det [G] MD5: 94744851B6A9BDCEFCD26CC61A6AFD12 PX5: 174F65020044C14C121406F23AA7F300C65DE81F
C:\WINDOWS\system32\MRT.exe InMem: 0 Det [G] PX5: 081B95C7783BFC0234EC0DCF1B97100199E13E71
C:\WINDOWS\system32\mssph.dll.mui InMem: 0 Det [G] MD5: 8F6FF1081B04E7C2B49B658AE4E0F315 PX5: CB398E9E0085198012DD00F33396EB00086E272E
C:\WINDOWS\system32\mssphtb.dll.mui InMem: 0 Det [G] MD5: 0D7E038E10CAB7AC0DCC543CA6231543 PX5: 5387806D00FA771F0A2D005F0CA59200B79BCD14
C:\WINDOWS\system32\mssrch.dll.mui InMem: 0 Det [G] MD5: 1F748BF3EBDDC11210A712BD931E58E5 PX5: F80467D30031E2E10C24004827F1DD00B79BCD14
C:\WINDOWS\system32\msvcr80.dll InMem: 0 Det [G] MD5: 16D7DDF3B659F7CF1CB9F4DCFF4219F0 PX5: E342A53A00B837A990F3094692D7CC00CD06DA09
C:\WINDOWS\system32\mucltui.dll.mui InMem: 0 Det [G] MD5: 0B4F08D15CAF75A5C75120B1FDE1E1AA PX5: A5CEE5C07828FA91754700AE8244D0004ACFFC69
C:\WINDOWS\system32\propsys.dll.mui InMem: 0 Det [G] MD5: EF22285FBD40F1B9E01D42F9EC684E1D PX5: 0D2C9519003E917BE0DB004568B68700A76110CC
C:\WINDOWS\system32\px.dll InMem: 0 Det [G] MD5: 7E5994B7DC6FC39DD684EACE6351477C PX5: E9F7EB80F8EFAEFC6AE108C58B0F320033617411
C:\WINDOWS\system32\pxcpya64.exe InMem: 0 Det [G] MD5: 2DC2EB8A11D9E45789FE0D25D4343CA3 PX5: E28D986DF8A5F470026801384E1F4000F0153522
C:\WINDOWS\system32\pxcpyi64.exe InMem: 0 Det [G] MD5: D08C30A3447B43DD3256F492C3F5F9EB PX5: 45A4A821F8DF3416D47201382BCE0B007002F024
C:\WINDOWS\system32\pxdrv.dll InMem: 0 Det [G] MD5: 09BA2A524D95884E2D6B973167BC696F PX5: 6E0E4E0FF870BDC2EA62071D760297001C8E4005
C:\WINDOWS\system32\pxhpinst.exe InMem: 0 Det [G] MD5: D6803420EFAA9BA2EE4C7D492AF484EB PX5: CBD6DAECF8068B391AA2012E2A5506004650773D
C:\WINDOWS\system32\pxinsa64.exe InMem: 0 Det [G] MD5: ADA396BB1BE8481A10DD789784150CBF PX5: E0CFDEB4F8DC989CFCC7002B636D950035524F35
C:\WINDOWS\system32\pxinsi64.exe InMem: 0 Det [G] MD5: 16BE6047E84614F8781110C4D10590ED PX5: 0D996220F87B1742CE24016FE4E661000DD12215
C:\WINDOWS\system32\pxmas.dll InMem: 0 Det [G] MD5: DCDB0910F1024E34D0EA92CEE3C4FCD6 PX5: 836DB537F812A5CADAC40291F5C86A00B583EE87
C:\WINDOWS\system32\pxsfs.dll InMem: 0 Det [G] MD5: 9C86B1A8F1E7A0A367A6BB432B1EE230 PX5: E494BE57F8326649DAFC18EFA7085F0073E546ED
C:\WINDOWS\system32\pxwave.dll InMem: 0 Det [G] MD5: 6E96CAAAE31B813A95585242C7A5650F PX5: 35ECB0BFF8493830CACE0562A2D49200C8E4AE96
C:\WINDOWS\system32\searchindexer.exe.mui InMem: 0 Det [G] MD5: 4FACFB61F6F020DEDCF1227C84F87855 PX5: 891028A100597D93149600FCCFEB87006F5DA82A
C:\WINDOWS\system32\SpOrder.dll InMem: 0 Det [G] MD5: 471789F182C0B60304CE19F023D8911D PX5: F3E3ED4700981ACF2C7B00E0CC4873003DC72686
C:\WINDOWS\system32\srchadmin.dll.mui InMem: 0 Det [G] MD5: 6ED604980CB0C62A9FA447CDA45E88D3 PX5: 9B82D4C4004AD155607D00A0A7F60500F4CAAE61
C:\WINDOWS\system32\tquery.dll.mui InMem: 0 Det [G] MD5: 903A8F168DC6B5FECE9C48E48EC2FDC4 PX5: 842772F800CE4B46F06903B2E86B0200506ABD39
C:\WINDOWS\system32\udefrag.dll InMem: 0 Det [u] MD5: 5D46751B7A8DDF9D3FEFBC2EA7C1BD9F PX5: 89841B2B0067F9DB56370058F22AC200247A1283
C:\WINDOWS\system32\udefrag.exe InMem: 0 Det [u] MD5: 05B94D5596F92522F11949185554DB2A PX5: 4363E68700683AE41A7B00807908AC00766DF6EB
C:\WINDOWS\system32\uxtCD.tmp InMem: 0 Det [G] MD5: 25895CC7C3F101419A9ED1BF65A8BD62 PX5: C699325A006DE65773380087211341007AF69B82
C:\WINDOWS\system32\vfpodbc.dll InMem: 0 Det [G] MD5: 294F954734F66A9BFF02B57BA4ED7D72 PX5: F4FDB68E105CB18FEB530EB906CA3300D65875D0
C:\WINDOWS\system32\vxblock.dll InMem: 0 Det [G] MD5: 830696C53228941926DE30B977869A53 PX5: 305BC730F8C72EC15A8601FDBB575400A2FC1C62
C:\WINDOWS\system32\watchdog.sys InMem: 0 Det [G] MD5: C9BF2F12C4E6C12F8A85FBA4B6BC6208 PX5: A5490EC7005C2AF84570001E79455E0011553B7B
C:\WINDOWS\system32\win32k.sys InMem: 0 Det [G] MD5: 6AFDE6C2294DB179A558377F9EB5A0F7 PX5: AF40E9838058D78E21CB1CA553259300AEAD9216
C:\WINDOWS\system32\win32k.sys.old InMem: 0 Det [G] MD5: 6AFDE6C2294DB179A558377F9EB5A0F7 PX5: AF40E9838058D78E21CB1CA553259300AEAD9216
C:\WINDOWS\system32\wuapi.dll.mui InMem: 0 Det [G] MD5: B7B1EBD53C9E861DB7A8AB7D13D8E1D8 PX5: 92E0CC095853C0C1753300650DDDAD00C0399BC2
C:\WINDOWS\system32\wuaucpl.cpl.mui InMem: 0 Det [G] MD5: 5271DCC72118B26619D1F8F4B3372A06 PX5: FD92C06C58084CD4759C00E6600FAC0065A26BA6
C:\WINDOWS\system32\wuaueng.dll.mui InMem: 0 Det [G] MD5: A9875E8F8A1852E0E325A02CE421ED36 PX5: 8F87ECF5583D62C253DE00AB7F3D51002C1F4DC0
C:\WINDOWS\system32\wucltui.dll.mui InMem: 0 Det [G] MD5: 7A5740C5A55447E88A760322334244D5 PX5: 70241DA158CC4AF1959400D2361A37006066AE07
C:\WINDOWS\system32\zenwinx.dll InMem: 0 Det [u] MD5: 4EEF11326C071F3C91D9DCF6848E8DEF PX5: 325F7253003C71311E33003B3C2E07008AB6515C
C:\WINDOWS\system32\msfeedssync.exe InMem: 0 Det [G] MD5: 330E0015B751FAFB53B6F73D30A4BBF1 PX5: FA0E4E60004D610F30FB00727688CF008D2D9800
End of PrevxCSI Log - http://www.prevx.com
Codice:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\gyohuwfw ******************* Script file located at: \??\C:\WINDOWS\system32\kdsbirox.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\drivers\core.cache.dsk deleted successfully. File C:\WINDOWS\system32\drivers\core.sys not found! Deletion of file C:\WINDOWS\system32\drivers\core.sys failed! Could not process line: C:\WINDOWS\system32\drivers\core.sys Status: 0xc0000034 File C:\WINDOWS\System32\drivers\atmepvcc.sys deleted successfully. Registry key \Registry\Machine\System\CurrentControlSet\Services\core not found! Unload of driver core failed! Could not process line: core Status: 0xc0000034 Registry key \Registry\Machine\System\CurrentControlSet\Services\core.cache not found! Unload of driver core.cache failed! Could not process line: core.cache Status: 0xc0000034 Driver atmepvcc unloaded successfully. Completed script processing. ******************* Finished! Terminate. Codice:
RkUnhooker report generator v0.7 ============================================== Rootkit Unhooker kernel version: 3.7.300.509 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >SSDT State NtCreateThread Actual Address 0xBAF02564 Hooked by: Unknown module filename NtOpenProcess Actual Address 0xBAF02550 Hooked by: Unknown module filename NtOpenThread Actual Address 0xBAF02555 Hooked by: Unknown module filename NtTerminateProcess Actual Address 0xBAF0255F Hooked by: Unknown module filename NtWriteVirtualMemory Actual Address 0xBAF0255A Hooked by: Unknown module filename ============================================== >Shadow ============================================== >Processes Process: System Process Id: 4 EPROCESS Address: 0x8A5BE7C0 Process: C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe Process Id: 104 EPROCESS Address: 0x89E20020 Process: C:\WINDOWS\system32\svchost.exe Process Id: 192 EPROCESS Address: 0x8A1C6DA0 Process: C:\WINDOWS\system32\mqtgsvc.exe Process Id: 220 EPROCESS Address: 0x88E2FDA0 Process: C:\WINDOWS\system32\ati2evxx.exe Process Id: 348 EPROCESS Address: 0x89E8AA20 Process: C:\WINDOWS\system32\svchost.exe Process Id: 368 EPROCESS Address: 0x8A4773F0 Process: C:\WINDOWS\explorer.exe Process Id: 596 EPROCESS Address: 0x89E8FA20 Process: C:\WINDOWS\system32\spoolsv.exe Process Id: 836 EPROCESS Address: 0x8A1D3C80 Process: C:\Programmi\Acer\OrbiCam\CameraAssistant.exe Process Id: 856 EPROCESS Address: 0x8A311A50 Process: C:\WINDOWS\system32\ElkCtrl.exe Process Id: 896 EPROCESS Address: 0x89FCE9C8 Process: C:\WINDOWS\system32\LVCOMSX.EXE Process Id: 920 EPROCESS Address: 0x8A32DA28 Process: C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe Process Id: 960 EPROCESS Address: 0x8A47BDA0 Process: C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe Process Id: 964 EPROCESS Address: 0x89E49D50 Process: C:\Programmi\Microsoft ActiveSync\wcescomm.exe Process Id: 980 EPROCESS Address: 0x89E569B8 Process: C:\Programmi\Avira\Avira Premium Security Suite\avguard.exe Process Id: 1004 EPROCESS Address: 0x89E5D768 Process: C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe Process Id: 1036 EPROCESS Address: 0x8A1BE9C8 Process: C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe Process Id: 1092 EPROCESS Address: 0x8A1DA738 Process: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe Process Id: 1104 EPROCESS Address: 0x8A4634B0 Process: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe Process Id: 1112 EPROCESS Address: 0x8A1E1DA0 Process: C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe Process Id: 1120 EPROCESS Address: 0x89FF3020 Process: C:\Programmi\Avira\Avira Premium Security Suite\avgnt.exe Process Id: 1180 EPROCESS Address: 0x89F7CDA0 Process: C:\WINDOWS\system32\CAP3RSK.EXE Process Id: 1228 EPROCESS Address: 0x89F38C10 Process: C:\WINDOWS\system32\ctfmon.exe Process Id: 1300 EPROCESS Address: 0x8A171DA0 Process: C:\WINDOWS\system32\alg.exe Process Id: 1420 EPROCESS Address: 0x88E49A20 Process: C:\WINDOWS\system32\smss.exe Process Id: 1424 EPROCESS Address: 0x8A3AB128 Process: C:\WINDOWS\system32\wbem\wmiprvse.exe Process Id: 1492 EPROCESS Address: 0x8A4B26B8 Process: C:\WINDOWS\system32\csrss.exe Process Id: 1500 EPROCESS Address: 0x895BD020 Process: C:\WINDOWS\system32\winlogon.exe Process Id: 1528 EPROCESS Address: 0x89ED4DA0 Process: C:\WINDOWS\system32\services.exe Process Id: 1572 EPROCESS Address: 0x89F3F9A0 Process: C:\WINDOWS\system32\lsass.exe Process Id: 1584 EPROCESS Address: 0x89E31888 Process: C:\WINDOWS\system32\ati2evxx.exe Process Id: 1740 EPROCESS Address: 0x8A390880 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1756 EPROCESS Address: 0x89E15DA0 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1864 EPROCESS Address: 0x89E61DA0 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1904 EPROCESS Address: 0x8A16EA88 Process: C:\Programmi\Ahead\InCD\incdsrv.exe Process Id: 1924 EPROCESS Address: 0x89E22DA0 Process: C:\Programmi\Ahead\InCD\InCD.exe Process Id: 1952 EPROCESS Address: 0x89FD29E0 Process: C:\Programmi\Intel\Wireless\Bin\EvtEng.exe Process Id: 2008 EPROCESS Address: 0x89F45488 Process: C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe Process Id: 2056 EPROCESS Address: 0x8A181A98 Process: C:\WINDOWS\system32\wbem\wmiprvse.exe Process Id: 2076 EPROCESS Address: 0x88F50A20 Process: C:\PROGRA~1\MI3AA1~1\rapimgr.exe Process Id: 2092 EPROCESS Address: 0x8A352568 Process: C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE Process Id: 2220 EPROCESS Address: 0x89E41DA0 Process: C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe Process Id: 2328 EPROCESS Address: 0x89F582B8 Process: C:\WINDOWS\system32\msdtc.exe Process Id: 2464 EPROCESS Address: 0x89E18DA0 Process: C:\Programmi\a-squared Free\a2service.exe Process Id: 2628 EPROCESS Address: 0x8A1D6908 Process: C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe Process Id: 2652 EPROCESS Address: 0x8A197580 Process: C:\Programmi\Avira\Avira Premium Security Suite\avfwsvc.exe Process Id: 2692 EPROCESS Address: 0x8A1DF978 Process: C:\Programmi\Avira\Avira Premium Security Suite\sched.exe Process Id: 2708 EPROCESS Address: 0x89E40DA0 Process: C:\Programmi\Avira\Avira Premium Security Suite\avesvc.exe Process Id: 2720 EPROCESS Address: 0x89EEEDA0 Process: C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe Process Id: 2740 EPROCESS Address: 0x89E19860 Process: C:\WINDOWS\system32\cisvc.exe Process Id: 2756 EPROCESS Address: 0x89EF2A50 Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe Process Id: 2828 EPROCESS Address: 0x89EF7DA0 Process: C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Process Id: 2856 EPROCESS Address: 0x89F6DDA0 Process: C:\Programmi\NDAS\System\ndassvc.exe Process Id: 2928 EPROCESS Address: 0x8A1EB510 Process: C:\Programmi\CDBurnerXP\NMSAccessU.exe Process Id: 3020 EPROCESS Address: 0x89E47488 Process: C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe Process Id: 3048 EPROCESS Address: 0x89F8F320 Process: C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe Process Id: 3140 EPROCESS Address: 0x89F48860 Process: C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe Process Id: 3156 EPROCESS Address: 0x8A3075A8 Process: C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe Process Id: 3200 EPROCESS Address: 0x89F96C00 Process: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe Process Id: 3244 EPROCESS Address: 0x88F4C3B8 Process: C:\WINDOWS\system32\svchost.exe Process Id: 3260 EPROCESS Address: 0x89E1BBE0 Process: C:\WINDOWS\system32\wuauclt.exe Process Id: 3372 EPROCESS Address: 0x88E19AE0 Process: C:\WINDOWS\system32\mqsvc.exe Process Id: 3376 EPROCESS Address: 0x89F2ADA0 Process: C:\Programmi\Avira\Avira Premium Security Suite\avmailc.exe Process Id: 3556 EPROCESS Address: 0x895B9860 Process: C:\Programmi\Avira\Avira Premium Security Suite\avwebgrd.exe Process Id: 3928 EPROCESS Address: 0x88E30888 Process: C:\Documents and Settings\Alberto\Desktop\rku37300509.exe Process Id: 3340 EPROCESS Address: 0x88F2C698 ============================================== >Drivers Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xB114B000 Size: 4636672 bytes Driver: C:\WINDOWS\System32\ati3duag.dll Address: 0xBFA87000 Size: 2519040 bytes Driver: C:\WINDOWS\system32\drivers\lvmvdrv.sys Address: 0xB0A6F000 Size: 2400256 bytes Driver: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2146304 bytes Driver: PnpManager Address: 0x804D7000 Size: 2146304 bytes Driver: RAW Address: 0x804D7000 Size: 2146304 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2146304 bytes Driver: Win32k Address: 0xBF800000 Size: 1847296 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 bytes Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Address: 0xB99AA000 Size: 1470464 bytes Driver: C:\WINDOWS\system32\DRIVERS\w39n51.sys Address: 0xB9814000 Size: 1429504 bytes Driver: C:\WINDOWS\System32\ativvaxx.dll Address: 0xBFCEE000 Size: 1105920 bytes Driver: C:\WINDOWS\System32\Drivers\lv321av.sys Address: 0xB0965000 Size: 1089536 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys Address: 0xB0E5A000 Size: 999424 bytes Driver: C:\WINDOWS\system32\DRIVERS\btkrnl.sys Address: 0xB9689000 Size: 839680 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys Address: 0xB0DA9000 Size: 724992 bytes Driver: Ntfs.sys Address: 0xBA64F000 Size: 577536 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xB06F4000 Size: 454656 bytes Driver: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB95D7000 Size: 364544 bytes Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xB08C1000 Size: 360448 bytes Driver: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xAD699000 Size: 335872 bytes Driver: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 bytes Driver: C:\WINDOWS\System32\ati2dvag.dll Address: 0xBF9D5000 Size: 270336 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xAD7C5000 Size: 266240 bytes Driver: C:\WINDOWS\System32\ati2cqag.dll Address: 0xBFA17000 Size: 237568 bytes Driver: C:\WINDOWS\System32\atikvmag.dll Address: 0xBFA51000 Size: 221184 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys Address: 0xB0F4E000 Size: 204800 bytes Driver: C:\WINDOWS\system32\drivers\RMCast.sys Address: 0xAD54F000 Size: 204800 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB9630000 Size: 200704 bytes Driver: C:\WINDOWS\system32\DRIVERS\SynTP.sys Address: 0xB9779000 Size: 192512 bytes Driver: ACPI.sys Address: 0xBA779000 Size: 188416 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xAE1CB000 Size: 184320 bytes Driver: NDIS.sys Address: 0xBA622000 Size: 184320 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xB0763000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xB0878000 Size: 163840 bytes Driver: C:\WINDOWS\system32\drivers\tifm21.sys Address: 0xB97A8000 Size: 163840 bytes Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xB9971000 Size: 151552 bytes Driver: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xB9756000 Size: 143360 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB97D0000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xB082E000 Size: 139264 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB0F80000 Size: 139264 bytes Driver: C:\WINDOWS\system32\DRIVERS\b57xp32.sys Address: 0xB97F3000 Size: 135168 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xB08A0000 Size: 135168 bytes Driver: ACPI_HAL Address: 0x806E3000 Size: 134400 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x806E3000 Size: 134400 bytes Driver: fltMgr.sys Address: 0xBA6F3000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xBA72B000 Size: 126976 bytes Driver: C:\WINDOWS\system32\DRIVERS\lfsfilt.sys Address: 0xB06D6000 Size: 122880 bytes Driver: pcmcia.sys Address: 0xBA74A000 Size: 122880 bytes Driver: lpx.sys Address: 0xBA607000 Size: 110592 bytes Driver: Mup.sys Address: 0xBA5EC000 Size: 110592 bytes Driver: C:\WINDOWS\System32\Drivers\InCDfs.SYS Address: 0xB092C000 Size: 102400 bytes Driver: atapi.sys Address: 0xBA713000 Size: 98304 bytes Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB0696000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xBA6DC000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB9672000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\irda.sys Address: 0xAE428000 Size: 90112 bytes Driver: C:\WINDOWS\System32\Drivers\SENTINEL.SYS Address: 0xAD946000 Size: 86016 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xAE0C6000 Size: 86016 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB9996000 Size: 81920 bytes Driver: C:\Programmi\Avira\Avira Premium Security Suite\avgntflt.sys Address: 0xADA73000 Size: 77824 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xB0919000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C3000 Size: 73728 bytes Driver: C:\WINDOWS\system32\drivers\mqac.sys Address: 0xAD7B3000 Size: 73728 bytes Driver: pci.sys Address: 0xBA768000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB9661000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\avfwot.sys Address: 0xB9C2B000 Size: 65536 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBA9E8000 Size: 65536 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xBAAC8000 Size: 61440 bytes Driver: hqajfomm.sys Address: 0xBA8E8000 Size: 61440 bytes Driver: ohci1394.sys Address: 0xBA8B8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xBA9A8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xAE3E0000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBAAE8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\avfwim.sys Address: 0xBA9C8000 Size: 57344 bytes Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys Address: 0xB9BFB000 Size: 57344 bytes Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xBA978000 Size: 57344 bytes Driver: C:\WINDOWS\system32\drivers\lvusbsta.sys Address: 0xB9C5B000 Size: 57344 bytes Driver: VolSnap.sys Address: 0xBA8F8000 Size: 57344 bytes Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS Address: 0xBA8C8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xBA998000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA918000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xBAA28000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xBAA48000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\smcirda.sys Address: 0xBA968000 Size: 49152 bytes Driver: C:\WINDOWS\System32\Drivers\STREAM.SYS Address: 0xB9C4B000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xBA988000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xBA8D8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xBAA38000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xBA958000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndasbus.sys Address: 0xBAA78000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBAA88000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBAA68000 Size: 40960 bytes Driver: disk.sys Address: 0xBA908000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xB9C0B000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xB9C6B000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\incdrm.SYS Address: 0xBA9B8000 Size: 36864 bytes Driver: isapnp.sys Address: 0xBA8A8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xBAA58000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xB9C1B000 Size: 36864 bytes Driver: PxHelp20.sys Address: 0xBA928000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xB9C3B000 Size: 36864 bytes Driver: C:\WINDOWS\System32\DRIVERS\InCDPass.sys Address: 0xBAC60000 Size: 32768 bytes Driver: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xBAC88000 Size: 32768 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBAB68000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xBAC90000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBAC50000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xBAB28000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS Address: 0xBACA8000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBAC48000 Size: 28672 bytes Driver: C:\WINDOWS\system32\drivers\btserial.sys Address: 0xBAC18000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBAC58000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS Address: 0xBAC10000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys Address: 0xBAB80000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\StarOpen.SYS Address: 0xBAB70000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBAB48000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\AegisP.sys Address: 0xBABB8000 Size: 20480 bytes Driver: C:\WINDOWS\system32\drivers\LVPrcMon.sys Address: 0xBABC0000 Size: 20480 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBAB60000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xBAB30000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBAC78000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasirda.sys Address: 0xBAC70000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBAC80000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBAB38000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBAC40000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xBAB98000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\BATTC.SYS Address: 0xBACC0000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\CmBatt.sys Address: 0xBA5B8000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys Address: 0xAD84A000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xBA321000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xAE53E000 Size: 16384 bytes Driver: C:\WINDOWS\System32\Drivers\RAINPORT.SYS Address: 0xADA6B000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\s24trans.sys Address: 0xAE55E000 Size: 16384 bytes Driver: ACPIEC.sys Address: 0xBACC4000 Size: 12288 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBACB8000 Size: 12288 bytes Driver: compbatt.sys Address: 0xBACBC000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB0CD9000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xBAD6C000 Size: 12288 bytes Driver: C:\WINDOWS\System32\Drivers\InCDrec.SYS Address: 0xBAD7C000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\irenum.sys Address: 0xBA5C4000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xBAD74000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBA5AC000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xBAD80000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys Address: 0xBA5B4000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys Address: 0xBAD94000 Size: 12288 bytes Driver: C:\Programmi\Avira\Avira Premium Security Suite\avgio.sys Address: 0xBADFC000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBADEA000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBADFE000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBADE6000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xBADDE000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBADA8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBADF4000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBADF6000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBADD6000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBADD4000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xBADAA000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBAFAE000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBAF2F000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBAFB0000 Size: 4096 bytes Driver: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Address: 0xBAE71000 Size: 4096 bytes Driver: pciide.sys Address: 0xBAE70000 Size: 4096 bytes ============================================== >Stealth ============================================== >Files Suspect File: C:\Documents and Settings\Alberto\antispam.log Status: Hidden Suspect File: C:\Documents and Settings\Alberto\Impostazioni locali\Temporary Internet Files\Content.IE5\R9XM6UBW\1194263279[1].htm::$DATA Status: Hidden Suspect File: C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012008020620080207\index.dat Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010002.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010002.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010007.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010007.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010008.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010008.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010009.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\00010009.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\0001000A.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\0001000A.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\0001000B.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\0001000B.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\0001000C.ci Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\0001000C.dir Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\CiFLfffd.000 Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\CiFLfffd.001 Status: Hidden Suspect File: C:\System Volume Information\catalog.wci\CiFLfffd.002 Status: Hidden Suspect File: C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-0DCA5C00.pf Status: Hidden Suspect File: C:\WINDOWS\system32\CatRoot2\tmp.edb Status: Hidden Suspect File: C:\WINDOWS\temp\Cookies\[email protected][1].txt Status: Hidden Suspect File: C:\WINDOWS\temp\Cookies\[email protected][2].txt Status: Hidden Suspect File: C:\WINDOWS\temp\Cookies\index.dat Status: Hidden Suspect File: C:\WINDOWS\temp\History\History.IE5\desktop.ini Status: Hidden Suspect File: C:\WINDOWS\temp\History\History.IE5\index.dat Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\buttonstats[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\desktop.ini Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\en_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\it_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\latestthreats_en[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\level_1[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\menu_sep[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\red_arrow[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\ru_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\search[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\15934LSV\topMenuBgd_sand[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\desktop.ini Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\double_arrow[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\en_gray_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\html_infected.webpage.gen[1].htm Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\ico_print[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\index[1].htm Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\info[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\pt_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\red_arrow_down[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\rssfeeds_en[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\top_picture_en[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SII3VYBX\v2_dot[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\alertspanel_en[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\desktop.ini Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\de_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\es_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\it_gray_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\jp_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\level_3[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\logo_web[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\spacer[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\virus_science[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\T02ZLCGR\v_dot[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\av_vdl_style[1].css Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\desktop.ini Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\front[1].css Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\fr_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\html_infected.webpage.gen[1].htm Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\level_2[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\removal_tool(1)[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\ro_small[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\rss[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\sand[1].jpg Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\submit_blue[1].gif Status: Hidden Suspect File: C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XXWQ3MQV\topthreats_en[1].gif Status: Hidden ============================================== >Hooks ntkrnlpa.exe+0x0006DEBE, Type: Inline - RelativeJump at address 0x80544EBE hook handler located in [ntkrnlpa.exe] |
|
|
|
|
06-02-2008, 19:08
|
#15 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Hai rifatto la scansione con SpyBot ti segnala ancora la presenza di SmitFraud?
__________________
Try again and you will be luckier.
|
|
|
|
|
06-02-2008, 19:08
|
#16 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
...ho inviato i log di Prevx CSI, Avenger e RootkitUnhooker al seguente link: http://www.fileup.itadib.com/downloa...tNqyQxqbzSHDda
La voce "O4 - Global Startup: StartUpMet.lnk = C:\MetodoEvolus\Setupt\SetupMet.exe" fa riferimento ad un programma gestionale ERP... è Ok... Grazie ancora... |
|
|
|
|
06-02-2008, 19:14
|
#17 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Leggi post #15
__________________
Try again and you will be luckier.
|
|
|
|
|
06-02-2008, 19:36
|
#18 |
|
Junior Member
Iscritto dal: Jun 2007
Messaggi: 7
|
...perfetto è sparito del tutto!
Grazie mille dell'assistenza prestata... |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 18:28.
