|
|||||||
|
|
|
 |
|
|
Strumenti |
13-11-2007, 19:40
|
#1 |
|
Member
Iscritto dal: Aug 2007
Messaggi: 72
|
[win XP] Problema networm-i.virus@fp
Ciao a tutti..ho un problema cn uno spyware (credo) che mi tortura con messaggi nella barra applicazione di computer infetto, e mi apre pagine web. mi crea sul desktop anche Live safety center ... spero che sia stato chiaro, ecco il log di hijackthis:
Ultima modifica di Gogeta1 : 13-11-2007 alle 20:12. |
|
|
|
13-11-2007, 20:00
|
#2 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
dai un occhio a questo thread:
http://www.hwupgrade.it/forum/showthread.php?t=1593964 ti consiglio cmq di seguire la procedure inbdicata nelle Regole di Sezione che già con quella debelli il tuo problema 
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
13-11-2007, 20:45
|
#3 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Questo è il terzo che ha a che fare con infezioni legate a VirtuMonde/Vundo. Che sia in giro una nuova variante?
Comunque prima di fixare le voci di hijackthis usa il seguente removal tool: VundoFix: http://www.atribune.org/ccount/click.php?id=4 Al riavvio esegui anche quest'altro tool: Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe Infine installa HiJackThis 2.0.2 e allega i log di vundofix (lo trovi in c:\vundofix.txt), combofix (lo trovi in c:\combofix.txt) e hijackthis.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
 |
|
|
|
|
14-11-2007, 17:44
|
#4 |
|
Member
Iscritto dal: Aug 2007
Messaggi: 72
|
ok, faccio come dici tu...inizio la scanzione cn vundofix..speriamo in bene, nn ce la faccio +
|
|
|
|
|
14-11-2007, 17:47
|
#5 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Stando agli sviluppi in quest'altro post probabilmente dovrai ricorrere a PREVX 2.0. Comunque vediamo cosa ne esce fuori con quei tool.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
14-11-2007, 18:08
|
#6 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
E avanti con gli ADS infetti
__________________
Try again and you will be luckier.
|
|
|
|
|
14-11-2007, 18:47
|
#7 |
|
Member
Iscritto dal: Aug 2007
Messaggi: 72
|
grazie mille nuz, con i tools che mi hai passato non c'è + nemmeno la traccia di un virus, ecco il log di combofix
Codice:
ComboFix 07-11-08.3 - Simone 2007-11-14 18.16.25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.59 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Simone\Documenti\Downloads\Programs\ComboFix.exe
.
Impossibile acquisire privilegi di Sistema
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk
C:\Documents and Settings\Piero\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Piero\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Piero\Preferiti\Online Security Guide.lnk
C:\Documents and Settings\Simone\Preferiti\Online Security Guide.lnk
C:\Programmi\VideoAccessCodec
C:\Programmi\VideoAccessCodec\install.ico
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\kthemup.exe
C:\WINDOWS\msmhost.dll
C:\WINDOWS\nssfrch.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\system32\gjllm.tmp
C:\WINDOWS\system32\isufpuwl.dllbox
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\jumper83122.exe
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\o4
C:\WINDOWS\system32\o4\revdrive33b.exe
C:\WINDOWS\system32\pac.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Creati Da 2007-10-14 al 2007-11-14 )))))))))))))))))))))))))))))))))))
.
2007-11-14 18:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 17:43 <DIR> d-------- C:\VundoFix Backups
2007-11-14 10:32 <DIR> d-------- C:\Documents and Settings\Piero\Dati applicazioni\Leadertech
2007-11-13 21:56 85,056 --a------ C:\WINDOWS\system32\ylgdrkjg.dll
2007-11-13 21:53 80,448 --a------ C:\WINDOWS\system32\hxmhjeox.dll
2007-11-13 20:42 <DIR> d-------- C:\Programmi\a-squared Free
2007-11-13 19:39 80,448 --a------ C:\WINDOWS\system32\aqdapgek.dll
2007-11-13 17:28 <DIR> d-------- C:\Programmi\LucasArts
2007-11-13 16:04 <DIR> d-------- C:\Programmi\SecondLife
2007-11-12 19:41 81,472 --a------ C:\WINDOWS\system32\csnqajaq.dll
2007-11-12 19:39 89,664 --a------ C:\WINDOWS\system32\qqlwdnrs.dll
2007-11-12 19:37 71,232 --a------ C:\WINDOWS\system32\xabhvcxd.exe
2007-11-11 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2007-11-11 14:22 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-11-11 14:22 <DIR> d-------- C:\Documents and Settings\Simone\Dati applicazioni\SUPERAntiSpyware.com
2007-11-11 14:10 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-11-11 13:18 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 13:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 13:18 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 13:18 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 13:18 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-10 21:45 <DIR> d-------- C:\Documents and Settings\Simone\Dati applicazioni\Lavasoft
2007-11-10 21:44 <DIR> d-------- C:\Programmi\Lavasoft
2007-11-10 20:41 7,548,201 --a------ C:\WINDOWS\Heroes_T.scr
2007-11-10 20:41 235,584 --a------ C:\WINDOWS\uninstall Heroes_T.exe
2007-11-10 20:35 85,056 --a------ C:\WINDOWS\system32\dpvleixc.dll
2007-11-10 19:23 36,352 --a------ C:\WINDOWS\system32\opnmkij.dll
2007-11-10 19:23 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-10 19:22 <DIR> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-10 19:22 <DIR> d-------- C:\Temp\abW9
2007-11-10 19:22 <DIR> d-------- C:\Temp
2007-11-10 19:22 35,840 --a------ C:\WINDOWS\mrofinu572.exe
2007-11-07 17:56 <DIR> d-------- C:\Documents and Settings\Simone\Dati applicazioni\Ahead
2007-11-07 16:53 <DIR> d-------- C:\Documents and Settings\Pippo\Dati applicazioni\Ahead
2007-11-07 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2007-11-07 16:46 2,293,760 --------- C:\WINDOWS\UNNeroVision.exe
2007-11-07 16:46 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-07 16:46 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-03 20:07 402,314 --a------ C:\WINDOWS\Bid For Power Uninstaller.exe
2007-11-03 15:17 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-11-03 15:17 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-11-03 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
2007-11-03 15:16 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2007-11-03 15:14 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-03 15:13 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-11-03 15:13 <DIR> d-------- C:\Programmi\File comuni\MAGIX Shared
2007-11-03 15:13 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-11-03 15:13 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-11-03 15:13 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-11-03 15:13 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-11-03 15:12 <DIR> d-------- C:\Programmi\CyberLink
2007-11-02 19:10 <DIR> d-------- C:\Programmi\Telecom Italia
2007-11-02 19:10 <DIR> d-------- C:\Programmi\Alice
2007-11-02 19:10 27,264 --a------ C:\WINDOWS\system32\drivers\rndismpk.sys
2007-11-02 19:10 11,136 --a------ C:\WINDOWS\system32\drivers\usb8023k.sys
2007-11-02 10:38 <DIR> d-------- C:\Programmi\Philips Semiconductors
2007-11-02 10:36 45,056 --a------ C:\WINDOWS\p3xunist.exe
2007-11-02 10:35 <DIR> d-------- C:\Programmi\MSI
2007-11-02 10:35 670,592 -ra------ C:\WINDOWS\system32\drivers\3xHybrid.sys
2007-11-02 10:35 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-02 10:35 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-02 10:35 3,072 -ra------ C:\WINDOWS\system32\34CoInstaller.dll
2007-11-02 10:34 <DIR> d--h----- C:\Documents and Settings\Account Reloaded\Risorse di stampa
2007-11-02 10:34 <DIR> d--h----- C:\Documents and Settings\Account Reloaded\Risorse di rete
2007-11-02 10:34 <DIR> dr------- C:\Documents and Settings\Account Reloaded\Preferiti
2007-11-02 10:34 <DIR> d--h----- C:\Documents and Settings\Account Reloaded\Modelli
2007-11-02 10:34 <DIR> dr------- C:\Documents and Settings\Account Reloaded\Menu Avvio
2007-11-02 10:34 <DIR> d--h----- C:\Documents and Settings\Account Reloaded\Impostazioni locali
2007-11-02 10:34 <DIR> dr------- C:\Documents and Settings\Account Reloaded\Documenti
2007-11-02 10:34 <DIR> dr-h----- C:\Documents and Settings\Account Reloaded\Dati applicazioni
2007-10-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2007-10-28 17:19 <DIR> d-------- C:\Programmi\File comuni\Thraex Software
2007-10-28 16:19 <DIR> d-------- C:\Programmi\Codemasters
2007-10-27 16:11 <DIR> d-------- C:\Programmi\SiSoftware
2007-10-26 16:43 <DIR> d-------- C:\Programmi\Apple Software Update
2007-10-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-10-24 18:25 290,816 --a------ C:\WINDOWS\movctrlswd.dll
2007-10-24 18:03 <DIR> d-------- C:\Documents and Settings\Piero\Dati applicazioni\OpenOffice.org2
2007-10-24 17:40 <DIR> d-------- C:\Programmi\Smart Projects
2007-10-24 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-10-24 12:52 <DIR> d-------- C:\Programmi\DAP
2007-10-23 18:48 <DIR> d-------- C:\Programmi\Sfoglia Giornale
2007-10-23 15:44 <DIR> d-------- C:\Programmi\Radical Games
2007-10-22 17:09 <DIR> d-------- C:\Programmi\LittleFighter2
2007-10-21 18:15 <DIR> d-------- C:\Programmi\File comuni\DirectX
2007-10-21 18:08 <DIR> d-------- C:\Program Files
2007-10-21 18:06 0 --a------ C:\WINDOWS\PowerReg.dat
2007-10-20 06:24 <DIR> d-------- C:\Documents and Settings\Simone\Dati applicazioni\OpenOffice.org2
2007-10-19 18:27 <DIR> d-------- C:\Documents and Settings\Simone\Dati applicazioni\Sports Interactive
2007-10-19 17:22 <DIR> d--h----- C:\Programmi\Zero G Registry
2007-10-19 17:22 <DIR> d-------- C:\Programmi\Sports Interactive
2007-10-19 17:21 <DIR> d--h----- C:\Documents and Settings\Simone\InstallAnywhere
2007-10-19 17:13 <DIR> d-------- C:\Documents and Settings\Simone\Dati applicazioni\ScanSoft
2007-10-19 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2007-10-19 15:00 <DIR> d-------- C:\Programmi\Infogrames
2007-10-17 19:14 <DIR> d-------- C:\Programmi\directx
2007-10-15 20:33 <DIR> d-------- C:\Documents and Settings\Simone\amsn
2007-10-14 18:46 <DIR> dr-h----- C:\Documents and Settings\Simone\Dati applicazioni\SecuROM
2007-10-14 18:45 <DIR> d-------- C:\Programmi\Hasbro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 17:10 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\DMCache
2007-11-14 17:05 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\uTorrent
2007-11-14 14:11 --------- d-----w C:\Programmi\Xfire
2007-11-14 13:56 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\Xfire
2007-11-13 16:28 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-09 18:49 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-09 09:11 --------- d-----w C:\Programmi\Ahead
2007-11-09 08:34 --------- d-----w C:\Programmi\hugo
2007-11-07 16:00 --------- d-----w C:\Documents and Settings\Pippo\Dati applicazioni\OpenOffice.org2
2007-11-03 19:06 --------- d-----w C:\Programmi\Bid For Power
2007-11-03 15:23 --------- d-----w C:\Programmi\Rockstar Games
2007-11-03 14:54 --------- d-----w C:\Programmi\Half-Life 2
2007-11-02 18:58 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\Hamachi
2007-10-27 14:33 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\IDM
2007-10-27 14:32 --------- d-----w C:\Programmi\Internet Download Manager
2007-10-26 15:47 --------- d-----w C:\Programmi\QuickTime Alternative
2007-10-26 15:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-10-24 17:18 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-10-24 16:54 --------- d-----w C:\Programmi\C6 Messenger
2007-10-21 15:55 --------- d-----w C:\Programmi\KaraFun
2007-10-21 12:57 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-10-17 13:37 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-13 11:47 --------- d-----w C:\Programmi\eMule
2007-10-13 11:20 --------- d-----w C:\Programmi\Alwil Software
2007-10-07 17:15 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\Leadertech
2007-10-07 14:48 --------- d-----w C:\Documents and Settings\Pippo\Dati applicazioni\DivX
2007-10-07 14:09 --------- d-----w C:\Programmi\Canon
2007-10-07 13:52 --------- d-----w C:\Documents and Settings\Pippo\Dati applicazioni\Leadertech
2007-10-07 13:18 --------- d--h--w C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2007-10-07 12:57 --------- d-----w C:\Programmi\File comuni\ScanSoft Shared
2007-10-07 12:57 --------- d-----w C:\Documents and Settings\Pippo\Dati applicazioni\ScanSoft
2007-10-07 12:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SSScanWizard
2007-10-07 12:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SSScanAppDataDir
2007-10-07 12:56 --------- d-----w C:\Programmi\ScanSoft
2007-10-07 12:55 --------- d-----w C:\Programmi\ArcSoft
2007-10-04 19:50 --------- d-----w C:\Programmi\MAIET
2007-09-30 14:25 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\eMule
2007-09-30 12:26 --------- d-----w C:\Programmi\Alice ti aiuta
2007-09-29 11:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2007-09-29 11:21 --------- d-----w C:\Programmi\File comuni\Adobe
2007-09-29 11:21 --------- d-----w C:\Programmi\Bonjour
2007-09-28 19:59 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2007-09-28 12:48 --------- d-----w C:\Programmi\Google
2007-09-27 18:41 --------- d-----w C:\Programmi\DAEMON Tools Pro
2007-09-27 17:06 --------- d-----w C:\Programmi\MessengerDiscovery
2007-09-27 12:56 --------- d-----w C:\Programmi\DAEMON Tools
2007-09-27 12:26 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\DAEMON Tools Pro
2007-09-26 18:04 --------- d-----w C:\Programmi\Evolution 1
2007-09-26 13:22 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-09-26 13:22 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-09-26 13:20 --------- d-----w C:\Programmi\Ligos
2007-09-24 15:13 --------- d-----w C:\Programmi\MSN Messenger
2007-09-24 15:13 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-09-24 14:04 --------- d-----w C:\Programmi\Torbutton
2007-09-24 13:10 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\InstallShield
2007-09-24 12:42 --------- d-----w C:\Documents and Settings\Simone\Dati applicazioni\Media Player Classic
2007-09-23 06:38 --------- d-----w C:\Documents and Settings\Pippo\Dati applicazioni\MEGAUPLOADTOOLBAR
2007-09-21 18:31 --------- d-----w C:\Documents and Settings\Piero\Dati applicazioni\MEGAUPLOADTOOLBAR
2007-09-20 16:55 --------- d-----w C:\Programmi\TechSmith
2007-09-20 16:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TechSmith
2007-09-18 10:22 --------- d-----w C:\Programmi\platform
2007-09-17 14:41 --------- d-----w C:\Programmi\Electronic Arts
2007-09-16 10:48 --------- d-----w C:\Programmi\Hamachi
2007-09-16 10:47 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-16 10:05 --------- d-----w C:\Programmi\Call Of Juarez
2007-09-15 18:33 --------- d-----w C:\Programmi\Project64 1.6
2007-09-14 08:11 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2007-09-13 10:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-11 09:30 22,328 ----a-w C:\Documents and Settings\Simone\Dati applicazioni\PnkBstrK.sys
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-24 14:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021DE284-A554-4A70-A791-397F4D58BD16}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E606E1B-E00D-4BC6-A31C-0F1A4E758067}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266a1626-f490-461d-975a-2497a19474a8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26BFC9FD-088D-440F-90BD-68C38271D95A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31e81ffd-54f4-469b-9680-e25acd73f44b}]
2007-11-13 21:53 80448 --a------ C:\WINDOWS\system32\hxmhjeox.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DCFB750-C93C-4F20-90CD-41F9A0223861}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53d3c573-7a65-476a-a3e9-4de6f4e16903}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64DE95E5-0A25-4DD9-A472-97BC1D419101}]
2007-10-24 14:59 290816 --a------ C:\WINDOWS\movctrlswd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B51B2EF-AEFA-48EE-977E-8994C084C864}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A184A961-58CA-45D0-911D-C672E867B049}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8C2344E-49B7-4526-A620-B39ECB6CB977}]
C:\Programmi\ComPlus Applications\mepovyzC:\WINDOWS\system32\k1\jumper83122.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C68E0C6B-B177-4B97-962C-5DABCAE07C4D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B}"= C:\WINDOWS\nssfrch.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B}]
[HKEY_CLASSES_ROOT\nssfrch.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{F1D3D0FE-0453-43F6-AD98-D252E41E84A7}]
[HKEY_CLASSES_ROOT\nssfrch.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 15:05]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Steam"="" []
"Fraps"="C:\FRAPS\FRAPS.EXE" [2004-07-29 19:17]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"IDMan"="C:\Programmi\Internet Download Manager\IDMan.exe" [2007-10-27 15:33]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\Documents and Settings\Simone\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
TV Remote Control.lnk - C:\Programmi\MSI\TV@Anywhere Utilities\P3XRCtl.exe [2007-11-02 10:35:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isufpuwl]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnolj]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pippo^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Pippo\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Simone^Menu Avvio^Programmi^Esecuzione automatica^Xfire.lnk]
path=C:\Documents and Settings\Simone\Menu Avvio\Programmi\Esecuzione automatica\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Programmi\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CM-SmWizard]
C:\WINDOWS\System\SmWizard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
C:\Programmi\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmi\QuickTime Alternative\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S0 xwfmjoub;xwfmjoub;C:\WINDOWS\system32\drivers\crtjkbwi.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programmi\MSI\MAGIX\Common\Database\bin\fbserver.exe
S3 XDva032;XDva032;\??\C:\WINDOWS\system32\XDva032.sys
.
Contenuto della cartella 'Scheduled Tasks'
"2007-10-26 15:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 18:42:35
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2007-11-14 18:44:20
.
--- E O F ---
|
|
|
|
|
14-11-2007, 18:50
|
#8 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Prima di cantare vittoria allega un nuovo log di Hijackthis.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
14-11-2007, 18:50
|
#9 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Allega un nuovo log di HJT
__________________
Try again and you will be luckier.
|
|
|
|
|
14-11-2007, 18:53
|
#10 |
|
Member
Iscritto dal: Aug 2007
Messaggi: 72
|
ecco quì, cmq il computer ora va una scheggia
|
|
|
|
|
14-11-2007, 18:58
|
#11 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Aspetta che ce ne sono di cose da sistemare.
Inizia col fixare: O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - (no file) O2 - BHO: (no name) - {021DE284-A554-4A70-A791-397F4D58BD16} - (no file) O2 - BHO: (no name) - {0E606E1B-E00D-4BC6-A31C-0F1A4E758067} - (no file) O2 - BHO: (no name) - {266a1626-f490-461d-975a-2497a19474a8} - (no file) O2 - BHO: (no name) - {26BFC9FD-088D-440F-90BD-68C38271D95A} - (no file) O2 - BHO: {b44f37dc-a52e-0869-b964-4f45dff18e13} - {31e81ffd-54f4-469b-9680-e25acd73f44b} - C:\WINDOWS\system32\hxmhjeox.dll O2 - BHO: (no name) - {3DCFB750-C93C-4F20-90CD-41F9A0223861} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: (no name) - {53d3c573-7a65-476a-a3e9-4de6f4e16903} - (no file) O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll O2 - BHO: (no name) - {6B51B2EF-AEFA-48EE-977E-8994C084C864} - (no file) O2 - BHO: (no name) - {A184A961-58CA-45D0-911D-C672E867B049} - (no file) O2 - BHO: (no name) - {B8C2344E-49B7-4526-A620-B39ECB6CB977} - C:\Programmi\ComPlus Applications\mepovyzC:\WINDOWS\system32\k1\jumper83122.exe.dll (file missing) O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O2 - BHO: (no name) - {C68E0C6B-B177-4B97-962C-5DABCAE07C4D} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll (file missing) O15 - Trusted Zone: *.onerateld.com (HKLM) O20 - Winlogon Notify: isufpuwl - C:\WINDOWS\ O20 - Winlogon Notify: qomnolj - C:\WINDOWS\ Dopo che hai fatto ciò fai un'altro log e allegalo. Altra cosa, in caso me ne dimenticassi, quando sarai pulito (o se sarà necessario in seguito) ti consiglio anche di sostituire Avast con Antivir.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
Ultima modifica di Nuz : 14-11-2007 alle 19:09. |
|
|
|
|
14-11-2007, 19:07
|
#12 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Magari se usi un colore diverso eviti anche di fargli perdere 2 diottrie
edit: così va meglio
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 14-11-2007 alle 19:11. |
|
|
|
|
14-11-2007, 19:10
|
#13 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Quote:
 in effetti. Ho sistemato.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
|
10-02-2008, 21:58
|
#14 |
|
Junior Member
Iscritto dal: Feb 2008
Messaggi: 13
|
ciao....anche io l'ho beccato
e fatto i passi suggeriti.
dopo vundo e combi fix sembra tutto a posto. Posto i risultati dei log per sicurezza e una dopmanda: quando girra hj, dopo mi chiede cosa fare dei risultati: una delle opzioni e il fix... ma precisamente significare bloccare? e io che faccio: li saeleziono e blocco??? grazie chicco |
|
|
|
|
10-02-2008, 23:09
|
#15 | ||
|
Bannato
Iscritto dal: Oct 2007
Città: Palermo
Messaggi: 4623
|
ciao
vundofix l'hai fatto girare? dovrebbe aver prodotto un log... cosa mi sai dire di questo programma: Quote:
Quote:
http://www.trendsecure.com/portal/en...HJTInstall.exe |
||
|
|
|
|
11-02-2008, 10:22
|
#16 |
|
Junior Member
Iscritto dal: Feb 2008
Messaggi: 13
|
ciao.
la cartella che contiene netproject è la cartella infetta, con dentro svariati applicativi tra cui quello che va nella toolbar. per ora l'ho solo spostata nel cestino, ma non so se basta. ho rifatto girare hj e fixato quelle voci. che significa fixare ?!?! 
|
|
|
|
|
11-02-2008, 10:34
|
#17 | |
|
Bannato
Iscritto dal: Oct 2007
Città: Palermo
Messaggi: 4623
|
Quote:
come nn sai cosa significa fixare? scherzavi? posta un nuovo log di hijackthis, con l'ultima versione, ti ho fornito il link.... il file zip lo devi estrarre su una sua cartella dedicata.... |
|
|
|
|
|
11-02-2008, 14:50
|
#18 |
|
Junior Member
Iscritto dal: Feb 2008
Messaggi: 13
|
:D
vuondofix l'ho fatto girare per primo ma non mi ha salvato il log poichè (penso) l'ho eseguito senza salvare il programma. questo invece è il nuovo log file di hj. :) Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.44.14, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmi\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8532 bytes
|
|
|
|
|
11-02-2008, 14:56
|
#19 |
|
Bannato
Iscritto dal: Oct 2007
Città: Palermo
Messaggi: 4623
|
utilizza questo tool e vediamo cosa trova:
Scarica PREVX CSI (richiede l’installazione) DOWNLOAD Una volta installato, lancialo: ● esegui una scansione al termine della scansione, clicca su: ● Save Log allega il log che verrà rilasciato è un tool di rilevazione, a fine scansione se rileva qualkosa ti chiederà di scaricare il trial, fregatene:a noi c serve solo il log |
|
|
|
|
13-02-2008, 14:18
|
#20 |
|
Junior Member
Iscritto dal: Feb 2008
Messaggi: 13
|
:D
dunque dunqueue. il programma ha trovato un malware . allego il log prodotto. la pulizia non me la fa fare perchè chiede codice di attivazione. che mi scarico un crack? Codice:
Prevx CSI Log - Version v1.5.103.197
Some non-malicious entries have been removed automatically
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] MD5: 036FC522AC5784EBF03C1F85E93415E7 PX5: EAEF384300B86E2BC60900AD18ED0300B6B454BF
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] MD5: 75A0AECC55A3F0B9E2D54119FA4AAB6D PX5: 98EF83350066C70122B20B444BEBEA00D217A1B2
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] MD5: 2B511A5438308A1AC8D48482279810E6 PX5: 457E08CD00DE83E3183600665DD0AE001F0FA82A
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] MD5: 4BA2DBAC6357B3B9D89C53823AFE15C5 PX5: 672F934100D50DA280D100335AB03A0006C3D206
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] MD5: 7B37B598B55BF80415C15BFFE7A992A2 PX5: CDE7154D0060E2E4CE1D00F8B4D58500AEAC4112
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] MD5: A372E3E086A11A01CFCA3B8DCCBFCB50 PX5: EA125ACC0017E3527A0804FB6E773E00D0D2275E
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] MD5: 82D7DE4DF9B7FF8D8B9AEFC48F2F3BE5 PX5: E0AE989400FE60C04EE004B2BF0AC40001B8B70F
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] MD5: EB1428078E1D10FDEC060857AA526A9F PX5: 0AD652AA00FC1D0CB2930F5593CD84005E517D9A
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] MD5: 9DAA2190A18739B657B58F794ACF2E47 PX5: D423C40D007DC87CD48F089CF302B800036F5CB9
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] MD5: 1F0124663855AF228233F43021400F72 PX5: F6867B260073AE3BE8420A9D4CB88200ED96EA53
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] MD5: 09BB0A2C325F7085E24FAE6134DE2D16 PX5: DA31EA390036C3916C5C0A395DA4E3007CA4EABA
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] MD5: 32C17E5CD708E5651E72B6416DAFD01F PX5: 64FF7BDB00B8F512E4E10855030F0C0078D17B4A
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] MD5: 086DA77C3C612759D4EF437F67532E2D PX5: 2E534C590076A85BF05D01EC9E4FFB0089A4554F
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] MD5: 9B5A59851D9A237C86210E07E2195A12 PX5: 17E09890009DDCC84AAD00E153CBBA0071FD3882
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] MD5: 4166454E2BCFCC20D1B8A5AC9FEAB243 PX5: D0D54E6C00E89575B4CC07CFE43BE400C1F31A26
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] MD5: AC3257B2E441866289D7EB8377490765 PX5: 869C1EE500523D0FDE60003D7F38BD0038C5A93D
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] MD5: 9E6CB81BE111B9935F6A97C367CABD4E PX5: EAD3CF360087D2AD3C120509FE506F008FB88290
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] MD5: 5588D8AFD51D060F82315C50D7590323 PX5: DD3ED9060033BBFB2E83098709F8D4001E524429
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] MD5: 0A75AC7D90BD8E6BC942DBA004579D5B PX5: 09F301D4001F77D2E0150027945354004927323C
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] MD5: 11BE44F0C0978927AED7D69B75C24937 PX5: 8E19EB1100E774A0488300C192BED30080B1D3E4
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] MD5: 0328058695D324D26528077F5B136636 PX5: 90AEB4A600D0EF596C4F00D134ACAA00BDFD0752
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] MD5: 9003E9374EA7C1A81DB51CEE64C427F6 PX5: 0919F94300F3C16412B605F0CC86050045AA2AE7
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] MD5: AC31CA2B251FE8057528FA937335B164 PX5: 02BF46CD00DC848D207F0BA7D391AB00DCDEB32E
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] MD5: 2BAF81B8504D9C1600C51A498E5453B3 PX5: 5DB1DF3A00AE978A5A1800B9B5A8C30041FF3076
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] MD5: BB756F78728C2D953574E8652B7E86A8 PX5: BDCF1CB600ACB6D2C2EE007361942C0007606048
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] MD5: 8285B8B146B42FF18ED08C558435011E PX5: 2226211D005B7868DA45009E23898E00149E78C6
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] MD5: 6F83A7ED3217D0E612445612D1991767 PX5: 085443D800EAF0FA42960F6622B8E300CB4CB91D
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] MD5: DE24EBECF7833A4DE925D0832956F21A PX5: 1789B2A5005E39C8D2660086022E8500C3B9450D
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] MD5: 48BD2908FE77ABB5EF42DD4A108600B5 PX5: 0D34C3E0002C3B32B2670226273B8500327F7603
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] MD5: F309C34E0F66DAC995053E91EFFC9002 PX5: 92D4CA5F00EA8A5C340F02F2506EE800E1319CFF
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] MD5: 12EAD983C875ED9BCC8B90E3F77F2E4A PX5: 42D0077300700B1344D7019D11CF0E00A225E294
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] MD5: 0C1F495C1761C126BC820F4DE4C8B967 PX5: 097C6291004A18B14EEC00B4A6264D00B84611B9
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] MD5: CA38A6091ECAC2668EC99AFD4B6C0615 PX5: CDBF4DDD001A7574AE3A01510D252400AF18CE5E
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] MD5: 4BA6464CF0D5FE0CD0B43AE4B3B32D26 PX5: 0590994000D0A8B53A390FFB32187D003143117B
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: C74DB9F400A749A98AD181C3816D18006A78E9E8
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] MD5: F60B8CD80F922666BF81EBB2E5FBDDED PX5: BFA5F163001586EE3EB6077DAF2BE7006E4422ED
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] MD5: EFA21A3FE23BBCFDB6F61A3AF723E05A PX5: 58711F2E00E7D4E26C3A0946506D1B008DF24393
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] MD5: 485B2381CF003DAD79F1371FBEAACD5A PX5: A52E0F9B00E1697FD015036BACB9C10078B33C67
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] MD5: C99FD691ACAFAEEEFD03F1E4E6D3DD60 PX5: D1079ADC002DFDB3487D042258AF1F00F0FB72E4
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll InMem: 1 Det [G] MD5: 837B282813808C17E9C94E56300AA29E PX5: 6C2DA8F700C891F6167D107D5B6FFD004BDE3FD7
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] MD5: EA88A16DA0D06069C0C06AB5A4669E26 PX5: 17030F830012904980B601AEBBE29A00B94ABB0D
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] MD5: FAD73705BED0910E910DE852B0F8AEBC PX5: 593617FD0028BAC30E8502553039DB005AE5DAA4
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] MD5: E6F026DBC75B6EED7331EBF581AFD4D8 PX5: 16BA5AAF006AA18914FD002B882F7D0027109E10
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] MD5: 8FBF27AB56DE71E2BDD5A2CCB7FB9023 PX5: 53B4176200566C3D2844029CE35AC3003149753E
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] MD5: D5622B6D4CD43F2223718820C0A178AD PX5: 85434D2700A77E169AF713D8C3B0DC00CF7A5885
C:\WINDOWS\system32\msctfime.ime InMem: 1 Det [G] MD5: 29DE0B3FB6DEC623E2DC5E9C7C89CAB8 PX5: A0883E0F00146873B4BB0255156E8700B1387578
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] MD5: 840535254EDD74E79D059229C5A2F800 PX5: 49E7BE4C00EA6409841F01CF112B5500E75D0DD5
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] MD5: E2703BB7BEAC36269482A8D32400AD38 PX5: 1CDB8610004CDD7F48CB007245065C0097B2DD61
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] MD5: 1DC87F8C450E295FB8CC5039D27292E5 PX5: 8B514EB5005BE141BAA3022C5AD8F400CAAEB534
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] MD5: D5193D474D7BB9CE917B4CF5F3ADA9D4 PX5: D88EDDB7006796175ABD03E85DCCE30039E51CA1
C:\WINDOWS\system32\Ati2evxx.dll InMem: 1 Det [G] MD5: B01F2CF0C05E16496C608D69B0184CA5 PX5: B07F864C0007CA40D0E301D6334E90000EB7BAB5
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent - DLLName [Ati2evxx.dll]
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] MD5: 3025D5DAB63B81F538E10878D8426389 PX5: 0ADCFE240032582262B908FFB341E7008E7C2AC4
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] MD5: 26ACBD865F8CFF730F1791C4D0854352 PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] MD5: 38C69B2BC3182A85F0B323C9D1EB7E26 PX5: 36CC0D8B0009157E909D017F19231E0041E0A92E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] MD5: 72E4CAD810A967449CAAB723E99C74B1 PX5: 3C08F14B008AD1456C990109A197100002605D8A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] MD5: A357128EEA84698DCF3ED33E521292CC PX5: A35B6D1900D11F1D3E5102B97EFC0500E974203D
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] MD5: 7013FC08075EEF2D881D55F898F2D402 PX5: 4E92FBCC002BB291EAE5000F10C15F00A1E7AD21
C:\WINDOWS\system32\WgaLogon.dll InMem: 1 Det [G] MD5: 181ECBB92DAF7778E9CC8344BE051BDE PX5: 89BDBABD808784849D2F0353EC034600A7E08956
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon - DllName [WgaLogon.dll]
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] MD5: 3C1B1065C5BFCA5190E7FA7EFCB11B59 PX5: 1D452FC300F103CCD4AF019C0B4A1000D0C05759
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] MD5: A340DEC6229F08D8B9644F2BE00100FC PX5: 9E81915C002CE532A4010226E6EC3100C992DBA0
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] MD5: F16C9CDB4A47969B1CF48E0620F6E217 PX5: 6D3509C200E203F6FAF00078D7EA35003D8429D0
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] MD5: 092813B8F60F1E12E8AF5DB98037B770 PX5: DDDD061C00DDD1C99CCC07876975D5003DF223DA
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] MD5: B979BBBA74F4F5DB69C3A5DFDC52828C PX5: D3FD3AB2006F991AE8A30C7CE8FD780095D6A640
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] MD5: AFFA7A2ECB1476F29641C90524F63E2E PX5: 7DDBB66E00F27A20FA0D01B81C65BB005752F1B9
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] MD5: 6150872A38D85C8CDDB1B2FBFF1BB07F PX5: 352A2D920078A26F766401FF71F80300DA785AEF
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] MD5: 53E5AB61DDCC0F057182BC1B5513B744 PX5: 8E7CD5F4006500C1188E05B6248B9200BAF8CA73
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\MPRAPI.dll InMem: 1 Det [G] MD5: B61978022A65FAC95B8E3817D5029870 PX5: F40536E000846CE4547B017CD7ABC100D153D57A
C:\WINDOWS\system32\ACTIVEDS.dll InMem: 1 Det [G] MD5: 25E4E36CED6B15DF8D8C10460BE834A2 PX5: EFB02947002647C8F6250205FD9612006E9558F5
C:\WINDOWS\system32\adsldpc.dll InMem: 1 Det [G] MD5: 15CE221ACE929705BA7E4346D74E8A06 PX5: 6D8B11FE00EF99F53026027F152EC40097EA0ACA
C:\WINDOWS\system32\ATL.DLL InMem: 1 Det [G] MD5: 32BD4CC64449EA2549BE4A8EFC54F4DE PX5: 90FBA32A008A4DC9E6A3004879775D009B9241D5
C:\WINDOWS\system32\rtutils.dll InMem: 1 Det [G] MD5: 204A7D354683A49C37505BE1646C5D43 PX5: BF0F14BA00130FA5ACFA00D907EAE70083958E2B
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] MD5: 0E8E6901C637095EC3B483475E39731E PX5: DD9EAB9A00D5F12036192D6118710400ADB6810C
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] MD5: 6DEB9059000C34770192B78D85F6D387 PX5: E19B13CB00CFB9ED5C250033B033BB00A27F216F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer4 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave2 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave3 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave4 [wdmaud.drv]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] MD5: 05E84EEAD6B27C958621A4E6D33859D1 PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] MD5: B088085D01B3E80E2BE0E9CD1838BA9B PX5: CD32AC5300D4DB3A183401A597817D009B477A6B
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] MD5: EAAA11BE5C162266E698F7658BD8A1DA PX5: 8C299C3E002D88084A0000F598A51000C8C9681D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\wbem\wbemprox.dll InMem: 1 Det [G] MD5: CECE259D273771497D2C96C8121D9C58 PX5: 118AA1B200D76A754A3B0017C7664600A1463C19
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] MD5: 7DB0054945C1C937553F97FA1F1EAFFB PX5: 30B285D60040901346F3037FF72C08005C58C30E
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] MD5: DD3E1E96EA769C31936D9B09F9137954 PX5: 25397BDF00757EBFAAF700E3ED2B7800B9284F1B
C:\WINDOWS\system32\wbem\fastprox.dll InMem: 1 Det [G] MD5: FC9F0B7216D087F9502ECE38439AE144 PX5: AEBA61B800E4BC9A34F5075F66FDAB005D1447F9
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] MD5: B30C42DFA52A70037AB31A85057A5657 PX5: 2D7DD02900BE71EC5085060A796CD8005BF97344
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] MD5: 6AE3588C5FEA68CDFCD743AF5FC95398 PX5: B049763B0042836806A701AA022FCD00F10A90B1
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] MD5: B4936FB637C2E2EC03F2589CBCD077EF PX5: 74EB5FA400ECF6FA447C02F4107A1600E5E5C273
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] MD5: E77F6FA2A15390F1727F4C1C55B69DA6 PX5: 55CFB3920083E585A8B8011373392400747D1070
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] MD5: E84A4BFD34F64AF3A9B2E4FF45C02DCA PX5: 42090831009A7DEDFC25041A41C0A6009F850DB8
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] MD5: D717635E8C6D91644AEDA4B37A49762A PX5: A0722C41001DFC8BE8A7011B43DD8300C52FA704
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] MD5: 1FC06B22BA62AB448613461D06C328C9 PX5: 7EA0BF3D001A18F58E38007796CD8000CD7F3FCC
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] MD5: DC7D49E0DEC335B8E14C734AB1BADE66 PX5: 279F162200D45347000001BBAACC850063724C8D
C:\WINDOWS\AppPatch\AcAdProc.dll InMem: 1 Det [G] MD5: 744EA281298317E91C3BEA70BF3843D4 PX5: 4481FDAC006BDDB69ABC00D7D79D140035AF8893
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] MD5: D1CAA255F33C06C8302769A86FFB905E PX5: D2B7D57A001E9CD9DA5600E2BE4F3C00079E4466
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] MD5: 0815E8DA286775FA432C7C9EE5E10BA1 PX5: CC1BA69F00AF6D2D3445003B3C2E0700B638080D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] MD5: CCA9A75FC163ED610CF3945069BF4A3A PX5: 4A2D1F9A00EE2E841A4F0B1A2FFB0900A3181BF3
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] MD5: 12B717E63F23BDF3FD43B295542154D9 PX5: E92EC68300CE21C68E4E06BCC0EDF6004268C49A
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] MD5: 4AC54687B901091378C512A6C56F6214 PX5: 81B30DAB0078862F82C6000202049600DB968CD1
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] MD5: 26CAAEE19627A49509A5FAAF49E418A0 PX5: 5F6310EE002D3DBC446C1C5A826CF10048881669
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] MD5: D7D64FF974B96816E1AE2C5B86DE35BA PX5: 0CA48DC3002C50B3BC750065E2B27800000C62EB
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] MD5: A3103D196CE0DB4C8B5C6A365628E9EF PX5: 6F259D99008DE085843504BA6E05F400BD1351EF
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] MD5: 926BB51BB6DE79DEDB93E9C2B0811CCF PX5: 7826BE4E00B0693C362206A7BBB246000E968C98
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] MD5: 8B97D00E5C6A593EBB605CE4B8A5CAA5 PX5: B0DB78E90001F969B24A022F16FE9C007D6DCCBC
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] MD5: E9836D1ACE460B4B96FBCB03861D0323 PX5: 978AEDC000D16F92363B021213F745004B5CD31C
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] MD5: BBE58056910CF76B84C3E3D6349DC801 PX5: A77EB4BD0001DCA2C0B500785ACD4E00DCC55D5B
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] MD5: 1446EB71ADF0F54980CDD7E5A812E102 PX5: C91F3DA800B1BEBADA0C02480448D00054984981
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] MD5: 24E00A2782F1FBDDA55173F6A92793B4 PX5: B05D914900808F8FCED102E7A46D080020A33905
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] MD5: F450886F41773A5FAEB25E87B758D6A8 PX5: A4E8D0C400046CE116C204B93C6D3F0003672778
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] MD5: 30E14D74BCD1BEEA96A279F78A723346 PX5: 5E3F044E00E5E84280510004471F8A00BD7E5854
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] MD5: 24B2F25A42BA3CAD1D238F2ADAE63F7C PX5: DCF79E3E001DA16F86F70051A83A8600579ADC98
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] MD5: 7FE963BD4BDE86B5EAF5C07C6D0118C3 PX5: E242805400420CE08090017E79023900E657FC90
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] MD5: 337CB52AF1F7CF6C0F57EC8BD14DC6D1 PX5: 644C52BE00A05754C6240337B7759700C1FF12E3
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] MD5: 250D4F4E1E27543C121378268FE07208 PX5: 2CFD58C600B6F9414A810565679BD6001F42D5DE
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] MD5: 08B3A60A4DD7FAE800B552F8F8D5DEB0 PX5: 522AC66D001B6D5A4E8E00D8A0AEF000528059BA
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] MD5: CACD2C63A79268D131EA37E85524CC44 PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\system32\Ati2evxx.exe InMem: 1 Det [G] MD5: BBB0520DD1C8256957AA601AA1D06A3B PX5: 5C7B380B0093CC91508207850C6A55000BC49DA0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ati HotKey Poller - ImagePath [C:\WINDOWS\system32\Ati2evxx.exe]
C:\WINDOWS\system32\powrprof.dll InMem: 1 Det [G] MD5: 41FF9D663219A1DD0397FE2C5B09436C PX5: 31AB7E9C00B2127E4485007208C03300950D28C1
C:\WINDOWS\system32\cfgMgr32.dll InMem: 1 Det [G] MD5: 15797C5AA673590064348A025A5F17D9 PX5: 74C69D7C00EDC85142F6003C4DC9A1006D7B8195
C:\WINDOWS\system32\Ati2edxx.dll InMem: 1 Det [G] MD5: 601022320902B129F6F2CE2E61457EB2 PX5: 3329337A00388E63A6F5007C89D4460051AD1907
C:\WINDOWS\system32\atipdlxx.dll InMem: 1 Det [G] MD5: 301EA7D8A0D65820D3F0BC717B6B3BDF PX5: 8216238D00BB2D4F204A0275F4AA1A005B782193
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] MD5: 73955B04F209D8A1C633867841267A96 PX5: 41467A9700616549387D0095555BE300B7CBF228
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] MD5: CC41F9D29EDD55037A4C26E70C175528 PX5: 27F0519E00F08DE512070643B0627F006598C78A
c:\windows\system32\termsrv.dll InMem: 1 Det [G] MD5: C06CD1890279603E15020757E02DE56B PX5: 15A4D5880058E23888C304BFF814830042F0D520
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] MD5: 66DA850192B87548374FE13F38A2A265 PX5: BB3E4FC6005CCAE92CC10044E2AB07008B832EBD
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] MD5: 9E54D8528F9B4324ED20CFCDF3BE6A76 PX5: F3CF001500470019C4F901369ADAFD00DF876B1F
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] MD5: BB78454C44A5B0F97295A6D66B217D65 PX5: DD7C6D7B00A7C2A842AB003098E8920063CE769A
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] MD5: 266D8FA8F97CBBBA8BADE273F47215D9 PX5: 44992DD300BD805F2027003B3C2E0700008DD7C4
C:\WINDOWS\system32\msi.dll InMem: 1 Det [G] MD5: 34A737E1344985BC5A636A4ED286DE61 PX5: B09678EF00F05CBD8EB12B2266AE240024089B64
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] MD5: 4F56AD1B19373851392BFF248C8CE1CB PX5: 6B31A5B6003DEA2AB413012609A16300F9086E97
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] MD5: 312913174D070ED81E9D78DA7B648774 PX5: 3DF4750600996C8B7E470562CED514005814EDBA
c:\windows\system32\WMI.dll InMem: 1 Det [G] MD5: 7F9FD6E98CF1898F94D4A6246D4D639E PX5: 781B3D7300C600C41695006A26ACBD006AA9CB45
c:\windows\system32\ESENT.dll InMem: 1 Det [G] MD5: 26E0AC18AC6DC3F7F17AEE22C9E0A01F PX5: 44A1D0F1009656EFAA4210CE1D5F1E00AAA3CF3A
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] MD5: F90A2F77CB88F8201A3AD783D7EDB19C PX5: F64AC68A00F37A69B87E01DB8E696800CC9225D9
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] MD5: 502A30E1A880124D7F71667E75BE9688 PX5: 5142AFD100A220AEFE57076D08D9310067F36935
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] MD5: 419A6F3D56E469BCBE71128A78463DA4 PX5: 01602CB700AFE3F096BE0C69B6790E0014C04381
C:\WINDOWS\system32\Normaliz.dll InMem: 1 Det [G] MD5: 10753A3ADC3E39A3B10CC3F08E98E6B4 PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC
C:\WINDOWS\system32\iertutil.dll InMem: 1 Det [G] MD5: 7CBB661D9CBE1466FBA9C046976F60A0 PX5: EE33830F0085ACC816E604DF06619900D80130CB
C:\WINDOWS\System32\RASAPI32.dll InMem: 1 Det [G] MD5: 7ECE54A6785E6A07ED02018A32B246E6 PX5: 7E18516500FFE5CC9C5B03564D831C0011FCFEEB
C:\WINDOWS\System32\rasman.dll InMem: 1 Det [G] MD5: 79D87679F6F13F7F18062C39A3C5B38A PX5: 7F1D9BFF002D89D3F04E005C98AFF900ECE9EEA3
C:\WINDOWS\System32\TAPI32.dll InMem: 1 Det [G] MD5: 9B53CE123C15E95DE40592CFECEC5A09 PX5: ECB3A62200F5E5E3C61D0271F9934A0018AE4A00
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] MD5: D7DE6CD7A5F84909B12B7DBD7D93811D PX5: 6CBEE3D600A4FEB310F101DE8C083F003D6F721F
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] MD5: 546254D4769E165CDC3388D74B201FCB PX5: 5DDC4A3800A53317F204023D51875A00711FF5B5
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] MD5: 3DC13080F28F80ED5D31E20E226536A5 PX5: 892E25230047BFE41A2700448F955F00DB3FDA3D
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] MD5: 15EE9EFF206DAA73B9642FCD51A69BB1 PX5: 97A7792B000122A1A6A80092373D18006EB85382
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] MD5: 6953DE298C888ABE268FF59BAC64CF4E PX5: F785B0520050629F0457028102F0DA00CD162C70
c:\windows\system32\qmgr.dll InMem: 1 Det [G] MD5: 04E8321935AD5643FF59901F3EF5F4F3 PX5: A628078700D0FC00D60105464D1E6100132AFD53
c:\windows\system32\SHFOLDER.dll InMem: 1 Det [G] MD5: 8B205EB92B49D10055427365065357E8 PX5: 209DE55C009ABDE8627700E93AF07200F7058D40
c:\windows\system32\WINHTTP.dll InMem: 1 Det [G] MD5: 5B4EC6C0FBACC85430CE3D6AE8563A0D PX5: 8A8FE9C3008B23F25C3905D494C02C00D181B661
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] MD5: E0CC838265401128097D182FB583889A PX5: 4924777000FF363CECB300E8D69F7300112A6AF8
c:\windows\system32\certcli.dll InMem: 1 Det [G] MD5: 5F24A58D40870F8FE6CF7E15E73DE146 PX5: 925C7DF9003B9C1200C5031520AB850028BB5515
c:\windows\system32\dmserver.dll InMem: 1 Det [G] MD5: 499FFF7BCA07009A23447776286F0510 PX5: FABFF932000B9F155E610037E22ABC006B953D35
c:\windows\system32\ersvc.dll InMem: 1 Det [G] MD5: FF547B3876B6E652431412345FB8EE11 PX5: 1075AE7B006257925A3B00E01F4D2400B15FB39E
c:\windows\system32\es.dll InMem: 1 Det [G] MD5: 659C04BB6086E480966FFD0D44F1CC4D PX5: 79EA0C1C007DD384B6CC033ACA71FA00F62D9D5F
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] MD5: 03A7A19834E2A63C445B3AC5E73AAB50 PX5: 5BE772A20028818F98B300E973AA5500998EE021
c:\windows\system32\hidserv.dll InMem: 1 Det [G] MD5: 3C924C33DE25E8F01EEB3C6B8030E7BD PX5: 96C7C37F003251D454A000B31B11EF0040F22E18
c:\windows\system32\HID.DLL InMem: 1 Det [G] MD5: 3B4E115A33A2BFF0D74792D572F448DD PX5: 551CD37300F70F6C527C0010EC920400B756D4FA
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] MD5: 974831AA16AEE016D902F8582CCB30FE PX5: 0BFF5A6200F821CA7A0401E40DD655008D70866B
c:\windows\system32\netman.dll InMem: 1 Det [G] MD5: 1231D4353698E19495DC8A929B8B74EB PX5: 65612A5600E1886F042503516394BA0003C1C8BE
c:\windows\system32\netshell.dll InMem: 1 Det [G] MD5: 4CC28DE5620ACE4F613B42A4F836DEDE PX5: F7F9A56A007CF701368C1AE01A3E1600E0C02A68
c:\windows\system32\credui.dll InMem: 1 Det [G] MD5: 2D68AF44B169D033545FA501B9FF4F30 PX5: E886FD9F0056D4F18254029213832F003DEFF647
c:\windows\system32\WZCSAPI.DLL InMem: 1 Det [G] MD5: 28CDDFDF8C30D886284F3549C4A8E284 PX5: EBF8733200CD9B7CCA4C0051E7642A0024707F2E
c:\windows\system32\seclogon.dll InMem: 1 Det [G] MD5: 241D074DAB2A67D2D7616CE7C8B05650 PX5: 5B80E36F00AA396B4A8300B7E7951D00D7AA4B2D
c:\windows\system32\srsvc.dll InMem: 1 Det [G] MD5: BA4E8AC9A60C4527C969D08F3ABE9D36 PX5: F652BD0100BA7CC29C6202A16DDB5500C590261B
c:\windows\system32\trkwks.dll InMem: 1 Det [G] MD5: 6C7F265BD43A1D85103EC5CB1251D2B6 PX5: 906F8E37007C9B5A621D011F493B83005C29CC43
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] MD5: A91ACDD987DC3E0E1FCEDDA6F1FFEF2A PX5: CEF9F3BC00C6E32738BF0260919AD800E787713F
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] MD5: B590F13F17409970A6994473EB98EF74 PX5: FAEC6BFB002AF8059230067AACCA280087EB5B02
c:\windows\system32\wuauserv.dll InMem: 1 Det [G] MD5: 4CBB7CC975E5B67022A7F95DFC6EF9EC PX5: 0799809A00702BD41AB400068A66AC0043C84727
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] MD5: 3EEC20E41F5F331B94002970CEAEC92F PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] MD5: 4D7708FD334C23E17400CA8327CE3D11 PX5: 60605FEC005AB19AEA050033F1225300422702FD
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] MD5: A434E5666A953F6A0406CC99B8B8C6A0 PX5: 192CF4F3003C31E4769D0029DA080500F7D037E4
c:\windows\system32\sens.dll InMem: 1 Det [G] MD5: 688BE760C858E347A4E23186B725C86B PX5: 00AF89660086F69E989700E590F03600F597A8F5
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] MD5: 1DA364FA673E18BC1DE8F5CDF3657DBD PX5: 89882A6E0030CF0B12CE052A40AAE5009F9198F9
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] MD5: 17F70F4E37452A30C35565052AB68BE9 PX5: B11BC224000C550D3E4B01F1618F6300676DF706
C:\WINDOWS\system32\wbem\wbemcore.dll InMem: 1 Det [G] MD5: 2E9B41FDD71FDDD9D596CF3FDF0A1FDD PX5: D34E2BC3004DE1451AED08DF0B2B620026599912
C:\WINDOWS\system32\wbem\esscli.dll InMem: 1 Det [G] MD5: 20938C6D287B27AB3F1FDE53FF3507DE PX5: DE687FC600BAAC77C8B4030B6F14AB0094AE7226
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] MD5: 9C38B58FDD3FFBE7ED90B5936CCE3784 PX5: ED0A598E00540BAB56A9139D5AFF60002DA225EE
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] MD5: A9126ECB8BCA406D6DF60BEC11AF594A PX5: A0B0F9B500ACD436ECA70034F32E2C001398A8B7
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] MD5: 7C5986B94EEE98CF0A0F5EAE44912E5E PX5: 66978F8E0092BC0304EB01E29B925900A2E75CFB
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] MD5: 3BD93201E3AFA5A0660C793A4BDAE773 PX5: 2C097C2B007169C960BA0014DCE7CC0038229E38
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] MD5: C3B4CFBA8936D0AF25D5391F53F2DA91 PX5: F4F4A6AD001EC8C1E2C500B4FE61840054C0DDE3
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] MD5: CAD4191048F595A794E14CEE31DB06FD PX5: 6DFA47A500DAF26FE68800D61F5B31009BB0B65D
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] MD5: BC664C7546EF5C1A5712E7B48AF24741 PX5: 0BDBA5A5000A6748803F0102F9279500D2C1C9B2
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] MD5: 41B4ED9F8D444CE09B6A1FE76AE22040 PX5: DAAC922100087395B4C8026D60ACD300B870E129
c:\windows\system32\browser.dll InMem: 1 Det [G] MD5: 72FBF0322BE8A0F25AE722FDE36AB1E6 PX5: 9CDD0A4F005D0D9D2E6201C807EC76000E0D1CE8
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - [Browser Customizations]
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] MD5: D110A8CDE08CC1D346814C814D32F2ED PX5: DCBBBE7700F574BEAC5B06A359C30800D52199FA
C:\WINDOWS\system32\wbem\wbemess.dll InMem: 1 Det [G] MD5: 1C4C78B5943AE143513DD1522E14926A PX5: 57BC20470030CEBC2E7C0420B5413100E2A61178
C:\WINDOWS\system32\wbem\ncprov.dll InMem: 1 Det [G] MD5: 1B8923492B022438764DCF6BD8B0EFA9 PX5: 28C2B58B00AC779DB8320092176FE400CB94678D
C:\WINDOWS\system32\netcfgx.dll InMem: 1 Det [G] MD5: AB06350510C1F68C7202703480F6FF17 PX5: 4F8DF8B4009990EE9C82091CBF6CD600CD59067D
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] MD5: 3A4C429F316C510C3E4C5F2FC7372C26 PX5: 77B7DE3500985E80CE7503E2DF55BE00B03FFDDD
C:\WINDOWS\system32\upnp.dll InMem: 1 Det [G] MD5: 7E7491C2CF7A0781C0004D2C5BE71BC4 PX5: 5CC09E6000F77B62063F026310FD670014E0CF2C
C:\WINDOWS\system32\SSDPAPI.dll InMem: 1 Det [G] MD5: 4EA31D2858780DDB446A9DC9B2D23C3D PX5: B458C80C0094BE55886700FEA91CE300F0D01D10
c:\windows\system32\rasmans.dll InMem: 1 Det [G] MD5: 6686C0C8B47618414215FC184972C69E PX5: 6AC5343500463BCBC43C0233B0575500AE7EBADF
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] MD5: F4DE764732E8F6028BB18AADD4912317 PX5: 699D459D008C3BC6E634009735DEBF004B936485
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] MD5: 12C9C630FD867446D8B846C28454A45F PX5: BFCEE8FF0036A1F42CB803103A63E10078271DF9
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] MD5: 8BC01CBCDC4345A7367F2EDCBAA4A07F PX5: D4A3FA58003A460436E500FC8F082200CAF4CCCF
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] MD5: 516447BBB1A13F72E98989580EEAEB36 PX5: C200FF390086F832824F0082C924C70039E73BB5
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] MD5: FF5CBCADD5833B484C773F7DF16F13BF PX5: 9787C23000D76D69E07F0030C6CACA005BA7ED34
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] MD5: 4E2F02E1BA55160806AD42FEE296F8B2 PX5: BB9887B4006414FA44B900C28BC43200412916D4
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] MD5: EA96018804FEB47C384EFDB3D07E7EB9 PX5: 72FD790F00B8268510FF046EA54C6E0080B1B5D1
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] MD5: EA5C2C1F5F74A5660FB0F72E63861030 PX5: 578102E800C1441976DD00BD8619300083827C0B
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] MD5: 4A48EDCAB3B97997055AC533CAFDB501 PX5: 69B8011C006A35C426B80310309570000552A536
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] MD5: 8ED1589D9A626027E4FAF24C149860E6 PX5: 182944C0006C52E520B8003B3C2E0700820D2E78
c:\windows\system32\rasauto.dll InMem: 1 Det [G] MD5: 84D4005E21A887F87D943D9526020531 PX5: 48FCC9CC006739715C0F0164494E4F00F92E081C
C:\WINDOWS\System32\icmp.dll InMem: 1 Det [G] MD5: B6087457A1380F8AE1D9355AF2A6BF11 PX5: 0B30E5BF00DA4A2E0E4B007E40893D00B79BCD14
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] MD5: D52A1298D47FA8652B30451855265F94 PX5: 289AD96400BB9C934C7F0AD56A0D5500E683D618
C:\WINDOWS\system32\upnphost.dll InMem: 1 Det [G] MD5: 66A6CC644A3453E2C912CF5DFFE9F2DC PX5: AE0305F4005F2B75D47602DCB48A86002D8BF361
C:\WINDOWS\system32\msxml3.dll InMem: 1 Det [G] MD5: F95E644F65D439D2F9122D52F0321327 PX5: 60B20BB200F84299DCAB10FF374BBC00797C1A91
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] MD5: 016D9DD7E345774490E0A02C83B04161 PX5: 59E5374400CBA3B5B29411BB86458F00D1ED28BD
C:\WINDOWS\System32\catsrvut.dll InMem: 1 Det [G] MD5: FE3C57032D6633EBAB4F34ACE2FF63E8 PX5: 1D1958FC0014A41C8A1909D90975100096221612
C:\WINDOWS\System32\catsrv.dll InMem: 1 Det [G] MD5: 8F661E33712DD152583CA269A9A95801 PX5: DED241F8006A0C3072400397B3323F005C1B0A03
C:\WINDOWS\System32\MfcSubs.dll InMem: 1 Det [G] MD5: BF7CBF56B6747AA40DFD468B73CDC30F PX5: 96E589F1008C042D58B50018517B27005E775CEF
C:\WINDOWS\system32\advpack.dll InMem: 1 Det [G] MD5: 73AA55C0280088EECAFE208CD0560A38 PX5: 3DF6892B001811DCE8EF01709A8D58000B11E7BD
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.i]
C:\WINDOWS\system32\wbem\wbemcons.dll InMem: 1 Det [G] MD5: 89A935A5CB3FE6D25BB87DE3370E6B5E PX5: FEC4B3B500CE633918000143FDB47200CD210469
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] MD5: 1A4CCB390093D1A6F0EEC063F44AFF31 PX5: 3AB739DC00686EC6B26F00A3B54A4300F767B865
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] MD5: 6E008B7EB9B67D555B5EE1C1091F3A7E PX5: 050B19680015AAE33629000A173BF5000631D061
c:\windows\system32\webclnt.dll InMem: 1 Det [G] MD5: 83ED24C34250AFAB1E55DEB3D8D7EC1A PX5: F49C6F7000D3BB7B0AFE01B9E6A55A009E654432
c:\windows\system32\regsvc.dll InMem: 1 Det [G] MD5: 78FBE7DA29307EDE7ED0E33F1C4969BC PX5: 0038ECD50092146CEAE600DC41696F006EFFA138
c:\windows\system32\ssdpsrv.dll InMem: 1 Det [G] MD5: 1FBF38A525EEDD7402BFA7E27236A64F PX5: EFEEB4A70072CCE218E201A90823060000AE77FB
C:\WINDOWS\system32\httpapi.dll InMem: 1 Det [G] MD5: 33B37FD8EEB6F19FBCAE75C3645317A7 PX5: 94ABF9F30077024C6088002F3D561C00380DFCD1
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe InMem: 1 Det [G] MD5: FE69C498B922CE835E2E2123FBD0A272 PX5: 00F39BC468CDFD48A8A50103202197005BA290EA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ccEvtMgr - ImagePath [C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ccSetMgr - ImagePath [C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CLTNetCnService - ImagePath [C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LiveUpdate Notice Ex - ImagePath [C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe]
C:\WINDOWS\system32\MSVCP71.dll InMem: 1 Det [G] MD5: A94DC60A90EFD7A35C36D971E3EE7470 PX5: ECD4D63500CEF392B07B0763A30232007858E0CD
C:\WINDOWS\system32\MSVCR71.dll InMem: 1 Det [G] MD5: CA2F560921B7B8BE1CF555A5A18D54C3 PX5: 62DFDEC70029283F503605D7334679003F71F4FC
C:\Programmi\File comuni\Symantec Shared\ccL60U.dll InMem: 1 Det [G] MD5: 6E22BCDFAE1CC274BAF429075FB5B54A PX5: 7B1C00F268CE0F9B22250880158B5400F6B47C1F
C:\WINDOWS\system32\DBGHELP.DLL InMem: 1 Det [G] MD5: 87FB429E335A273C6D789377B4C94D39 PX5: CA15549600DD8409C430096381351D009D50E233
C:\Programmi\File comuni\Symantec Shared\ccVrTrst.dll InMem: 1 Det [G] MD5: BBE96B8C41F5A00070A00B51A8AE4757 PX5: 9D06B3526804FC77F6EA01BC8B16950059F7F3ED
C:\Programmi\File comuni\Symantec Shared\ccSvc.dll InMem: 1 Det [G] MD5: A39EF96B7C3CA17B9DA1A9A132471D72 PX5: DD8F8E3F687C59E3B69904558C6C5400FDEEEF24
C:\Programmi\File comuni\Symantec Shared\ccSet.dll InMem: 1 Det [G] MD5: A8D524895DDC6E238324627C4359A747 PX5: 0CFDFA2F6834CC49363B0249E7CE5700BFDFCF57
C:\Programmi\File comuni\Symantec Shared\ccSetPlg.dll InMem: 1 Det [G] MD5: B9817AE72827FD5865D3E0A1635BAD7E PX5: C4EFD3A068FD2F3546B103D5FC6205009AB70709
C:\Programmi\File comuni\Symantec Shared\NPC\npcWmiMn.dll InMem: 1 Det [G] MD5: 39F5FACEA140FFF511D3A3CCA8A18190 PX5: 39678ABC809298A600BD02D45FF4A90004E302C1
C:\Programmi\File comuni\Symantec Shared\SNDSvc.dll InMem: 1 Det [G] MD5: 9868EE250E072778D6B12467E9A5315A PX5: 19DD23AE90F8B5C056F2034225AE890051F34414
C:\Programmi\File comuni\Symantec Shared\ccL60.dll InMem: 1 Det [G] MD5: A7E52FDE073E48F4C89F07CC8DD04954 PX5: 7A03A6FC68F10632741906AE4966BD00A39D47A9
C:\Programmi\File comuni\Symantec Shared\SPBBC\TProcPlg.dll InMem: 1 Det [G] MD5: 4BAF74196D9C78031F5BF51AAB085E65 PX5: 4468D202685DDB5BD4D700CC3322C30016AA98DE
C:\Programmi\File comuni\Symantec Shared\ccEvtPlg.dll InMem: 1 Det [G] MD5: C41CC4AB94BB3D1F52EEFD8FEFB4DD91 PX5: ADFEFF906827DBF162A20403CB0BA600F1FDD42A
C:\Programmi\File comuni\Symantec Shared\AppCore\AppPlg32.dll InMem: 1 Det [G] MD5: 2F9D8875D6B0400C08C5389C2EB3343F PX5: 593979EF60AD7C7EE05600720F0D8E0014945250
C:\Programmi\File comuni\Symantec Shared\AppCore\AppMgr32.dll InMem: 1 Det [G] MD5: E5FA578D4E9DEB370A1CEEAB787B2BC5 PX5: B6037F27603CBB25E892022B98E5B40000C412A1
C:\WINDOWS\system32\ATL71.DLL InMem: 1 Det [G] MD5: 8F2097E8B174F38178570C611464935F PX5: E909302D009C54105C6B0151449A85009FE0FD3B
C:\Programmi\File comuni\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTNetCN.dll InMem: 1 Det [G] MD5: 65ABA2142475B2C9103110D10BB89C50 PX5: DC788A3D88F1F4069505017D6D70920005764C40
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSet32.dll InMem: 1 Det [G] MD5: E52A922BE3C24DDABC76D121B130F04E PX5: 4E1E357E6089484EB4F3006D71455400919FCC18
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll InMem: 1 Det [G] MD5: 796C23FC03D1C84F6911820671B89A6E PX5: 6A66270F8815E4F4568204899DE077001D86075C
C:\Programmi\File comuni\Symantec Shared\AntiVirus\AVScan.dll InMem: 1 Det [G] MD5: DE210BE9C552644459A7825FCE4F703A PX5: 7E5F4B516094BF86283507E757EB2700F3AB2825
C:\Programmi\File comuni\Symantec Shared\AntiVirus\AV.loc InMem: 1 Det [G] MD5: D48C60D2B4C375D75F123C37FBD80E0D PX5: 1634BB32588C3AAF206B00BBE8F98300C6CB9318
C:\Programmi\File comuni\Symantec Shared\ccEvtCli.dll InMem: 1 Det [G] MD5: D5991B5BEC31095BAE1FDE461D517BD9 PX5: 2DC71268689C7B0956F10370BC20420078E0B8B9
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSch32.dll InMem: 1 Det [G] MD5: 78A7549CD91EA3D0B5F7A4C29677F26C PX5: 16B2881A60A9A4F9C2EC000255B1DD00739BBF42
C:\Programmi\File comuni\Symantec Shared\AntiVirus\avDefMgr.dll InMem: 1 Det [G] MD5: 48A882BEDC57A8778A66F073E8988E4F PX5: 6CBF4F13606D327E3AD301A8356BD20075195AF4
C:\Programmi\Norton 360\mmLuPxy.dll InMem: 1 Det [G] MD5: 6186E0C90840D22C6E91325DB70C1F9F PX5: 1C6FF26360F93FDA75B9010ADB04C600F1AE001C
C:\Programmi\File comuni\Symantec Shared\Firewall\FWAGENT.DLL InMem: 1 Det [G] MD5: FBD399F86888B6AB20B01B58057B5D71 PX5: EE93F6AA58928B6CB5C5026469DA07009826C614
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCEvt.dll InMem: 1 Det [G] MD5: E7B8B53B8C8CB85A3AFED1EE822730E9 PX5: E198E117381AF95FBBB717A19F9F700070396599
C:\Programmi\Norton 360\mmNCU.dll InMem: 1 Det [G] MD5: 2D3C278C11CCFA31E7C47C4CD76FAD40 PX5: 9CCE972B6077E270453704A47C74070080212501
C:\Programmi\Norton 360\tpMidMan.dll InMem: 1 Det [G] MD5: 8CDCFDBEBFE087F47841FFC73F9C4E7A PX5: 445CD15C6010D96DB59F08F04144D7004E81ACF8
C:\Programmi\Norton 360\mmNCURes.loc InMem: 1 Det [G] MD5: 61B9290CCB4ABC366AD83CBB9D0F99C0 PX5: E6FB46BC68F10EFB2A1400A2CB6DAF0036BA1622
C:\Programmi\Norton 360\SelfHeal.dll InMem: 1 Det [G] MD5: A790115FBDD0829D864B958DF29C63B2 PX5: CE384FAB6033BC1825170625BECD8E00BDFD4305
C:\Programmi\Norton 360\tpBESvc.dll InMem: 1 Det [G] MD5: 9E00490060DCDEEA1B2C9EE3C54B9B4B PX5: 2B4C412360B73DE465A80784C5A58100716A08AE
C:\Programmi\File comuni\Symantec Shared\SRTSP\Srtsp32.dll InMem: 1 Det [G] MD5: B166A2D53A4DB3E70BE56E0D39C168C2 PX5: 0B1E34257023430BD51A0AB21340B200A3423CAF
C:\Programmi\File comuni\Symantec Shared\AntiVirus\avModule.dll InMem: 1 Det [G] MD5: 1440ACB32B048C117D67901721AA72B3 PX5: 72A0880260A865824A780464DCFAB300B49D297D
C:\Programmi\Norton 360\tpIdleDt.dll InMem: 1 Det [G] MD5: 14863EC974D95FFC394ADD0567E10187 PX5: D62955DD60D47AF455AE01702F68CE00EC9C3893
C:\Programmi\File comuni\Symantec Shared\ccSetEvt.dll InMem: 1 Det [G] MD5: 9DF03F00F9AC2CFC7BBD9528B917281D PX5: 9317E13A685597D0169401A82B037400A667C346
C:\Programmi\Norton 360\TPENGEVT.DLL InMem: 1 Det [G] MD5: A38AB0C1F18B736F67792223D67BE449 PX5: 5C0F10FE605631EDF3EA0185A5994E007B52F4E7
C:\Programmi\File comuni\Symantec Shared\ccProSub.dll InMem: 1 Det [G] MD5: DB4BDB90903EDF5914B2155DF2967C76 PX5: 8ED4D3326859D640F66C005C17CCDD00E11CE6F8
C:\Programmi\Norton 360\AVSvcPlg.dll InMem: 1 Det [G] MD5: D5DDDFEA799B04BAAB77FB82BBC842D5 PX5: 7C77775560DD5E09358F036045B74A0052D65F7E
C:\Programmi\Norton 360\mmWDF.dll InMem: 1 Det [G] MD5: D833D0A7823FF1B30E86835DC58BF38A PX5: C236692F60AB2F0FA3E602879EAE6A00E4965A3D
C:\Programmi\File comuni\Symantec Shared\AntiVirus\AVIfc.dll InMem: 1 Det [G] MD5: 45DD1618620987E7DAC06B99B39993BB PX5: EF5B476A60D7019E705304D6C1781F00B3F8D03C
C:\Programmi\File comuni\Symantec Shared\QBackup.dll InMem: 1 Det [G] MD5: 6BBBD0E44373E2948250BBA735BA13AF PX5: 8A0BD29B601F2A27E27601E2642C490051AE30CD
C:\Programmi\Norton 360\mmWDFRes.dll InMem: 1 Det [G] MD5: 19638048AECF9200C37E8F2589006B3A PX5: 6C8F5B6E60D652E9392B007E9C5C6D00F5973029
C:\Programmi\Norton 360\tpSched.dll InMem: 1 Det [G] MD5: 40420B4CECD1BA938AF2A74D9AD5C038 PX5: B92CDD71604CDFF4A56D0224556D61007EFB0097
C:\Programmi\File comuni\Symantec Shared\NPC\DataPvdr.dll InMem: 1 Det [G] MD5: 5EBAB427C2C213031635035FE2C3BE62 PX5: A16FE70C80634D75E2FA0018B3DC4A0098744D46
C:\Programmi\File comuni\Symantec Shared\AntiVirus\AVExclu.dll InMem: 1 Det [G] MD5: EE31EE72CAA20608D256CB34C6D911E0 PX5: 100226AF60986E147C170252DF46DE00A4280A3F
C:\WINDOWS\SYSTEM32\SYMNETI.DLL InMem: 1 Det [G] MD5: 6C0FD058AE23F3D9A055AEB93C350A9C PX5: 9EB7384D9091D49B888F09DFC82FC300F76A3794
C:\Programmi\File comuni\Symantec Shared\Firewall\FWHelper.dll InMem: 1 Det [G] MD5: C49D3BCF28E432881F42039F2239CF0A PX5: A4E91D045807980705D003157F0F310075ACB52C
C:\Programmi\Norton 360\NTPFW.dll InMem: 1 Det [G] MD5: 78649C74F0F8A94932C6A6ED684C2001 PX5: EDF2A450602A18F5D7B701498C529E00BC0C5E69
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCCli.dll InMem: 1 Det [G] MD5: D6F3FE459DBFCBBB1E9EF4148B39F6E3 PX5: 90CDD8C1380DCC95AB6201C9BA083B00EEDA67D5
C:\Programmi\File comuni\Symantec Shared\coShared\WA\1.5\NppDBWkr.dll InMem: 1 Det [G] MD5: F7C61A0DF9192678D6BB16F373675E3C PX5: 59B0A55890049280D74A015B4F61A100C88B5D7A
C:\Programmi\File comuni\Symantec Shared\coShared\WA\1.5\NppDSMgr.dll InMem: 1 Det [G] MD5: 8A16A956E34C3E167B6DCF1D2DD5B16B PX5: ABC84BDE988DDBC9D077006EB7954700BF1F9EA9
C:\Programmi\File comuni\System\Ole DB\oledb32.dll InMem: 1 Det [G] MD5: A2033E5A2B7FC1874CACD6D70A7A7095 PX5: 722A7F0200065713701D079CB9F9D70095D47802
C:\WINDOWS\system32\MSDART.DLL InMem: 1 Det [G] MD5: ECCFE898B194F29C18946A9F2565C9D0 PX5: DE584F8600430EA6504E027C6AA1F4002664D3C8
C:\Programmi\File comuni\System\Ole DB\OLEDB32R.DLL InMem: 1 Det [G] MD5: 072EAB566EFA824042EDA60850538AA5 PX5: 67B6489E0098E89B20BA012DDDE82A004115021E
C:\WINDOWS\system32\msjetoledb40.dll InMem: 1 Det [G] MD5: 643B75CD0B2159566433A0B73B034014 PX5: 95DF589240EB0A457A5D05D5477716001D95585F
C:\WINDOWS\system32\msjet40.dll InMem: 1 Det [G] MD5: 1009B115423022DC0280594DEB298DC6 PX5: F222E76C1CB189A40066179296ACBA00B77C1AA0
C:\WINDOWS\system32\mswstr10.dll InMem: 1 Det [G] MD5: 6B78BE0B6642190BD4C5BA197E30AA4D PX5: 9386B1AE1DB9591D605D091C0CFDC4007873D6B1
C:\WINDOWS\system32\msjter40.dll InMem: 1 Det [G] MD5: F8F172166C6793E905F5A501E83FF487 PX5: 0237E6541FFA5B19D0CD001E0B7E5B00265CE577
C:\WINDOWS\system32\MSJINT40.DLL InMem: 1 Det [G] MD5: 750963B6B6FBAC905983224203FD9E64 PX5: E29896651F41CDADB064022DDDE82A00408221CF
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll InMem: 1 Det [G] MD5: 144D153F4164645C894FA6196AE4876B PX5: 184764EE88EE911936D91012643FFB00796598A9
C:\Programmi\Norton 360\tpDataCl.dll InMem: 1 Det [G] MD5: 4715AFF3A056F98675881BAAC98C7582 PX5: CB1BF67060462CE6150C0E2C902A380048E88963
C:\Programmi\File comuni\Symantec Shared\NPC\uiLicPlg.dll InMem: 1 Det [G] MD5: 85D6F4C36D20FFF6904E07A498BE4292 PX5: F466593F805F8875F4C30143F3AF7700D64F9140
C:\Programmi\File comuni\Symantec Shared\NPC\PEPEvnt.dll InMem: 1 Det [G] MD5: 6B76CCC2DAF54A6D3C749E2BB42A62FC PX5: 1E38005680CD34C4FC0A006572624700221B7D96
C:\Programmi\File comuni\Symantec Shared\CF\PEP2.dll InMem: 1 Det [G] MD5: E34014171172E78847AE570651B8DDCD PX5: C612D0C7608BE9CF86D9069441E51500CBFDFB98
C:\Programmi\Norton 360\SetEvtHp.dll InMem: 1 Det [G] MD5: 34C399612D4C840E1DF06148E3D52CF1 PX5: C9E2519E78221E14348301567FF4430068286D2D
C:\Programmi\Norton 360\mmLU.dll InMem: 1 Det [G] MD5: 7BBAED778F292592FECF9537CE940EA0 PX5: 5057E4266091DA69C59603DD89D6E300A53A325A
C:\WINDOWS\system32\sensapi.dll InMem: 1 Det [G] MD5: 344E594BB748D4F828211A7C9CEA0829 PX5: 945479A500423FB71A9A004C020A3B0024ABF6B3
C:\WINDOWS\system32\msjtes40.dll InMem: 1 Det [G] MD5: 7F73FA0058A84A56CF40C0A36C5E25CB PX5: 388EDC8B1D035ACFB0920377F9430B00E3E5A2E8
C:\WINDOWS\system32\VBAJET32.DLL InMem: 1 Det [G] MD5: 51D39784BBF31F757A3EAFA668478197 PX5: 85C9EF351D0A9A3D782600663D273500BC4457FA
C:\WINDOWS\system32\expsrv.dll InMem: 1 Det [G] MD5: BA7D65548650AEC6E87669519AAC5FBF PX5: 711053231D670552D0F105E3C6F1390031DC8DB2
C:\Programmi\Norton 360\mmAVS.dll InMem: 1 Det [G] MD5: 3CE9D33E4578176513F6F3273E6B90BD PX5: 96B80DF96008AFEED5BC02FC8699CB002D6B147F
C:\WINDOWS\system32\LINKINFO.dll InMem: 1 Det [G] MD5: B737A3DA2C0A605CE2C7E118C59F38C7 PX5: 87EB2C9D005DD1A14E450046E4D6CC0014CFCDB6
C:\WINDOWS\system32\ntshrui.dll InMem: 1 Det [G] MD5: 64E0C77FAF1A30547739580EB5F3AACF PX5: 5EB8DF8A0005A80F3870025CC8B2C100D6ECC82F
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] MD5: 7E2817A623E16F830B660F81C0FD63DA PX5: 5F224AD100F73BC6CEBA0FDC56B8E400769BB8AE
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] MD5: 4E064D04280687F052D22346411A754A PX5: A985FE4A00CC85E09C9B0F9938302100F7A0248C
C:\WINDOWS\system32\SHDOCVW.dll InMem: 1 Det [G] MD5: 94B5E4D30B056EDE569135D106B5EC4C PX5: 404CC899004D0A30DEA416BC60F18800EEB79F58
C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll InMem: 1 Det [G] MD5: 786DD1892B553EFE5A004AC39775C851 PX5: 074EAFCB30C31F06BB08215C5868C500D04DAD28
C:\Programmi\Microsoft Office\Office12\GrooveUtil.DLL InMem: 1 Det [G] MD5: 6814B25C2B339B9F509063FECA36601A PX5: 5548099D20627F5495B80EEEC2C4F3004F95A3DD
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll InMem: 1 Det [G] MD5: E4FECE18310E23B1D8FEE993E35E7A6F PX5: 9A45456900EE9D7990C909755A3A5C00A6DAF154
C:\Programmi\Microsoft Office\Office12\GrooveNew.DLL InMem: 1 Det [G] MD5: EBFC4D631D9DA54CAA2DEB6808E196AD PX5: 76EA5B8318588010596000BECF18C000050E6CA1
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL InMem: 1 Det [G] MD5: 3C7DEF3CBBCA6284867AA4621D5D8A54 PX5: EEA0ABF1009B0E5C781C0186AB2A510079B716A2
C:\WINDOWS\system32\MSImg32.dll InMem: 1 Det [G] MD5: 51F309AA675B5B77D19C573B7E0BB253 PX5: CB413D4600B070AF127100D0C427CA00FD59EFF9
C:\WINDOWS\system32\themeui.dll InMem: 1 Det [G] MD5: 0F7BFE3EF3FC33FD598427C015BB8B5D PX5: BAC50787005D6D22F49E05A57642CD002A91E075
C:\WINDOWS\system32\msutb.dll InMem: 1 Det [G] MD5: FC6C38A1249D86FC62F72C8A5E3379DB PX5: 7A3AA486004261ECFC5902E8FBAFDA00B6B25BB1
C:\WINDOWS\system32\MSCTF.dll InMem: 1 Det [G] MD5: 5D2F1BEEA828B4951F550BADE794C1EF PX5: 64563C73008EB95E7EDD046B94EDCE00A3D588EB
C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll InMem: 1 Det [G] MD5: BD25E3537B54C1BFF40335992B3686FD PX5: 2151C22430370CCF65A0036F4CCD5E0031B9A689
C:\WINDOWS\system32\ieframe.dll InMem: 1 Det [G] PX5: 80FF001F00BC956A8E265C97707B3100C8F7B51A
C:\WINDOWS\system32\webcheck.dll InMem: 1 Det [G] MD5: B8341DCD72B228EA60F7A96567413F45 PX5: DC888BD0002374D38EC7039DABB2550046ED2416
C:\WINDOWS\system32\stobject.dll InMem: 1 Det [G] MD5: 6474C3D1C136C60291B8A5EE9ED1735B PX5: 54D80CDC00F43E2DDE26016C15CB850052548DBB
C:\WINDOWS\system32\BatMeter.dll InMem: 1 Det [G] MD5: 66DB9D9CA443D7C8C9222BFF72F61ACF PX5: 73074F1200F9F02570C400FC5F48D3002E4325D8
C:\WINDOWS\System32\drprov.dll InMem: 1 Det [G] MD5: 4F32C69E05AE35FC609218E94B0DF5D9 PX5: BB8EDCE2008403A638800074FD083400905C26EC
C:\WINDOWS\System32\ntlanman.dll InMem: 1 Det [G] MD5: D72C81E7F4986BEB202813FC743AF8D7 PX5: FCEBCD7A009905FEAA4200960455950080D2A1BD
C:\WINDOWS\System32\NETUI0.dll InMem: 1 Det [G] MD5: 9FE57C0551C88667B8FBDE49BD399144 PX5: 074187360063FEE5400A014D6C2C430053ABE349
C:\WINDOWS\System32\NETUI1.dll InMem: 1 Det [G] MD5: A5CA0066DF5A68D4A7403F2E32D620D8 PX5: A4DAD8A200850E09C097034C744E770099F86FBA
C:\WINDOWS\System32\NETRAP.dll InMem: 1 Det [G] MD5: E7FC69C00BEBC04DAEF86071822B2B89 PX5: B3940B1900334CEB30F300847BE9340024D302E6
C:\WINDOWS\System32\davclnt.dll InMem: 1 Det [G] MD5: FA5791230A59DCC0F1BB0B0A193375A7 PX5: 5E0DDE0C0099E131624800B42D603500DF9BC5AA
C:\WINDOWS\system32\MLANG.dll InMem: 1 Det [G] MD5: F036BC2525F8701628ABB0A550C1C692 PX5: A0FB8BA50045A9FEF20208062C04B3005F96B032
C:\Programmi\Microsoft Office\Office12\GrooveMisc.dll InMem: 1 Det [G] MD5: 3225369E73FC336C7C7824EA53B26AD5 PX5: 68D94A79206A2F29BBDD17E7F1BF4700BBF29244
C:\Programmi\OpenOffice.org 2.2\program\shlxthdl.dll InMem: 1 Det [G] MD5: FEDA3633B93FA6300AC2A2CEC3EE2584 PX5: 6166B410002D45A330CE05989E38930095162760
C:\Programmi\OpenOffice.org 2.2\program\uwinapi.dll InMem: 1 Det [G] MD5: B2FD24D8615774C339F4C2D2BC57EB48 PX5: BB35DBB30059B43980EE010C5514900007784748
C:\Programmi\OpenOffice.org 2.2\program\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll InMem: 1 Det [G] MD5: 100136F3C317B3FBFFD33B9409AED1C3 PX5: EEECA2A200AE193420E61AFE5130B8009DDBAA0F
C:\Programmi\OpenOffice.org 2.2\program\stlport_vc7145.dll InMem: 1 Det [G] MD5: 777A4759585663D2F761104918308A12 PX5: A3EEF11B00C8EDCCD02D0845E6EB2C007AC6EC87
C:\Programmi\OpenOffice.org 2.2\program\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll InMem: 1 Det [G] MD5: 4B0991CD076B617A2231B19A6663C1C9 PX5: 066EC4DE00858605B060015F10D3790055C4D630
C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll InMem: 1 Det [G] MD5: C19A7CA3DE8632091FD0ADB1CAC850E5 PX5: 24B2D68758E1A17A45BC1A45E324F400FB4B87A1
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll InMem: 1 Det [G] MD5: 3A9F70479A886DCC8E5151326156472D PX5: 192051750038F05020D3015660218F00295A4BC0
C:\WINDOWS\system32\browselc.dll InMem: 1 Det [G] MD5: 03163D2CD97C11514F29987971F50A13 PX5: EA63F88500B471270C9A01309A4A800054BE305C
C:\Programmi\Spybot - Search & Destroy\SDHelper.dll InMem: 1 Det [G] MD5: 5248E02EFBCB64D328647CD00E384B85 PX5: 419AFD08503A86B0B74D170DC07D2B00426765F1
C:\WINDOWS\system32\faultrep.dll InMem: 1 Det [G] MD5: F519E549C0E544106776C0E2BDC86879 PX5: 8881272500607D363C8201F4E6BB3A00D79C24A3
C:\WINDOWS\system32\olepro32.dll InMem: 1 Det [G] MD5: CB6B225CC6C85CDA0430EF12441EA5B6 PX5: 4451C5BD00B67BC2466601954AF9C000130A3600
C:\WINDOWS\system32\jsproxy.dll InMem: 1 Det [G] MD5: 7B60E8AAA22E3F3932F93B6F16FCF5F4 PX5: F7AB047600237A326CEA00CF90E87000F4F60EE3
C:\WINDOWS\system32\MSFTEDIT.DLL InMem: 1 Det [G] MD5: A0AF66505F74A0BD26EBA73FE95DC734 PX5: 2E215EEB003B4ED33AFD082E3D0D4700E2A6273B
C:\WINDOWS\system32\DUSER.dll InMem: 1 Det [G] MD5: 0E316FF410E9A5BCA1BD1794DECE800F PX5: 576588D800DB533AA46504C81FA1F900F6700574
C:\WINDOWS\system32\actxprxy.dll InMem: 1 Det [G] MD5: CAC8CE72845461A8C6818071D923FC89 PX5: 007947C1003133828EF901D865E09C00F6A66BF3
C:\WINDOWS\system32\l3codeca.acm InMem: 1 Det [G] MD5: C5AF10FD0A2C5938C4D962537AF13BA3 PX5: BD6FA9CA00B4F05D702C042DD7B42E003DC5A552
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.l3acm [C:\WINDOWS\system32\l3codeca.acm]
C:\WINDOWS\system32\wmvcore.dll InMem: 1 Det [G] MD5: 1B116B5C8794415B4481DBCA2B96AE4C PX5: DFA7D7E148EF86D83B48241CE5BE390070BB5050
C:\WINDOWS\system32\WMASF.DLL InMem: 1 Det [G] MD5: 289B5B83F5D12F46CC16608729E05B48 PX5: 35F0431B00AEB36D789803A9AAC2610050C7CFB1
C:\Programmi\WinRAR\rarext.dll InMem: 1 Det [G] MD5: 2F636C9DDBC4B1B31285505F8CC7B8B5 PX5: 3D78E7C200E17F46F8670128E3FBB80096A203A3
C:\WINDOWS\system32\zipfldr.dll InMem: 1 Det [G] MD5: 84DC2B97AE10DEA7B265A74971634131 PX5: ED969ADB00D5666D2CF80569EB9E87007A803837
C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll InMem: 1 Det [G] MD5: 8AE2CC145F9DE7FEAA272D3D8DD90ACC PX5: 811D168F003D20D3205F01AB59F9CD001A33BA20
C:\Programmi\Nero\Nero 7\Nero BackItUp\MFC71U.DLL InMem: 1 Det [G] MD5: 7B93C623333F121DC9E689CCB1B7A733 PX5: 037598C700D68B82FC2F0F8DECC9D10082E94C28
C:\WINDOWS\system32\printui.dll InMem: 1 Det [G] MD5: CA104D6E9428BA00346CD615A1EE2E31 PX5: CFC465B500331E10BE8C08062B62D70065070AFA
C:\WINDOWS\system32\usbui.dll InMem: 1 Det [G] MD5: 3316E50E452F908482C0EB62B17F9308 PX5: B6E1D2C200FEC61F2C3F015D24F0D600CD71A0B8
C:\WINDOWS\system32\shdoclc.dll InMem: 1 Det [G] MD5: 9373E3B36EDBB58DCACC106530105954 PX5: 552F282A005B9932A4DA08FB1D53CE00D5EAFBF4
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll InMem: 1 Det [G] MD5: 9A451D3B7EEFE572D7B4B852F0F151F1 PX5: FC9C9943000426187E82046D238A130055B74655
C:\WINDOWS\system32\shmedia.dll InMem: 1 Det [G] MD5: BF30BB4D33AFA9E7E33F82F7DE84F18C PX5: 6F935BCA00698E3154450276A47BF4000FC59B48
C:\WINDOWS\system32\MSVFW32.dll InMem: 1 Det [G] MD5: 35DE518C32E4D878A250301A8F2EEE08 PX5: 4870710600DDCA90DC7001F6C351A000C502322F
C:\WINDOWS\system32\AVIFIL32.dll InMem: 1 Det [G] MD5: 59BE4FC08DE41953A9DEE7B47EECB8CD PX5: 3FE30B9700E394E34E7B016A00BC3A002FF2247D
C:\WINDOWS\system32\qedit.dll InMem: 1 Det [G] MD5: 61FD8979FCAE97782FA551791055F487 PX5: 37C85C9600F160E998B2081D361550001EC3E01C
C:\WINDOWS\system32\quartz.dll InMem: 1 Det [G] MD5: 31F8C0579B3DA42660CC3CE86E750425 PX5: 8BFB13FE00484DF3BADB13CB62CDCE00CE2E372E
C:\WINDOWS\system32\devenum.dll InMem: 1 Det [G] MD5: C388DAF6A91BE8E8615DD067BC0F3928 PX5: 3F29E6CB00309A3EEA63004DF7AE9F0064C7387B
C:\WINDOWS\system32\divxdec.ax InMem: 1 Det [GP] MD5: B6D8A0E56D3F8A21214641F947E87550 PX5: 2CD4F8E500C151D89C230311B207EA00C08A3EA1
C:\WINDOWS\system32\xvid.ax InMem: 1 Det [G] MD5: 1D9FB9784F32276EFB43512A81217753 PX5: 3FE47C3300AD8234D0EB00B236633B00717D0D3C
C:\Programmi\File comuni\Ahead\DSFilter\NeVideo.ax InMem: 1 Det [GP] MD5: 916D9C018DBD2B0226C8699F4FD2E6B1 PX5: D70E6E3700E25173B4D10FBDBA6E6000845ED7CC
C:\WINDOWS\system32\ddraw.dll InMem: 1 Det [G] MD5: 613E66ACE3FAE6523E6F1A0183AF7F2D PX5: 4E606A3E004BFD1E107104ECA94E4700B2873B8F
C:\WINDOWS\system32\DCIMAN32.dll InMem: 1 Det [G] MD5: B4135161FBDF6BF676BBFA8EB79CADE8 PX5: 256E9CF3007B0060223C00722D6B1100E50006BD
C:\Programmi\File comuni\Ahead\Lib\AdvrCntr2.dll InMem: 1 Det [G] MD5: 58638D54FBFF495D812D1C1F7A032CBF PX5: A7D5DCE7004035C890FB2BFB5ECA640012923807
C:\WINDOWS\system32\qdvd.dll InMem: 1 Det [G] MD5: BFF30141D36CAB4EF3E52EBD6640B404 PX5: 7867989B00EDD543E2810580E8BB7F0006AE49DB
C:\Programmi\File comuni\Ahead\DSFilter\NeResize.ax InMem: 1 Det [G] MD5: 624991BA742FE3F024220B450BE06D0C PX5: 2D7B31F800BFA1DE50C1020E9059BC00F2AA1C5F
C:\WINDOWS\system32\MFC71.DLL InMem: 1 Det [G] MD5: 4B1BC262B76232056F3B247C37F26940 PX5: CFDA0CFC00A2277630D610C3630A04008989B89C
C:\WINDOWS\system32\sti.dll InMem: 1 Det [G] MD5: 8F44BA342774B5CC5E5A6A0B68E5ECC3 PX5: D0C61BDE00B5681C0CA40120655A6E00CC4935F5
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe InMem: 1 Det [G] MD5: FA2F6A8849219B16460BF44F9D1F3AA7 PX5: 83F9FE098896750F191813EE5975780001DBA358
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Symantec Core LC - ImagePath [C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe]
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcnet.dll InMem: 1 Det [GP] MD5: 7C7E6566AD8F97630E40E079E8160EBE PX5: 81E828D488F1A4B287A405F2D83B2C005883A95E
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PX5: 1DCDB07A00179F65E28700A02CD4BA00B29C7A8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler - ImagePath [C:\WINDOWS\system32\spoolsv.exe]
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] MD5: DD90C59EF82D6CDE5886B595CA8D8D8A PX5: EEC4C153008FC3AA248101F4B2E71800601A2E7A
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] MD5: D5882ABF5F3652ACBF36C882EA4DC9A8 PX5: 4416D740002AA3683E4E05C1EF102900643A9BD8
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] MD5: A2660003F73982579EBFEF1F6C2F6234 PX5: ADFEA2D500C13C76C238009F710B75002AA8B844
C:\WINDOWS\system32\HPBMMON.DLL InMem: 1 Det [G] MD5: A246F118B3247C456DC68C5B7D929E75 PX5: 238BF1EC009B5F39A0AF0082A40663000E6060AB
C:\WINDOWS\system32\hppamon0.dll InMem: 1 Det [G] MD5: EAC35A4ECBB7BE994F08C144DE0F2817 PX5: 1A56B61A0096BBAB803F00F765369000541228D9
C:\WINDOWS\system32\hpdomon.dll InMem: 1 Det [G] MD5: AAE2820726FF1346B501610CC56A9D9C PX5: 57B5052800272EC8E4580074792CFC0005450C59
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] MD5: BBD335EEABDA429E2A4A401AE977ACCC PX5: 84CFC62400E584133C01005DDEFEF70074DE7C99
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] MD5: 1AE1CDA7F68B0A8603A3117AE5F00B03 PX5: 355B55CF00434C1C429F0037D7A64900612AB6C2
C:\WINDOWS\system32\HPBHealr.dll InMem: 1 Det [G] MD5: C51A3D62B0F81897EB0CEF4E47392CB8 PX5: 2C12DB7842D58CC370F5012D6F9FDA00331F078B
C:\WINDOWS\system32\mdimon.dll InMem: 1 Det [G] MD5: 27CCEA9CE41A726B13E45795CCC3B7BA PX5: 6A98284230EF1DDB772C0002B1030800528FB82A
C:\WINDOWS\system32\msonpmon.dll InMem: 1 Det [G] MD5: B9B3F6D8B8F1E0029C58B304632A729B PX5: 3DA24CA0507E657D7FFE00188B7C5D00617503AF
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] MD5: 1417745D9156EED7C8B871A3F8A8F56D PX5: 4DB1307F00B38383B4DE0091A261F900D73B20B9
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL InMem: 1 Det [G] MD5: BBCE4DEB3501B71E7EB1D8AF3A35B975 PX5: EECC6657001C098DC066004F58A2ED0037130D2B
C:\WINDOWS\system32\Imf32.dll InMem: 1 Det [G] MD5: A0DF3F3AA3DC40FE160AAEFBB5187FD9 PX5: 6F696496003E704870D700AEE7D8C9006F4EE1FE
C:\WINDOWS\system32\ZTAG32.dll InMem: 1 Det [G] MD5: 27B026CC7EE3B42745C3362603FBFC52 PX5: 2ED38D1F009E6D0560D900570131CE009460C97D
C:\WINDOWS\system32\ZSPOOL.dll InMem: 1 Det [G] MD5: FAE332DA4762C6779A3845810405924F PX5: 09DFD1C700B880D350FB013D536E0400C28C836C
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll InMem: 1 Det [G] MD5: 4424AE65F7AF8181AC99FE46BC2700C9 PX5: EB87AEEC30807E6477DE00DBD21DCC00BCD6BBD4
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll InMem: 1 Det [G] MD5: F348280907B38FDBDB3CEF55D456E149 PX5: EA2F6B0250E056DF811F00B824D187009161FDF4
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] MD5: 660E56BC8C253B5B47DCC6560CCD62DA PX5: 3EE5A7330005B84D903F019D6D465800D7DE2821
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] MD5: BE4FF5FBBC55DC3C2445377C50497F1F PX5: 84746D7B00F17DE826600104529E590058DFB441
C:\WINDOWS\system32\bgsvcgen.exe InMem: 1 Det [G] MD5: 71489FA2C4A238F178E30AE6E4449013 PX5: 2172654800C587F1505201A09921C200606EBF50
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\bgsvcgen - ImagePath [C:\WINDOWS\system32\bgsvcgen.exe]
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe InMem: 1 Det [G] MD5: 7CF1B716372B89568AE4C0FE769F5869 PX5: ED1543E000FE97EC203705864F870600352BC644
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MDM - ImagePath [C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe]
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\mdmui.dll InMem: 1 Det [G] MD5: 51258D45A148247A775166808C228653 PX5: 2F341A4700B97E6560590001F738C100DF7EA4C8
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\csm.dll InMem: 1 Det [G] MD5: 647C11534C7AF0C5FF599D930476511F PX5: 88B7EDA9003FD1B6E44801CD25F93A00F5A2F1A1
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\msdbg2.dll InMem: 1 Det [G] MD5: 94A0142B6AE74333BCCF6502D567CBB6 PX5: C905BEEF0035E9B8C6400388C03A7800689EEBA6
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe InMem: 1 Det [G] MD5: B1691AF4A072CB674D600DB16DD7308E PX5: 6E3F870F008EBEF336270452A8732B00B15E0D48
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\StarWindServiceAE - ImagePath [C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE]
C:\WINDOWS\system32\wsnmp32.dll InMem: 1 Det [G] MD5: 73DF735ECC9FF9F511A1B5E5B825C0C4 PX5: DCF100F400C1FA92A6C0006EC31E10006A687480
c:\windows\system32\wiaservc.dll InMem: 1 Det [G] MD5: 385CF0E9C4679D23E1E8715AF2116D03 PX5: B69A81C6002918EE1A4705E2549FBB00ED5C7BBD
c:\windows\system32\mscms.dll InMem: 1 Det [G] MD5: CD669D359DAD2AB7EE5F6E09010A6167 PX5: DF52A2B9002BAEF722FE01B4E2E8B900D4427BF9
C:\WINDOWS\system32\eswia52.dll InMem: 1 Det [G] MD5: B4EADEA3F0142C532415075A055F5873 PX5: 12F372FA00054743C0B5027BDE8C830089EE4D21
C:\WINDOWS\system32\wdfmgr.exe InMem: 1 Det [G] MD5: AB0A7CA90D9E3D6A193905DC1715DED0 PX5: 9FA38DDC00508FFA98BC0037D087BF0071EC7096
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UMWdf - ImagePath [C:\WINDOWS\system32\wdfmgr.exe]
C:\WINDOWS\system32\SearchIndexer.exe InMem: 1 Det [G] MD5: 2EC497AA4B728D1B1A368ACF2E309E8B PX5: E3FFE61B00075524944D04CF6E169F003580523B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WSearch - ImagePath [C:\WINDOWS\system32\SearchIndexer.exe]
C:\WINDOWS\system32\TQUERY.DLL InMem: 1 Det [G] MD5: 602C498BA4F3831D5EA882B07E96A42B PX5: 691E0CAD00D8FEE6F607161A9CD68E00FFBE9C04
C:\WINDOWS\system32\PROPSYS.dll InMem: 1 Det [G] MD5: 1CA7B99228ECC7A7C58F998975F47E70 PX5: 33A6A74900531492325F0B82B99412002539F082
C:\WINDOWS\system32\query.dll InMem: 1 Det [G] MD5: 5BD21B337DD73AE38D320A6932D46637 PX5: 59992EC9006A16C8F61E15C90EE99300407430BB
C:\WINDOWS\system32\msstrc.dll InMem: 1 Det [G] MD5: AECEDDE08C9F4F557CB28449D9A9C665 PX5: 7C0D21C500C81644CCD800A4C25CE7008A62EE0F
C:\WINDOWS\system32\mssrch.dll InMem: 1 Det [G] MD5: B743B077538AE32BE93D64E92F75F566 PX5: A751E15400AA29D69C9A168C9C7CEB00745AC884
C:\WINDOWS\system32\propdefs.dll InMem: 1 Det [G] MD5: 7E4F71FD0A7DFA1B82C8781D83530B88 PX5: 4FC3DFEB00147FD5005A01C8FCAF8A00DFE9B6DF
C:\WINDOWS\system32\XmlLite.dll InMem: 1 Det [G] MD5: 215422272BBADD7DDA57D0372062D293 PX5: DBDBF6F300FC6405DCA0019FAEEF2800153F1E93
C:\WINDOWS\system32\it-it\tQuery.dll.mui InMem: 1 Det [G] MD5: 903A8F168DC6B5FECE9C48E48EC2FDC4 PX5: 842772F800CE4B46F06903B2E86B0200506ABD39
C:\WINDOWS\system32\msscb.dll InMem: 1 Det [G] MD5: 56B47E6BF47327124B55F9F4F4B9F684 PX5: 20FCDA07006B10EC5C6B00AF92485900B0273059
C:\WINDOWS\system32\perfproc.dll InMem: 1 Det [G] MD5: C903E30BDB77AB0C730237F270EC3F90 PX5: 9295671F006AB0848C9C0090B29D8700CE4DE46A
C:\WINDOWS\system32\mssprxy.dll InMem: 1 Det [G] MD5: 037602098DE87A7A5E0B62A8A17FA4DF PX5: D082C929000F6BB67E8900391470340084BBC8D3
C:\WINDOWS\system32\infosoft.dll InMem: 1 Det [G] MD5: 360EC47679ACA2205598E71349B8B2E9 PX5: 2CDB31710086C2C1E08406D1C61673004093D560
C:\WINDOWS\system32\LangWrbk.dll InMem: 1 Det [G] MD5: E078484FFC70F0B66C0235B360558153 PX5: 9D631F11006B809B5E3F01D350AD5A00BB8049E3
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE InMem: 1 Det [G] MD5: 36B9FC05B2091A5782D4A0189FE1735C PX5: 07B8C31C00BB15ADC0C1002DDDE82A00DE2A0501
C:\WINDOWS\system32\mscoree.dll InMem: 1 Det [G] MD5: CA7B804518DD3E76B81042E25B17A23B PX5: 39B7B37D00CEFADE247704DFB3C8DE002536B07E
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll InMem: 1 Det [G] PX5: 4703171A0090D619F86555CF9E3335008C5D77D5
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ce6caca91076f88110e2f2b41478e148\mscorlib.ni.dll InMem: 1 Det [G] PX5: 4E0C39FB0072D3C58056AC4E222CEE0017BCE50D
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll InMem: 1 Det [G] MD5: DE426FD4BC678D40F202239842B76723 PX5: CDA1C88900EDD2F7FC8A04F4A0745E00C0B8AFDA
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\53af5f9d05944bc936cfa36bbaa511b3\System.ni.dll InMem: 1 Det [G] PX5: 61604774005DF09B10C87CD75DDC230068D286F3
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\47ad2474a8370b4fc6b3e16fc845138d\System.Drawing.ni.dll InMem: 1 Det [G] MD5: 153AFBB70467F6D644B182D22CECDB51 PX5: 14BDF24F008FA342703918AF1E6201008D37D3B4
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4a5855ab78bf24b26e36c458d78b60e4\System.Windows.Forms.ni.dll InMem: 1 Det [G] PX5: 5281209A00C7B1EE002EC8FD6C167D0069C043B5
C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2693.37137__90ba9c70f846762e\MOM.Implementation.dll InMem: 1 Det [G] MD5: 06B74CB9F37952F64960FD923356947F PX5: 2FEFD0F800E25BCB906701D145A8FA00837B12E2
C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll InMem: 1 Det [G] MD5: DBC515B7EE90E94DBC6A54404A3992B9 PX5: C6FEECE00090462D808E00487EBB6A00A67A01CB
C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll InMem: 1 Det [G] MD5: D391A9D05628FD64C79FAD6561500F21 PX5: BD77AAD4002AA20F8012005A82D4FE00CEF030E7
C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2693.37136__90ba9c70f846762e\LOG.Foundation.Implementation.dll InMem: 1 Det [G] MD5: 867A385385A67F0EEE9B0014E8FFE2E8 PX5: B13B175E00A19190F0B400B78AFB06004A9A033E
C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll InMem: 1 Det [G] MD5: 1BAAF8E1921CC80A6711992C92AABD85 PX5: 753F5F1E000391F4405C004E3EE60D008BB36DF7
C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll InMem: 1 Det [G] MD5: EDBE69604A4AB28FC960FEC1EF8F1EC6 PX5: 7ABB8DFA002D20E350B6002DDDE82A00892A4649
C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll InMem: 1 Det [G] MD5: EC7044FC15BE0BEEB7690E3CC1A196BE PX5: D81B18060075E261906004E8CE14B1003EC27436
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\57424a330b9a2257376240c51d7e9fab\System.Web.ni.dll InMem: 1 Det [G] PX5: E08A63220034B881F089B9FAD43A2A006BBD4AD8
C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2693.36851__90ba9c70f846762e\AEM.Server.dll InMem: 1 Det [G] MD5: 29411B20BEE04198157849A42A0A59F3 PX5: C7B25B57006EBB8EB0E700FDBBB313006EBBCF72
C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll InMem: 1 Det [G] MD5: BEA944358FE10C73B578BFFBB64FC2A2 PX5: 614F9B6300DAC6E9604F001E05EF7400A115BC5D
C:\Programmi\File comuni\Symantec Shared\ccApp.exe InMem: 1 Det [G] MD5: 25BE770865658CB79100117112819A7C PX5: 81FF699D68BBC362C4C7015DD3FB79006CD488AD
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - ccApp ["C:\Programmi\File comuni\Symantec Shared\ccApp.exe"]
C:\Programmi\File comuni\Symantec Shared\ccAlert.dll InMem: 1 Det [G] MD5: 677EADF3FFDC14DF5044D7F16B0CE558 PX5: E3D09914685EB187164404FB516DDF006875D69E
C:\Programmi\File comuni\Symantec Shared\ccEmlPxy.dll InMem: 1 Det [G] MD5: E7F15D691F91240901E8B7961DA08043 PX5: 2195FAE268CB2AAE4690051A7D5C0C00EDA1FE21
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll InMem: 1 Det [G] MD5: 1AF91B3D6829A1656654F183232EAD05 PX5: 0364FBEF88D61B3EB66002AB5D10C700DBA62173
C:\Programmi\File comuni\Symantec Shared\COH\sesHlp.dll InMem: 1 Det [G] MD5: 1F31DB9CBB290361CD75197C31015AE2 PX5: 3D8A43B560E8346F85D1049BC84D2800397D6316
C:\Programmi\Norton 360\SHSesplg.dll InMem: 1 Det [G] MD5: 9467A23F5613EA2678995EAF7664314B PX5: AA812DB7604E094D057D021719D1C300A378D879
C:\Programmi\Norton 360\NTPAlert.dll InMem: 1 Det [G] MD5: 6EDB65BF87E4E1F5858F2B50237B4CC7 PX5: 9045EE1A60961C1C15DB083581E6DC001839DEDA
C:\Programmi\Norton 360\tpMainUI.dll InMem: 1 Det [G] MD5: 681685DB82D07B4D24066819A9830982 PX5: C1752E3460F24A789DE01D1BAE30920074AB8845
C:\Programmi\File comuni\Symantec Shared\COH\sH0002.dll InMem: 1 Det [G] MD5: 13D20FBD1176DBE12C3A3A6487103F9C PX5: 6FB77EEF604BEE9A953B06F0AC26D0007E173A81
C:\Programmi\File comuni\Symantec Shared\rcEmlPxy.dll InMem: 1 Det [G] MD5: 74F899104D2354C6F3C517806590C92B PX5: 742BCA8F680805603AB40099DB95B4006FA25D3C
C:\WINDOWS\system32\SymRedir.dll InMem: 1 Det [G] MD5: AFA1DAB65403E07F1DEF1CED25595FB1 PX5: 851CFB2D90637F65B23B03DE4832CA0016988FF1
C:\Programmi\File comuni\Symantec Shared\AntiVirus\AVMail.dll InMem: 1 Det [G] MD5: C4043D9634EFD72E8CEDB170114C4B36 PX5: 00CC7A6C60B2337F12F901C462253E00FF42165C
C:\Programmi\File comuni\Symantec Shared\NPC\NSCWSCR2.DLL InMem: 1 Det [G] MD5: A411997CA9D7E84452F8A53388E764A5 PX5: 57CEBD128029CA9B881307A94BBBE800EDAAC10F
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll InMem: 1 Det [G] MD5: 17FDC376B63BF61B5BE5EC2353C59412 PX5: DCBA3AFC88404E2A5646038A56675300BE5D186B
C:\WINDOWS\system32\ctfmon.exe InMem: 1 Det [G] MD5: 5B33B4265966EE063C7FBEA28958D9C2 PX5: 7BE460C100E5509F3C0D00F14B5A510097B91217
REGRUNKEY - \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-21-1123561945-789336058-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\ctfmon.exe]
REGRUNKEY - \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe InMem: 1 Det [G] MD5: A9A5DB6AC3721BE698B996913693D73F PX5: DBCEC86B5096B84D01522052F5AC97003679AE84
REGRUNKEY - \REGISTRY\User\S-1-5-21-1123561945-789336058-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run - SpybotSD TeaTimer [C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe]
C:\WINDOWS\system32\hhctrl.ocx InMem: 1 Det [G] MD5: 13EFCC088ED364A8D3410FF495B8F4D7 PX5: D3B0A24B002675A156C508DBC9824800F99F525D
C:\WINDOWS\system32\mui\0010\hhctrlui.dll InMem: 1 Det [G] MD5: 126A1B4A38BDEEB1CDF0E06E5A547669 PX5: BA28999700DF7F81607B01C7951F4A005B77C7B8
C:\Programmi\Spybot - Search & Destroy\advcheck.dll InMem: 1 Det [G] MD5: 4DD0DB402AC1F3F340AF64433B21ED3B PX5: 9C8790F95034281EF78C0DA50409C4002922D833
c:\windows\system32\w3ssl.dll InMem: 1 Det [G] MD5: 730374DCF08DF00178D190F9EBD0058A PX5: A6B700D7003E7B103E9200F3DAA15600D1CE535A
C:\WINDOWS\System32\strmfilt.dll InMem: 1 Det [G] MD5: 4BEFAAB581FCFEC0A658C704D416F571 PX5: 066E28230096601228B701DD5C8350004BCC7182
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe InMem: 1 Det [G] MD5: 0FC4CA031C46CE1BBDD8A7E91ED2251B PX5: D933C3DD00A87666C061002DDDE82A0020BD462B
C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2693.37137__90ba9c70f846762e\CCC.Implementation.dll InMem: 1 Det [G] MD5: 1CB2882C1B3CCAA4646B8D10209061E4 PX5: 00338C46007A1FCC80F9008AD833480049F8F73C
C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll InMem: 1 Det [G] MD5: F18D90567CEF39955D8BFB5097184565 PX5: 1327F2EB003924D5C0C20033EC49140020B54B43
C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll InMem: 1 Det [G] MD5: FBC41D9BA7BDF85AF6609E2361CA8C71 PX5: 3E384BC5001D773C70FB00E9FC6289002B71F1AB
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\681bde8b2c3d567134c3e59b61d486b0\System.Xml.ni.dll InMem: 1 Det [G] PX5: F2ED314D009526C0D099557F8474730064A93B92
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2693.36852__90ba9c70f846762e\CLI.Component.Runtime.dll InMem: 1 Det [G] MD5: 02B2DB988B7C7E43A10FC843F340C002 PX5: 4D5332420003AFDE80C7017392122100EB8E14E4
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll InMem: 1 Det [G] MD5: CCDBCAC27DB313E97623A87B5A381BB9 PX5: DBD4FF2200581C48A00C002D46AD2500C2645244
C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll InMem: 1 Det [G] MD5: 3B7DC2CD951557717C5781FEF1A8BB9E PX5: 789585EF000CF3905017002DDDE82A0050082B50
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll InMem: 1 Det [G] MD5: 22AB9DF887CB67920CDCAE9066A2FEFC PX5: 4430A36D00E0D974402100B733726C000E80A240
C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll InMem: 1 Det [G] MD5: 51F5508E51727CAD78CBB5723F1BA81E PX5: 39D79F92007764E980A9007546F734009AF12A5C
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2693.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll InMem: 1 Det [G] MD5: 3ACA064A105FAC0BE799AF3ACC5E5289 PX5: DF8510BD002791131A9A0036D9B3EE003BC0BAF8
C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll InMem: 1 Det [G] MD5: 85EC421A4731A2C69417DF9E38B00D34 PX5: 37BC811600C214DD604C005FF7C15300CFCB269C
C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll InMem: 1 Det [G] MD5: 215B54759B870A46C290D6DF81710C37 PX5: 60D9C83B0048C6E6400000E13D490D00457F452E
C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2693.37182__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll InMem: 1 Det [G] MD5: 41637FF9EF32743794656EA5BC3007C4 PX5: C3BAF468007446E1901E000CDA76F4008CDCF4DF
C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll InMem: 1 Det [G] MD5: 6C041E0154C30751792BFAA2EF5416F0 PX5: 27ABD20C00FC89FB407F00E3D16E63000FEE342D
C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll InMem: 1 Det [G] MD5: F595A1DA0BA8DB725CEE241CF10F9C91 PX5: 65E04B540030C94940DF003B4B008E00F487B135
C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll InMem: 1 Det [G] MD5: FB21E6379376A594FC26368F62077D3A PX5: FDD563FA00AB77F7B0A9001280CF3E0088555CFC
C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll InMem: 1 Det [G] MD5: 110D2A7BBFBA80AAE36B5F229FE800AD PX5: 8944D0EC007FA9D640EE007B6B88BE00803C218B
C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll InMem: 1 Det [G] MD5: 366CDFF207BBFD1F0B630EA3C09323EB PX5: 4936879C00B0898C401000EFF64FA8002CCFD856
C:\WINDOWS\system32\ATIDEMGX.dll InMem: 1 Det [G] MD5: 66FF6BB8EE8B1D6314A1AA1B18E66332 PX5: D936EBAD0054F7BA30EB055336C8AD0039EB1532
C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll InMem: 1 Det [G] MD5: 614CC5BC99E4FEDE046F1E6986A7C35E PX5: EEF713DA003F7EECB0D805D40A27F00038C984F9
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll InMem: 1 Det [G] MD5: 0B121A6CFF9AFB84EC12E6FE4C34F5EA PX5: ADEB7A16006C997B6EC8001FA8864C0049B19D08
C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll InMem: 1 Det [G] MD5: 925481CF1BF22885DA19CB050FD19995 PX5: F84511E400AEA375407000E8C8CDD9009893B359
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2693.36853__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 3E64CA370F8A5128684B3A3D70D3EE8B PX5: 5A838A47001FE37590520322120C8C00CA32E652
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll InMem: 1 Det [G] MD5: E361EA00675B5A40A81C6389721C3D17 PX5: 18EF9FA30045CFE2C0AF002C737ADE004F3B0EF5
C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll InMem: 1 Det [G] MD5: 93D5B9634C4744FB115785081ECF9738 PX5: 4A8E3BE3006DC55D60B000B738FE1A001889265A
C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll InMem: 1 Det [G] MD5: C1B44AC862D64C13E9D499603EFA2F6D PX5: 3FD35E6C004E98D95010002DDDE82A00DE298841
C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll InMem: 1 Det [G] MD5: 4D08D9D664EEBCD6F7793E1D0FBE8002 PX5: C96F162D007CBD7450B9002DDDE82A008C08B81E
C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll InMem: 1 Det [G] MD5: 7B01B3FDFAFE0829143E395210A699BD PX5: 018400CD006BBB00406800E30CB25F00C997C438
C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2693.36852__90ba9c70f846762e\ATIDEMOS.dll InMem: 1 Det [G] MD5: AA75775D23D62AADBC8CFB81B7A39C02 PX5: 702F7C2D00567121F0CE00A3D9C8B1007664F1BA
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2693.36872__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 9484D7B2738AD56A798090FC83CD1CC8 PX5: 19EB7F36009AEBFE506C002DDDE82A00501B10EA
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll InMem: 1 Det [G] MD5: 1005D5B626678F233142C59E29320A83 PX5: A226CF3800F5F72350B9002DDDE82A0055745504
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2693.37073__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll InMem: 1 Det [G] MD5: B07146670D9A5A04BE01749AC209E87B PX5: 3F5E8BC8004E40450035011F7474C8004FF1121F
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll InMem: 1 Det [G] MD5: 9A92D34674F61FD4C0B2784761FABFFE PX5: E7D4A73B0021DAFC5058002DDDE82A00ADAE2DCF
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll InMem: 1 Det [G] MD5: A988F3A177A52AA94DA0E287A26E852D PX5: 65DF8865005B2C30A0B900035508230073A666F7
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2693.37009__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll InMem: 1 Det [G] MD5: B4E34C272CED4D59D3118CF5EC932BBD PX5: BD60F20D003144B0801800B88D43A4007456CAA0
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll InMem: 1 Det [G] MD5: 8A4249F46A611431AEA0F01FE3B9C4B7 PX5: 6AC49C91001AB22760BD00402514240076732318
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll InMem: 1 Det [G] MD5: B5241C84103BB0D5283CD3494075448D PX5: BEEBA37E0006322F70BB005674C6C800E001B632
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2693.37115__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll InMem: 1 Det [G] MD5: D3F09BE81074C9CEAD47AF09EB4D8D31 PX5: 507A655A0087C05A207D01938F74ED009E3507A9
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll InMem: 1 Det [G] MD5: 0F3CB00AD8344A6147DD0A88857F2AC0 PX5: A1CBA7BD00CEA5AAE0BB0023525E7400A68C1DF4
C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll InMem: 1 Det [G] MD5: E2E615FEB5C9DBC7B926075721603898 PX5: 81A0D057009B5CB640A0003B5AACF6005EEE79E4
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2693.36907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 403157240FD94ADE9BAB8AAF31A38445 PX5: 069749D80097737A80370008E63AC800C528E01B
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll InMem: 1 Det [G] MD5: D43CB717F32ADE766F2F4AA97CEC6D58 PX5: 0D375789000B2FB7D04F00DE06D63B00397381D1
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2693.36927__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: E47B67E601FC04A45AEC2AA66587F3A2 PX5: CF0AD58F006F47B3A02000533E959E003E7096F0
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll InMem: 1 Det [G] MD5: 935DB9FB2AD026036E6871DEC923EF8D PX5: 82FC89CD0011AD6570020039C6EE2300192D162B
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2693.37039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll InMem: 1 Det [G] MD5: B574CD4B6ACE5197E69AE63BF381EB64 PX5: D3C572C4000CD170801E00C8F452D9004121EE17
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll InMem: 1 Det [G] MD5: AAC2B5D49F7D59631FB5F7F8E79D3083 PX5: 7D880A4B00E71940601100D0F86827008046A46B
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2693.37017__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 57AFD6AEDA2A36426C1587668D9F9D28 PX5: 0777551E00B04F4FA0110033AF994A00269AD331
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll InMem: 1 Det [G] MD5: A773EEFD5F8D1DFA55FE66169D26C103 PX5: CCB8934900F37940D03B00CBFB071700D654C1D7
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2693.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll InMem: 1 Det [G] MD5: BCF0A314ADEDB744638106EFF80CC04C PX5: 7E77AEF70048CBA2808E004355C7F4005656E4FB
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll InMem: 1 Det [G] MD5: BB66D661EFCE5E361E5B3BE38E3C1255 PX5: 47D0609700E592B970D300E6985F110026C1918C
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2693.37010__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 75F0C47EFC0268E3700DF7BE4F8E9C6A PX5: 8158F48100730260D07600457F0DAC0037CB83FB
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll InMem: 1 Det [G] MD5: 5DD03616555AC68442CDCB348DB72DE2 PX5: 03E42DF600FD485AA01200EDAE652A00572F0B95
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2693.36901__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 15FC6A72E9536D29B1996C9C90E1E296 PX5: 78BD0E8A003B699070EE00928F68A200388BD1DE
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll InMem: 1 Det [G] MD5: 92BF1711BA3D1D537D0B5CA4B0E5BB49 PX5: C6AF49E500D0C8775090002DDDE82A00247FAE2A
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.2693.36941__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 18C846FDEE1798F1D32D1EA01D1534EF PX5: 87DE709D0093E45870A100B46A8642002162E05C
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll InMem: 1 Det [G] MD5: D8008562889E43D7E07EFB3B3BEE0DF4 PX5: 7CE1936400A15E5F606700D15C5614009B5F6E94
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2693.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 3B619A7CDD367386C4DD40BF597159E6 PX5: 1887B68300C78D71F06E00418F51F1000CF862CE
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll InMem: 1 Det [G] MD5: D68F1682D16046367B8F4D1F08ED85E8 PX5: 15B28FDA00C05971C01E00CEB9F6ED00C9F44CC5
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2693.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 475BA7712F1CB05A38956BDF9EDADF49 PX5: FA7B28A100A60C14C0660057A0D72F003333B806
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll InMem: 1 Det [G] MD5: ED43D8C426747A62A8C9D647F55FC006 PX5: 5CA5329400F3159980AB00907B5AE500D45244C6
C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll InMem: 1 Det [G] MD5: 47BD747572F7B8911EEADB5E71438FFE PX5: 546C8C0C006CB4AB600D006ADCF44B00A0087422
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2693.37129__90ba9c70f846762e\CLI.Component.Systemtray.dll InMem: 1 Det [G] MD5: 0FFE5B33817887EE7F679A5F80D44ED0 PX5: 8026DFC0008D365A10370687AE814A00430130C3
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll InMem: 1 Det [G] MD5: A4AE50D8AFB24E4C35B396FBA7940EB0 PX5: 8B75961800748C13A04100521267F7006F0EF7B5
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2693.36881__90ba9c70f846762e\CLI.Component.Wizard.dll InMem: 1 Det [GP] MD5: 84E3A728CE097960F16A886B4D3706E9 PX5: D3BB24010090A7BA201307BBD828A600DDDB4731
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll InMem: 1 Det [G] MD5: AA442021FB7DB3FC938011C66E486D9E PX5: F2B5E95900033506505B002DDDE82A005DAA8361
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll InMem: 1 Det [G] MD5: 5CA7BD4E2BA4F1608DC716F4F3BD11EB PX5: 43CB272500E3983D50D1002DDDE82A00ED2CC4AE
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll InMem: 1 Det [G] MD5: 4D658F3B5BDAD5BC64A5EF293F0A8CCD PX5: 9C8BBB2B0076698960740000584D6400F2E7C378
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2693.36887__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll InMem: 1 Det [G] MD5: 0412488B7BAD061D2335AFBA28959A4D PX5: 7ECF7AC2001C994CA00400283E091400FAEDBDB0
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll InMem: 1 Det [G] MD5: BB3A5F22C21F72D4E062A219A589B36A PX5: A80141A40029F76940950068A4EC9E00352807DE
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2693.37152__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll InMem: 1 Det [G] MD5: 81950055CB1C29A5C8725C17BF0BB847 PX5: CFC84B6A0025AD7C606E07924A51D300E72837BA
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2693.37087__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll InMem: 1 Det [G] MD5: 37D94D9694E32BD066BFD9B7712465C2 PX5: C4CD059400EB920A607501409CE1330060B8F57D
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2693.36895__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll InMem: 1 Det [G] MD5: BD9BB5D404F329805FDA3ABF2AAC57B0 PX5: 0CAF170C00F70C2590241933C8DA0A00B2768477
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll InMem: 1 Det [G] MD5: 951DC5FF00C9D5D315B4168D146C0AC1 PX5: EB96C08100FB6193A0AF006163851500C880C76D
C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll InMem: 1 Det [G] MD5: 74A97243AB81F912EFB1E75C0233CBAE PX5: 69EBD7D600F723131AC200D12C01FD000EFAA013
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2693.37101__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll InMem: 1 Det [G] MD5: C741F6DB7180FFB09F55AC57D7EAB052 PX5: 28882B370040644E200B061602B23C00F9236D08
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2693.36908__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll InMem: 1 Det [G] MD5: 86E54F2B70AA6F1A726747DCA4ECB99B PX5: E934FD160093B31BD08102AA4B8F9E00F8B9A98B
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2693.37122__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll InMem: 1 Det [G] MD5: 23421EEAC0B917B39441B323D4712089 PX5: 245643680059545180440511348BD500B57CB755
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2693.37095__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll InMem: 1 Det [G] MD5: D7FC4B75A1F1D3F15B1C2192936CD1E3 PX5: 572BBF240071E30E801B0A457FFC8800A92B65F4
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2693.36860__90ba9c70f846762e\CLI.Component.Dashboard.dll InMem: 1 Det [G] MD5: BE8430EE525479E63127B2B03C710BE5 PX5: 6EEF41E1003B1DDDF0AA16C8D4615400D1383145
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll InMem: 1 Det [G] MD5: 7B906B28E402D29043701FE8DA01E73F PX5: B03737E500EF97E2502400143C64E200A9755CB6
C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll InMem: 1 Det [G] MD5: 0E60B4CF042A59F124860E27B707A4AF PX5: CA4DE2500068875350BF0051AE538000F3F82717
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2693.36866__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: B0AB087ED83ADC74D249910F95791832 PX5: 6E0E90F9000B1D202015015A9C12D80088F2F4B1
C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll InMem: 1 Det [G] MD5: FA056F0AAA62EE980B464452131A487F PX5: 2AFB930D006A417640F200AA8AC49A0033828CEE
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2693.37158__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 754DED8E58C5C4A27B6A0E33E3D13A4A PX5: 05CF6B6600ADC02C1042028601AABA006C814A3F
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2693.36873__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: B7C22D449407C406E7FB2011FC1BBE61 PX5: B15DFFD30019F5BAB0D1063418B1300017D874F7
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2693.36914__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 255C40BDEB3736FC2334D71621F7CE4F PX5: 5555F2580047ED1630E703592E029D00627F336B
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2693.37039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: F604B23BA357FD9FF4B8CFEACFF20DE2 PX5: 731144330096A4C6D0D001D201A9E800938C1A2E
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2693.37011__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: BF98D5A021A959D1E0A8DA39B097BB5B PX5: BB3F5A8100AAB9C440A107FA13E8370078C8F725
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2693.37075__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 086C98A018A82FF008924E61FA510DB9 PX5: 9500B06F00E8F61B009D0A37CD0EB700428ED85F
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2693.37117__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: DDB28EC2488154453CD8160B2BEB0884 PX5: DEA0ADDB0074F858004E0E54685433006E930CE2
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2693.37003__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 74F380FAAECA81270F44B3193623A266 PX5: 4D4A41FE002770D9F01804A3B118EE005D67CAA7
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2693.37081__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 96010415D84C6969DB58498835CF6DC0 PX5: 98DC38A500C68DCC1060058A76BACD00735C5920
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2693.36921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: D92634DCCAD3C1384F42DBD3161B788D PX5: AD4FF1B30012832BF08D0828B2C01C00042D8F12
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2693.37019__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 083507678A6ED4BC48D3A9838C813E3D PX5: 8BB52B1300D9477B30660A551DAED80074856864
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.2693.36935__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: E42327695D8072350590DB9D3476AE13 PX5: 80210F84008B65CB50FD0471704B1100176EAFF6
C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2693.36901__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 967495ED7CC15092AFFA6D0DE84BA862 PX5: 8784F0BF007CA94290CD01DBEE5D0500CB72DEF7
C:\Programmi\eMule\emule.exe InMem: 1 Det [G] PX5: FFBE563F00E5D13F00B45190355B020096758CC9
C:\WINDOWS\system32\RICHED20.DLL InMem: 1 Det [G] MD5: 97ACC2236EE8B32A237241B8A4CE6644 PX5: 1FB1E2430062B8B09C6E067F0FC9B300005A3398
C:\Programmi\eMule\lang\it_IT.dll InMem: 1 Det [G] MD5: 84C01CD4C8F1E725409E43C691202725 PX5: 9CAB2D3600D0A678B0450187BAFC9C0054E174E6
C:\WINDOWS\system32\asycfilt.dll InMem: 1 Det [G] MD5: DB8718C2302EE4CA71D062357A47B154 PX5: 7A835B6A0004AA94FE1200A959A9C8007542FDC8
C:\WINDOWS\system32\mshtml.dll InMem: 1 Det [G] PX5: 1E67EAAA0084045ECA183644A858060077537E4F
C:\WINDOWS\system32\msls31.dll InMem: 1 Det [G] MD5: 2D15E1C7CD0BC1A9B7F9660E39A0CE3E PX5: 06578F3600BE0A1C62E3026806CB9A00A1DAF899
C:\WINDOWS\system32\msimtf.dll InMem: 1 Det [G] MD5: E41D5BBED01EDD653DFBE699C8B77FBF PX5: 84310A0800BF02296E1202C6BE073C009D305F2B
C:\Programmi\Messenger\msmsgs.exe InMem: 1 Det [G] MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259 PX5: 937DB9BC008B29B4DA13198C306CAF00327E8384
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - KeyFileName [C:\Programmi\Messenger\msmsgs.exe]
REGEXPSHELL - \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} - Exec [C:\Programmi\Messenger\msmsgs.exe]
C:\WINDOWS\system32\XPOB2RES.DLL InMem: 1 Det [G] MD5: 74EC7AC3D06B6EA7B0A6F55E1F356C53 PX5: 568E33B900B42AE1DA2706D1A31995008C705EE8
C:\Programmi\Messenger\msgsc.dll InMem: 1 Det [G] MD5: 39652A822C3D6416AA5B7C4C43F5C6A9 PX5: 1200DF2700C0FFB6440601952BE3E700822DD61D
C:\Programmi\Microsoft Office\Office12\WINWORD.EXE InMem: 1 Det [GP] MD5: CEAA5817A65E914AA178B28F12359A46 PX5: E0D9B1D328959E3A4DDA05E45E7F6C00DD4DF8BA
C:\Programmi\Microsoft Office\Office12\wwlib.dll InMem: 1 Det [G] PX5: 52B49D027031F6D583A9093802BE95010ACAB19F
C:\Programmi\Microsoft Office\Office12\oart.dll InMem: 1 Det [G] PX5: E362FCAD20E49648EF3DD751A1DD5600F366B208
C:\Programmi\File comuni\Microsoft Shared\office12\mso.dll InMem: 1 Det [G] PX5: 97B2A5B288914F2689C9013C2DD31E0198FB290B
C:\Programmi\Microsoft Office\Office12\1040\wwintl.dll InMem: 1 Det [G] MD5: 34101F6D25397C4B4E6B6AEF8ADD849C PX5: 3A8CD2EB28EB47D7E1D20FD7E27E730077812929
C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSPTLS.DLL InMem: 1 Det [G] MD5: 2706258CF6880E0667D20E149B7A7F5A PX5: 03EC18F610D82A9D8DFC0B5234A1D8003721BD70
C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSORES.DLL InMem: 1 Det [G] PX5: 6023E75D38FFF6793F35658EE76371000A6FF77C
C:\Programmi\File comuni\Microsoft Shared\office12\1040\MSOINTL.DLL InMem: 1 Det [G] PX5: B0CD24203804B422030DA102C458C9002A229753
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL InMem: 1 Det [G] MD5: 5AC8ED916868AE92268398363E89A217 PX5: C0117111002D9ADB704500A64B42F20045B4DC17
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL InMem: 1 Det [G] MD5: E44AAA76C18763F249F284C37BED11E5 PX5: 05E4A5AD00200E58F0C100DBD0015B007690F405
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll InMem: 1 Det [G] MD5: FAE332DA4762C6779A3845810405924F PX5: 09DFD1C700B880D350FB013D536E0400C28C836C
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll InMem: 1 Det [G] MD5: FB53472BD541AC72D77DB39822BBF8A6 PX5: 03B6D08A0031E5BFA0AD00B2351CB000A4C5AAEF
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll InMem: 1 Det [G] MD5: 27B026CC7EE3B42745C3362603FBFC52 PX5: 2ED38D1F009E6D0560D900570131CE009460C97D
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL InMem: 1 Det [G] MD5: 251081A0D27F10B04807AA6EBA90BC56 PX5: 2C23ACB400507F14E01001ED0DFA5F0055636D83
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll InMem: 1 Det [G] MD5: 0BB5D0A8561389D4CD61FAF90596799B PX5: 856D13FF00CD941060D8021AD6524F0076E6675F
C:\Programmi\File comuni\Microsoft Shared\office12\riched20.dll InMem: 1 Det [G] MD5: C6CC76BDE13E3A2C2275BD44C590D158 PX5: 3B8E99732024A2D883A7108E0A7B13008F383943
C:\Programmi\File comuni\Microsoft Shared\OFFICE11\msxml5.dll InMem: 1 Det [G] MD5: 7CCBD4B016D96BACE0E255F700D90D12 PX5: 4AE5078A5015DC5FC1FB1520CAFA73008B9D9D0A
C:\Programmi\File comuni\Microsoft Shared\OFFICE12\OGL.DLL InMem: 1 Det [G] MD5: 771E968F072BDCC1A84870002E315842 PX5: 6F836D6328ABF79A4D9F1969C0304C007981DF53
C:\Programmi\Microsoft Office\Office12\msproof6.dll InMem: 1 Det [G] MD5: 2A559BFDC65FB855607E437C93F8A076 PX5: 934FEE22200661D41B3E0BABB9C18E00CF4DA632
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll InMem: 1 Det [G] MD5: 4C8A880EABC0B4D462CC4B2472116EA1 PX5: 1CD79A6B00ACCCBD60660869F17C0900CE4B6B7D
C:\Programmi\File comuni\Microsoft Shared\Smart Tag\FBIBLIO.DLL InMem: 1 Det [G] MD5: B8CC2F01C81F4250D02DF7EEC3B74654 PX5: 19DFBCC938A5B57D416801D917B25300C22F2FE4
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL InMem: 1 Det [G] MD5: 1B7524806D0270B81360C63A2FA047CB PX5: C2148C6300282B34D02310815560F00037CA9FFC
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL InMem: 1 Det [G] MD5: CB23B162AC655F24C6711A5F5DF348C6 PX5: 3710283500375BFFF0720086F67E1B005D5C6492
C:\Programmi\File comuni\Microsoft Shared\Smart Tag\1040\STINTL.DLL InMem: 1 Det [G] MD5: ECD4FCC08E9EA5362344661861FC2137 PX5: 117FEDD7402069D5852900E3818F3400DC2F3FA7
C:\Programmi\File comuni\Microsoft Shared\Smart Tag\FPERSON.DLL InMem: 1 Det [G] MD5: F1D0AF8645A1B9AB82470F409F42CE6E PX5: A6C3CEA13874EE5249BB024DC80D0E00A4A678C5
C:\Programmi\File comuni\Microsoft Shared\Smart Tag\METCONV.DLL InMem: 1 Det [G] MD5: A94A7848BB6B9EA801FDBBB585B89A79 PX5: FD9D515F38B620825DB8018E3B4E830042E1ECD3
C:\Programmi\File comuni\Microsoft Shared\Smart Tag\MOFL.DLL InMem: 1 Det [G] MD5: F8DEB58B837439D3AA5E35C9248BB4E8 PX5: 0B847B073893F513E98C03D844C7BF00CE69F82F
C:\Programmi\File comuni\Microsoft Shared\Smart Tag\FDATE.DLL InMem: 1 Det [G] MD5: 998244B7AB260829BCD33B762D422986 PX5: 3EE78C41389FE2EC1B2F01AD41EE4100847B4E25
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL InMem: 1 Det [G] MD5: 54D9F6E8976CC2912A1E7CDC2130432C PX5: B267D71B0074D33E90C3005A3CCBBA00D55AD222
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll InMem: 1 Det [G] MD5: A0DF3F3AA3DC40FE160AAEFBB5187FD9 PX5: 6F696496003E704870D700AEE7D8C9006F4EE1FE
C:\Programmi\File comuni\Microsoft Shared\PROOF\MSLID.DLL InMem: 1 Det [G] MD5: CB0C98DD5C3108F71BAA938B1ECD8B04 PX5: C1F7EB3740C41227CB57082CFF0A2E00BF1506AC
C:\Programmi\File comuni\Microsoft Shared\PROOF\MSSP3IT.DLL InMem: 1 Det [G] MD5: C3F7EF0C7D615F6AC7722DFDAA09CD77 PX5: 7405018058101018C8B505DEA6E47D0002DD08C7
C:\Programmi\Microsoft Office\OFFICE12\NLSDATA0009.DLL InMem: 1 Det [G] PX5: C2FD6BF270BF8BAD2B0B743CCC4A770183D912AE
C:\Programmi\Microsoft Office\OFFICE12\NLSLEXICONS0009_SP.dll InMem: 1 Det [G] MD5: 8935E61F16CA6670EA9421D13912F593 PX5: 757E442770C3742BA3E32134C7D84B00B0A0C72C
C:\Programmi\Microsoft Office\OFFICE12\NLSMODELS0009.dll InMem: 1 Det [G] PX5: 958478287017BBAC6D5A5F833C2A7E0063C3CC6D
C:\Programmi\File comuni\Microsoft Shared\office12\lbghost.dll InMem: 1 Det [G] MD5: 1634146F136AD3CCA799C1E5137A82AE PX5: 0883C055408C85A91537019ED1DDB6007B1A6E71
C:\Programmi\File comuni\Real\Update_OB\realsched.exe InMem: 1 Det [G] MD5: 0DF94386DA638A0B6AB08D0C07FD30A3 PX5: CEA9E6C628F0EAD3D6A8023F3528E400C0C957F0
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - TkBellExe ["C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot]
C:\WINDOWS\system32\SearchProtocolHost.exe InMem: 1 Det [G] MD5: 4B0EA20D942AF11584D2D72A8419E3CB PX5: D85F250E00672439CA3A025D2068100008F55433
C:\Programmi\Microsoft Office\Office12\ONFILTER.DLL InMem: 1 Det [G] MD5: 7B952E19FE5FCB2F2A8737544564631D PX5: 1481FA5D3869204D1B4E01C564D6CD000B2874D6
C:\WINDOWS\system32\mssph.dll InMem: 1 Det [G] MD5: C992143CAADDE8AD22C26CA32F93845A PX5: A6BA76D900B6494D10FC057C55FAEC0000E20637
C:\WINDOWS\system32\MAPI32.dll InMem: 1 Det [G] MD5: 511CD6A6CF17BB6DB532A95162664D77 PX5: 77CE006E0094CBFAB6940177F1356D0035600D22
C:\WINDOWS\system32\oeph.dll InMem: 1 Det [G] MD5: A87788C019634BA5E5BB3105425D31CD PX5: 138ECE4800808252F87E0343173779006CF4C7E2
C:\WINDOWS\system32\UNCPH.dll InMem: 1 Det [G] MD5: 294C8DAFE1B912750045EA1D957C054C PX5: F867375500E23E25DEAE01CEDDF98D0022D16504
C:\Programmi\Opera\Opera.exe InMem: 1 Det [GP] MD5: C3ED9C39E4AC0921FA38BB4044DC0AB8 PX5: F3F9E8140005EE3436B6013D04822300BA1294EE
C:\Programmi\Opera\Opera.dll InMem: 1 Det [G] PX5: 1BCB78E800DCB09FCC5930535E6CFB008DCD0FBC
C:\WINDOWS\system32\usp10.dll InMem: 1 Det [G] MD5: D80FEA125DC5860E4BC786AE07DE6DB8 PX5: 6CE757A3000138D5346106B2255A2400746F4EDC
C:\Programmi\Opera\Program\Plugins\NPSWF32.dll InMem: 1 Det [G] MD5: 6028AEE4E3C250BA4CE7EE89CDDAE463 PX5: 69D999E8E8CACF414859205312D41600E63A01A6
C:\Documents and Settings\patrizio\Dati applicazioni\Opera\Opera\profile\cache4\temporary_download\PREVXCSIFREE.EXE InMem: 1 Det [G] MD5: 5B3F4F9E32EAFE0A975BAFC596BAED9D PX5: 3043F13238834E377CDF093924CA370089D32B25
C:\Documents and Settings\patrizio\Impostazioni locali\Temp\Tmp___30322\prevxcsi.exe InMem: 1 Det [GP] MD5: 0A142F5C52D56C947CB14DCF2DAAFFBB PX5: 8C75877B00DBED6E5E6B018A7647BF00E2C6767C
C:\Documents and Settings\patrizio\Impostazioni locali\Temp\Tmp___30322\csicore.dll InMem: 1 Det [GP] MD5: A0D72E93B9799CDAD4188C85E248A0F7 PX5: F7966D21001605564AE204900658AF008C09D10D
C:\Documents and Settings\patrizio\Impostazioni locali\Temp\Tmp___30322\csiLang.dll InMem: 1 Det [GP] MD5: 40BC04CD06528EBCFC414AD6F7C845C1 PX5: 44FC3B0000F3E5169AC801313D264500534E49D3
C:\Documents and Settings\patrizio\Impostazioni locali\Temp\Tmp___30322\csiPart.dll InMem: 1 Det [GP] MD5: 038037C580B4D4C276407F44F3848D91 PX5: 459EEE08004BB0E8AC8A0015FA256700572E1113
C:\WINDOWS\system32\DRIVERS\ACPI.sys InMem: 0 Det [G] MD5: AD825CB3397C837D1FB91D566D78DE04 PX5: 6EB7D724001F4D96E0A8029EF0BB700070C5BA93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI - ImagePath [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
C:\WINDOWS\system32\drivers\aec.sys InMem: 0 Det [G] MD5: 1EE7B434BA961EF845DE136224C30FEC PX5: E884BE24808C5EEB2C92028B464629005484ED65
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec - ImagePath [C:\WINDOWS\system32\drivers\aec.sys]
C:\WINDOWS\system32\DRIVERS\AegisP.sys InMem: 0 Det [G] MD5: 30BB1BDE595CA65FD5549462080D94E5 PX5: FF9B11F32B8EA040520500DD6D9A6B0023C42482
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AegisP - ImagePath [C:\WINDOWS\system32\DRIVERS\AegisP.sys]
C:\WINDOWS\System32\drivers\afd.sys InMem: 0 Det [G] MD5: 5AC495F4CB807B2B98AD2AD591E6D92E PX5: EE224F5C0089E9241DEF0273688B740025971F4C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD - ImagePath [C:\WINDOWS\System32\drivers\afd.sys]
C:\WINDOWS\System32\alg.exe InMem: 0 Det [G] MD5: D4A42BF3C11302AA3CCD857034EF1E54 PX5: A1E5D90F00A84BB2AEC200E087F3A200AB0BF90E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG - ImagePath [C:\WINDOWS\System32\alg.exe]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe InMem: 0 Det [G] MD5: E1633440859F9A1B3CEAF73BA85225CA PX5: B459BB6960A3FB1D836F009875179A005CB18458
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aspnet_state - ImagePath [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe]
C:\WINDOWS\system32\DRIVERS\asyncmac.sys InMem: 0 Det [G] MD5: 02000ABF34AF4C218C35D257024807D6 PX5: 8BD45D2B002F3B40389D007E91CC59004B62F8E9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac - ImagePath [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
C:\WINDOWS\system32\DRIVERS\atapi.sys InMem: 0 Det [G] MD5: CDFE4411A69C224BD1D11B2DA92DAC51 PX5: 9D6081B280209DE174C2011395153C00E47C5A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi - ImagePath [C:\WINDOWS\system32\DRIVERS\atapi.sys]
C:\WINDOWS\system32\ati2sgag.exe InMem: 0 Det [G] MD5: D0ADAB8F96F521A35FD59A821820144E PX5: 62F413EC00B17FC0F0EB071D58200D001F18A3BB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ATI Smart - ImagePath [C:\WINDOWS\system32\ati2sgag.exe]
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys InMem: 0 Det [G] MD5: 33B6866FBF4BF0AD3C97E7B55513E5AB PX5: EEC0520200BE5F66083E217097C1A20084E9A5C9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ati2mtag - ImagePath [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]
C:\WINDOWS\system32\DRIVERS\atmarpc.sys InMem: 0 Det [G] MD5: EC88DA854AB7D7752EC8BE11A741BB7F PX5: C41A09F600246E0AEA81009B2DE4BF0073057136
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc - ImagePath [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
C:\WINDOWS\system32\DRIVERS\audstub.sys InMem: 0 Det [G] MD5: D9F724AA26C010A217C97606B160ED68 PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub - ImagePath [C:\WINDOWS\system32\DRIVERS\audstub.sys]
C:\WINDOWS\system32\DRIVERS\CCDECODE.sys InMem: 0 Det [G] MD5: 6163ED60B684BAB19D3352AB22FC48B2 PX5: 4E4CADF380552430426F00BC05FF9D0038FB5853
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CCDECODE - ImagePath [C:\WINDOWS\system32\DRIVERS\CCDECODE.sys]
C:\WINDOWS\system32\DRIVERS\cdrom.sys InMem: 0 Det [G] MD5: AF9C19B3100FE010496B1A27181FBF72 PX5: B3CE44DD80DABE80C1400031E25C450069663A5F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom - ImagePath [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
C:\WINDOWS\system32\cisvc.exe InMem: 0 Det [G] MD5: C4E84243292E37CA3B6FAF4A1855B8A7 PX5: B03833B20005A59D1629005665669D00201F0525
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CiSvc - ImagePath [C:\WINDOWS\system32\cisvc.exe]
C:\WINDOWS\system32\clipsrv.exe InMem: 0 Det [G] MD5: 0A215E4BAC9A1A9381D88C67517C850B PX5: 50E35C41004F616D823700EBB15ECF008A4FA87F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv - ImagePath [C:\WINDOWS\system32\clipsrv.exe]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe InMem: 0 Det [G] MD5: 3D560AF01BDC50B4A1E1BFB5CDC06D63 PX5: 639D7FDD58E813780DE701C08A718E00AD3C3A7E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32 - ImagePath [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
C:\WINDOWS\system32\drivers\cmuda.sys InMem: 0 Det [G] MD5: 924AB66E831E9CF3E20DBC6B63103516 PX5: 6C0743E600CA3B898A460C5B086DE8008EB098C0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\cmuda - ImagePath [C:\WINDOWS\system32\drivers\cmuda.sys]
C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe InMem: 0 Det [G] MD5: 3B38F3DEFD61DB294421993F969BC88F PX5: C641179F60899F11C08D0093095A1E00B4B7EB98
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\comHost - ImagePath [C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe]
C:\WINDOWS\system32\dllhost.exe InMem: 0 Det [G] MD5: F4B3C65E2A3406F32D220019DEB522F8 PX5: 6EA1D06F0041EB21141900B4A32FF2002F6B8881
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp - ImagePath [C:\WINDOWS\system32\dllhost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv - ImagePath [C:\WINDOWS\system32\dllhost.exe]
C:\WINDOWS\system32\DRIVERS\disk.sys InMem: 0 Det [G] MD5: 00CA44E4534865F8A3B64F7C0984BFF0 PX5: 61E4E34300C80A908E6D00C10934AF006F571071
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk - ImagePath [C:\WINDOWS\system32\DRIVERS\disk.sys]
C:\WINDOWS\System32\dmadmin.exe InMem: 0 Det [G] MD5: 6C9AAA1AA9BF1699D23DEC4D4113226F PX5: CB8A3D6900018319702703238C5916001DF268F6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin - ImagePath [C:\WINDOWS\System32\dmadmin.exe]
C:\WINDOWS\System32\drivers\dmboot.sys InMem: 0 Det [G] MD5: 6570B4C952F0D8FEE4C6EF2FF5E10C08 PX5: 917F152000320DE9366A0C362239380089D45879
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmboot - ImagePath [C:\WINDOWS\System32\drivers\dmboot.sys]
C:\WINDOWS\System32\drivers\dmio.sys InMem: 0 Det [G] MD5: C57D35621782C7F40770F3E5CA20A182 PX5: 33A7916180B2EE7E5AC702A49AA6DC00E6795F14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmio - ImagePath [C:\WINDOWS\System32\drivers\dmio.sys]
C:\WINDOWS\System32\drivers\dmload.sys InMem: 0 Det [G] MD5: E9317282A63CA4D188C0DF5E09C6AC5F PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmload - ImagePath [C:\WINDOWS\System32\drivers\dmload.sys]
C:\WINDOWS\system32\drivers\DMusic.sys InMem: 0 Det [G] MD5: A6F881284AC1150E37D9AE47FF601267 PX5: 64B493018066E6FACEE6008D21636D008F236B03
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DMusic - ImagePath [C:\WINDOWS\system32\drivers\DMusic.sys]
C:\WINDOWS\system32\DRIVERS\Dot4.sys InMem: 0 Det [G] MD5: AD7FC1963B152B3728E3C4F83554A576 PX5: 4AB29C6500AAD7302A6F031F0A739D00A9105712
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dot4 - ImagePath [C:\WINDOWS\system32\DRIVERS\Dot4.sys]
C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys InMem: 0 Det [G] MD5: 77CE63A8A34AE23D9FE4C7896D1DEBE7 PX5: E8A097D080826848324100EDF3C8D400B0FBAD84
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dot4Print - ImagePath [C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys]
C:\WINDOWS\system32\DRIVERS\dot4usb.sys InMem: 0 Det [G] MD5: 707E8402ECAF9C87A7DD15615F0CFEA2 PX5: F4438352802738B45DA300879A6CD200952ED2BE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dot4usb - ImagePath [C:\WINDOWS\system32\DRIVERS\dot4usb.sys]
C:\WINDOWS\system32\drivers\drmkaud.sys InMem: 0 Det [G] MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E PX5: FA93CCC9802BA0DD0B8800D3A4C66500B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\drmkaud - ImagePath [C:\WINDOWS\system32\drivers\drmkaud.sys]
C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys InMem: 0 Det [G] MD5: E89CC1363CB7F5320AE3B41C1333D0C3 PX5: 5A7C373C30AAF76DE041053B7EB32E004DBA1537
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\eeCtrl - ImagePath [C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys]
C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys InMem: 0 Det [G] MD5: E7D1A496C71CD56BDD97F32C9141A03B PX5: F8F1CEFD3016C8FEACD301A36ADC38006C807DB3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EraserUtilRebootDrv - ImagePath [C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilReboo]
C:\WINDOWS\system32\DRIVERS\fdc.sys InMem: 0 Det [G] MD5: CED2E8396A8838E59D8FD529C680E02C PX5: 030113CC009ED3836B77000B64308F0030511E66
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Fdc - ImagePath [C:\WINDOWS\system32\DRIVERS\fdc.sys]
C:\WINDOWS\system32\DRIVERS\fetnd5.sys InMem: 0 Det [G] MD5: E9648254056BCE81A85380C0C3647DC4 PX5: 4B57B0D91D5A5B626A8C00CAAAFD7500124B8C34
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FETNDIS - ImagePath [C:\WINDOWS\system32\DRIVERS\fetnd5.sys]
C:\WINDOWS\system32\DRIVERS\flpydisk.sys InMem: 0 Det [G] MD5: 0DD1DE43115B93F4D85E889D7A86F548 PX5: 60E1171000EEA79E50BF00391F7EE000F2860CEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Flpydisk - ImagePath [C:\WINDOWS\system32\DRIVERS\flpydisk.sys]
C:\WINDOWS\system32\DRIVERS\fltMgr.sys InMem: 0 Det [G] MD5: 3D234FB6D6EE875EB009864A299BEA29 PX5: DD494D2180C4BB98F7F901405AA62900817D3A94
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FltMgr - ImagePath [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
C:\WINDOWS\system32\DRIVERS\ftdisk.sys InMem: 0 Det [G] MD5: F3269A6EE547EA87B949A1CEA4816B38 PX5: D543638280F1FAF5EBA30154BD3E7700D3ED2EEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ftdisk - ImagePath [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
C:\WINDOWS\system32\DRIVERS\gameenum.sys InMem: 0 Det [G] MD5: 5F92FD09E5610A5995DA7D775EADCD12 PX5: 8FEAEAED8011757229C5009524482300FB74C9AC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gameenum - ImagePath [C:\WINDOWS\system32\DRIVERS\gameenum.sys]
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys InMem: 0 Det [G] MD5: 4AC51459805264AFFD5F6FDFB9D9235F PX5: A55AE85A30DB761D3DAB0084328A43001D3B5116
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\GEARAspiWDM - ImagePath [C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys]
C:\WINDOWS\system32\DRIVERS\msgpc.sys InMem: 0 Det [G] MD5: C0F1D4A21DE5A415DF8170616703DEBF PX5: A6DC8C520088C979894600B57B2B1A00363C4157
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Gpc - ImagePath [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe InMem: 0 Det [G] MD5: D213C2B1CE0FAEAB59EC0C55B4493F94 PX5: 641B43D6B8F5F4DE1D3A02C2BF59190066CE65A9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gusvc - ImagePath [C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.e]
C:\WINDOWS\system32\DRIVERS\hidusb.sys InMem: 0 Det [G] MD5: 1DE6783B918F540149AA69943BDFEBA8 PX5: 1484F98A807906C3258400E49D6D650019C14BBC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidUsb - ImagePath [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
C:\WINDOWS\System32\Drivers\HTTP.sys InMem: 0 Det [G] MD5: CB77BB47E67E84DEB17BA29632501730 PX5: 1A572A9180D9F92E022704747529EC0016C1652C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTP - ImagePath [C:\WINDOWS\System32\Drivers\HTTP.sys]
C:\WINDOWS\system32\DRIVERS\i8042prt.sys InMem: 0 Det [G] MD5: 30E64DFA4EFAACC8142EA07766181FB4 PX5: 5176B379805D75ECD1900002BF9BC2003FF0C0D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\i8042prt - ImagePath [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
C:\WINDOWS\system32\DRIVERS\imapi.sys InMem: 0 Det [G] MD5: F8AA320C6A0409C0380E5D8A99D76EC6 PX5: A6DE19768012C7FDA37F00B5535D7900050612BF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Imapi - ImagePath [C:\WINDOWS\system32\DRIVERS\imapi.sys]
C:\WINDOWS\system32\imapi.exe InMem: 0 Det [G] MD5: ED7ABB35C81709FB41972D30FE15311E PX5: 74CFCD09009BDDD14A8402202B1E530034B0D214
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ImapiService - ImagePath [C:\WINDOWS\system32\imapi.exe]
C:\WINDOWS\system32\DRIVERS\intelppm.sys InMem: 0 Det [G] MD5: EBC07787034BBE312020D30198A9F362 PX5: 308DA7E000DC5FE09D58006BABC91A0052CD17AF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\intelppm - ImagePath [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys InMem: 0 Det [G] MD5: 4448006B6BC60E6C027932CFC38D6855 PX5: 554B18088049820E711F003BBA86E4005B660DCC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ip6Fw - ImagePath [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys InMem: 0 Det [G] MD5: 731F22BA402EE4B62748ADAF6363C182 PX5: E130718C809C039180F700DA0AC8EE00F2B31814
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpFilterDriver - ImagePath [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
C:\WINDOWS\system32\DRIVERS\ipinip.sys InMem: 0 Det [G] MD5: E1EC7F5DA720B640CD8FB8424F1B14BB PX5: 9655BFAF0030F62E523A00C352D248003081C413
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpInIp - ImagePath [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
C:\WINDOWS\system32\DRIVERS\ipnat.sys InMem: 0 Det [G] MD5: E2168CBC7098FFE963C6F23F472A3593 PX5: 16BC903800541BF40F8E02F0609797000CA3B3FE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpNat - ImagePath [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
C:\WINDOWS\system32\DRIVERS\ipsec.sys InMem: 0 Det [G] MD5: 64537AA5C003A6AFEEE1DF819062D0D1 PX5: 84ED89D600412A2C245201A3F8A740006B772EC6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IPSec - ImagePath [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
C:\WINDOWS\system32\DRIVERS\irenum.sys InMem: 0 Det [G] MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 PX5: 42D7DCAC001BE9A12C7B00EF915041002AED16BC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IRENUM - ImagePath [C:\WINDOWS\system32\DRIVERS\irenum.sys]
C:\WINDOWS\system32\DRIVERS\isapnp.sys InMem: 0 Det [G] MD5: EA3245A8E8758D6B84DE189A5CAAA75E PX5: 8A87001A0002BFB48D1F0066402D8A00BD468997
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\isapnp - ImagePath [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
C:\WINDOWS\system32\DRIVERS\kbdclass.sys InMem: 0 Det [G] MD5: E883AE6EA0B313E659225AA32E449CE9 PX5: 11013D51001BA498620F00A282D06D00135D5A16
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Kbdclass - ImagePath [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
C:\WINDOWS\system32\DRIVERS\kbdhid.sys InMem: 0 Det [G] MD5: 24F4D51E89822C349044C28BE255C8A5 PX5: BFEF19AB007A27B83AD2001F22115F00DD6CF6D0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kbdhid - ImagePath [C:\WINDOWS\system32\DRIVERS\kbdhid.sys]
C:\WINDOWS\system32\drivers\kmixer.sys InMem: 0 Det [G] MD5: BA5DEDA4D934E6288C2F66CAF58D2562 PX5: 1C3250A68067C4B7A11302D8512D99006E8A628F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kmixer - ImagePath [C:\WINDOWS\system32\drivers\kmixer.sys]
C:\Programmi\Symantec\LiveUpdate\LuComServer_3_2.EXE InMem: 0 Det [G] MD5: A97EEB81F05BCE3D7AA6C81F04EF39A4 PX5: 978C41EA708EA717C55E2DAD99590C0034776003
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LiveUpdate - ImagePath [C:\Programmi\Symantec\LiveUpdate\LuComServer_3_2.EXE]
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe InMem: 0 Det [G] MD5: C837D17DE0B349539AA527EE750EBE2A PX5: 53EDD55088D9F07CE66B0756D57D130002B494DB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LiveUpdate Notice Service - ImagePath [C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61]
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - Symantec PIF AlertEng ["C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c6]
C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe InMem: 0 Det [G] MD5: FAFE367D032ED82E9332B4C741A20216 PX5: 13B6B25A20EA2BBB016B01B3C31BC4007E9EE529
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Microsoft Office Groove Audit Service - ImagePath [C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe]
C:\WINDOWS\system32\mnmsrvc.exe InMem: 0 Det [G] MD5: 940A4E02B7F03C2592A52E16DDDB3E46 PX5: F2F6E69800D71BFC80AE00AF40E07800F93A911A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mnmsrvc - ImagePath [C:\WINDOWS\system32\mnmsrvc.exe]
C:\WINDOWS\system32\DRIVERS\motmodem.sys InMem: 0 Det [G] MD5: 5023875A94B0766D98A62A72BC4CB055 PX5: D5AF000E0072E08454510039ACC905005AEF58F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\motmodem - ImagePath [C:\WINDOWS\system32\DRIVERS\motmodem.sys]
C:\WINDOWS\system32\DRIVERS\mouclass.sys InMem: 0 Det [G] MD5: C458E314B8722253897C94A714C2E0C0 PX5: 7E80CA6A0038C59C5C6F0047F0E35500920EB276
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mouclass - ImagePath [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
C:\WINDOWS\system32\DRIVERS\mouhid.sys InMem: 0 Det [G] MD5: D7662F0CF5B77BBBE3202716F5BD5318 PX5: 2301F35080287EAB2F80000FDBBFFD00349EAF96
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mouhid - ImagePath [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
C:\WINDOWS\system32\DRIVERS\mrxdav.sys InMem: 0 Det [G] MD5: 46EDCC8F2DB2F322C24F48785CB46366 PX5: 2A28D206005617C9C4F8026FCC47BD006A62BA75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxDAV - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys InMem: 0 Det [G] MD5: 025AF03CE51645C62F3B6907A7E2BE5E PX5: 3A6FDF2E00838449EA5E06BDEF52FE0062D6AA8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxSmb - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
C:\WINDOWS\system32\msdtc.exe InMem: 0 Det [G] MD5: 3124662B40761A3EF8F4254D2F32E3F4 PX5: 3A5257C800292C38184B000639E3D800639539E0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSDTC - ImagePath [C:\WINDOWS\system32\msdtc.exe]
C:\WINDOWS\system32\msiexec.exe InMem: 0 Det [L] MD5: F5F0146580E7023ADB963879840777F8 PX5: 2199A4A600D88009341401C8D9AE0A004C78202A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSIServer - ImagePath [C:\WINDOWS\system32\msiexec.exe]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Package\shell\open\command - ["%SystemRoot%\System32\msiexec.exe" /i "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Patch\shell\open\command - ["%SystemRoot%\System32\msiexec.exe" /p "%1" %*]
C:\WINDOWS\system32\drivers\MSKSSRV.sys InMem: 0 Det [G] MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 PX5: 441E162B80A429811D1500CB9CEDF700CED69BEA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSKSSRV - ImagePath [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
C:\WINDOWS\system32\drivers\MSPCLOCK.sys InMem: 0 Det [G] MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 PX5: 3656535900693AA115D1001337247B009D5BCE4B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPCLOCK - ImagePath [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
C:\WINDOWS\system32\drivers\MSPQM.sys InMem: 0 Det [G] MD5: 1988A33FF19242576C3D0EF9CE785DA7 PX5: 5D7EA63E804A637C13CA0078C414AC000E912E93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPQM - ImagePath [C:\WINDOWS\system32\drivers\MSPQM.sys]
C:\WINDOWS\system32\DRIVERS\mssmbios.sys InMem: 0 Det [G] MD5: 469541F8BFD2B32659D5D463A6714BCE PX5: 5C75220680F731D03C3D001BD399CC00D7DBED29
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mssmbios - ImagePath [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
C:\WINDOWS\system32\drivers\MSTEE.sys InMem: 0 Det [G] MD5: BF13612142995096AB084F2DB7F40F77 PX5: EF9F4FE18003FE44154E00AC0DDE6800FF407119
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSTEE - ImagePath [C:\WINDOWS\system32\drivers\MSTEE.sys]
C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys InMem: 0 Det [G] MD5: 5C8DC6429C43DC6177C1FA5B76290D1A PX5: 37E661E8803A144B4DFD01732787D600D94FD14F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NABTSFEC - ImagePath [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
C:\Programmi\File comuni\Symantec Shared\VirusDefs\20080212.003\NAVENG.SYS InMem: 0 Det [G] MD5: 22D00304E1A8A381C3E765F451424D8C PX5: 7F376AF050A0E2B241CB013A87C3B000329CF3E6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NAVENG - ImagePath [C:\Programmi\File comuni\Symantec Shared\VirusDefs\20080212.003\]
C:\Programmi\File comuni\Symantec Shared\VirusDefs\20080212.003\NAVEX15.SYS InMem: 0 Det [G] MD5: 414701FBBC3CBA701D5DDA2E295D53A0 PX5: 76EB3D4750D82CE4A9A00D5D44A6D30038A028D0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NAVEX15 - ImagePath [C:\Programmi\File comuni\Symantec Shared\VirusDefs\20080212.003\]
C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe InMem: 0 Det [G] MD5: 87A00FAEDD703D8D2BDCB29CE5EEEA6B PX5: 28BE02C100076022D0460B092B2323001F8FF7FB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NBService - ImagePath [C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe]
C:\WINDOWS\system32\DRIVERS\NdisIP.sys InMem: 0 Det [G] MD5: 520CE427A8B298F54112857BCF6BDE15 PX5: 92D82929807F4CDE2A6000D7EF7E8C008BDE37E2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisIP - ImagePath [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
C:\WINDOWS\system32\DRIVERS\ndistapi.sys InMem: 0 Det [G] MD5: 08D43BBDACDF23F34D79E44ED35C1B4C PX5: 25AEC9EA809D4D4825A500A2A9E22F00CCB1FFC8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisTapi - ImagePath [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
C:\WINDOWS\system32\DRIVERS\ndisuio.sys InMem: 0 Det [G] MD5: 34D6CD56409DA9A7ED573E1C90A308BF PX5: 0BF3AB388038D73732EB00A9A855ED006D3C0384
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ndisuio - ImagePath [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
C:\WINDOWS\system32\DRIVERS\ndiswan.sys InMem: 0 Det [G] MD5: 0B90E255A9490166AB368CD55A529893 PX5: 304E26E9803B344266FF0104DAA0B500E6B358BD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisWan - ImagePath [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
C:\WINDOWS\system32\DRIVERS\netbios.sys InMem: 0 Det [G] MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 PX5: 6F5EDA40008AE18787EB007972CAB100F174D35C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBIOS - ImagePath [C:\WINDOWS\system32\DRIVERS\netbios.sys]
C:\WINDOWS\system32\DRIVERS\netbt.sys InMem: 0 Det [G] MD5: 0C80E410CD2F47134407EE7DD19CC86B PX5: 7D3B6A2A0069D5737CDE020A47DE6F00F472D659
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBT - ImagePath [C:\WINDOWS\system32\DRIVERS\netbt.sys]
C:\WINDOWS\system32\netdde.exe InMem: 0 Det [G] MD5: DE62EE316FAB09DE3D7A5180F0775ABF PX5: AAA3C89900BB76ABBADC01BFB3AC1B00E2E8A55F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDE - ImagePath [C:\WINDOWS\system32\netdde.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDEdsdm - ImagePath [C:\WINDOWS\system32\netdde.exe]
C:\WINDOWS\system32\DRIVERS\NMnt.sys InMem: 0 Det [G] MD5: 60CF8C7192B3614F240838DDBAA4A245 PX5: 4F6E51DE803D5E299DD30090E39024009FB3BD94
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nm - ImagePath [C:\WINDOWS\system32\DRIVERS\NMnt.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys InMem: 0 Det [G] MD5: B305F3FAD35083837EF46A0BBCE2FC57 PX5: A826BA3A803B83AE30C000488911C200DC3CA878
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFlt - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys InMem: 0 Det [G] MD5: C99B3415198D1AAB7227F2C88FD664B9 PX5: B9B73139006979BB7FBC0031EA7E320032D237D0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFwd - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE InMem: 0 Det [GP] MD5: 84DE1DD996B48B05ACE31AD015FA108A PX5: 9E1C411030EE9E99BB230668C6A11D008AAAD5CB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\odserv - ImagePath [C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE]
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE InMem: 0 Det [G] MD5: 5A432A042DAE460ABE7199B758E8606C PX5: 70BFBB612075A40537DB02A8E0C1B70069455692
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ose - ImagePath [C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE]
C:\WINDOWS\system32\DRIVERS\parport.sys InMem: 0 Det [G] MD5: 3490EAD0612BFD0E7C1B864EE24E6A4A PX5: 4A82394D8019443A393C017F618C1500973C174B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Parport - ImagePath [C:\WINDOWS\system32\DRIVERS\parport.sys]
C:\WINDOWS\system32\DRIVERS\pci.sys InMem: 0 Det [G] MD5: 91FC1D483D900B1C0600A08B871C39D5 PX5: 9DA3602E807459480C5D01595A918400CA482387
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCI - ImagePath [C:\WINDOWS\system32\DRIVERS\pci.sys]
C:\WINDOWS\system32\drivers\pfc.sys InMem: 0 Det [G] MD5: 6C1618A07B49E3873582B6449E744088 PX5: D2160BF100C1D9BB53C60082E3D4320021BE3ECF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pfc - ImagePath [C:\WINDOWS\system32\drivers\pfc.sys]
C:\WINDOWS\system32\HPZipm12.exe InMem: 0 Det [G] MD5: 364E30F27BE1E6DED83E81C4DE93E808 PX5: C7AB7F6F0090241A003301E4A358FA00A32DF9B7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Pml Driver HPZ12 - ImagePath [C:\WINDOWS\system32\HPZipm12.exe]
C:\WINDOWS\system32\DRIVERS\raspptp.sys InMem: 0 Det [G] MD5: 1C5CC65AAC0783C344F16353E60B72AC PX5: F406FA260016D348BD2800EFDBDF52003203F53C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PptpMiniport - ImagePath [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
C:\WINDOWS\system32\DRIVERS\psched.sys InMem: 0 Det [G] MD5: 48671F327553DCF1D27F6197F622A668 PX5: C7C1320E008655110E77011715C66E0009C5AE75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PSched - ImagePath [C:\WINDOWS\system32\DRIVERS\psched.sys]
C:\WINDOWS\system32\DRIVERS\ptilink.sys InMem: 0 Det [G] MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD PX5: F96F182D805891FA452B007EBD870E004C25BA07
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ptilink - ImagePath [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
C:\WINDOWS\System32\drivers\pxark.sys InMem: 0 Det [G] MD5: 5366C15BFB99502A5A0DD218BFBACCBF PX5: 50698F1300612E502B6C00001ED8EE00020A0AD1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pxark - ImagePath [C:\WINDOWS\System32\drivers\pxark.sys]
C:\WINDOWS\system32\DRIVERS\rasacd.sys InMem: 0 Det [G] MD5: FE0D99D6F31E4FAD8159F690D68DED9C PX5: EF519CA180B540A42200002C4F06E3005372DD33
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAcd - ImagePath [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys InMem: 0 Det [G] MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C PX5: C15C1546804EC8E6C8410037F34FAD00B1FBF6DF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasl2tp - ImagePath [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
C:\WINDOWS\system32\DRIVERS\raspppoe.sys InMem: 0 Det [G] MD5: 7306EEED8895454CBED4669BE9F79FAA PX5: A8F2C94800B2E031A21A00F0EC682E009B5794D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasPppoe - ImagePath [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
C:\WINDOWS\system32\DRIVERS\raspti.sys InMem: 0 Det [G] MD5: FDBB1D60066FCFBB7452FD8F9829B242 PX5: 506F10F380FEE57C406900BE351741009F00F0DE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Raspti - ImagePath [C:\WINDOWS\system32\DRIVERS\raspti.sys]
C:\WINDOWS\system32\DRIVERS\rdbss.sys InMem: 0 Det [G] MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF PX5: EE21D17900972EBEAA93023D87A14E0013D2E867
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rdbss - ImagePath [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys InMem: 0 Det [G] MD5: 4912D5B403614CE99C28420F75353332 PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDPCDD - ImagePath [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
C:\WINDOWS\system32\DRIVERS\rdpdr.sys InMem: 0 Det [G] MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD PX5: 02477783007980B5019E03607F7E03003B692115
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rdpdr - ImagePath [C:\WINDOWS\system32\DRIVERS\rdpdr.sys]
C:\WINDOWS\system32\sessmgr.exe InMem: 0 Det [G] MD5: CC0693C481502844A24EF71B90A7195E PX5: 2C67C68B0020C05D2C3E02893D0F09005D1CF7F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDSessMgr - ImagePath [C:\WINDOWS\system32\sessmgr.exe]
C:\WINDOWS\system32\DRIVERS\redbook.sys InMem: 0 Det [G] MD5: A8EEE004A16AF1D583D9DE9F6DE250E0 PX5: AEF2FC7D804F986FE3C7004FF2D91D0029FD0FC2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\redbook - ImagePath [C:\WINDOWS\system32\DRIVERS\redbook.sys]
C:\Programmi\WinPcap\rpcapd.exe InMem: 0 Det [G] MD5: 93322BF342ADBB522DFA7BC95F5E167C PX5: 6B8093B00095CDCF50E401163173560077A6CEC5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rpcapd - ImagePath [C:\Programmi\WinPcap\rpcapd.exe]
C:\WINDOWS\system32\locator.exe InMem: 0 Det [G] MD5: 33A8F0FE0005B2D79DF53441679F5149 PX5: C3C0A8550045DDC726E601EBB10B83000E4A4556
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcLocator - ImagePath [C:\WINDOWS\system32\locator.exe]
C:\WINDOWS\system32\rsvp.exe InMem: 0 Det [G] MD5: DCE0D20F8FB66DF41D53734BFF9D66F0 PX5: 2057508700E163D906880231F30F2D00E5519440
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RSVP - ImagePath [C:\WINDOWS\system32\rsvp.exe]
C:\WINDOWS\System32\SCardSvr.exe InMem: 0 Det [G] MD5: 74B1E7FCFCA9A3A23871AA014144013E PX5: FFC6D19800BAA7847E46014ECC3CD200949D4E12
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SCardSvr - ImagePath [C:\WINDOWS\System32\SCardSvr.exe]
C:\WINDOWS\system32\DRIVERS\secdrv.sys InMem: 0 Det [G] MD5: 90A3935D05B494A5A39D37E71F09A677 PX5: 84A9A7CB006F9ECC508100883E7135006D51A95C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Secdrv - ImagePath [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
C:\WINDOWS\system32\DRIVERS\serenum.sys InMem: 0 Det [G] MD5: A2D868AEEFF612E70E213C451A70CAFB PX5: 4F3C7EAD801665B83CEF00E324D68C009966C2DD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\serenum - ImagePath [C:\WINDOWS\system32\DRIVERS\serenum.sys]
C:\WINDOWS\system32\DRIVERS\serial.sys InMem: 0 Det [G] MD5: DBAB3260E7EB3398CB87267D1410FAD4 PX5: 84269A0C80DA4AE9020E01315B99420097A96A32
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Serial - ImagePath [C:\WINDOWS\system32\DRIVERS\serial.sys]
C:\WINDOWS\system32\DRIVERS\sfloppy.sys InMem: 0 Det [G] MD5: 0D13B6DF6E9E101013A7AFB0CE629FE0 PX5: 6884E1AE807AAB872CD300DC197E0C00B015D834
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Sfloppy - ImagePath [C:\WINDOWS\system32\DRIVERS\sfloppy.sys]
C:\WINDOWS\system32\DRIVERS\SLIP.sys InMem: 0 Det [G] MD5: 5CAEED86821FA2C6139E32E9E05CCDC9 PX5: C05453A580D50DE62B1A00E6C96F380022C2D117
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SLIP - ImagePath [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
C:\WINDOWS\system32\DRIVERS\sonypvs1.sys InMem: 0 Det [G] MD5: DFADFC2C86662F40759BF02ADD27D569 PX5: AD97081D4C2B0DAA8F6101CD7C5C610052335C55
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sonypvs1 - ImagePath [C:\WINDOWS\system32\DRIVERS\sonypvs1.sys]
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS InMem: 0 Det [G] MD5: A1ECEEAA5C5E74B2499EB51D38185B84 PX5: 49228A1D80759C6F1DA00083AB639C0054C27DB1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SONYPVU1 - ImagePath [C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS]
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys InMem: 0 Det [G] MD5: 2B957A86CBFD0AB78B591EFE16C6860F PX5: 22FBEE4738E3D5B45F70066E50896900998379FF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SPBBCDrv - ImagePath [C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys]
C:\WINDOWS\system32\drivers\splitter.sys InMem: 0 Det [G] MD5: 0CE218578FFF5F4F7E4201539C45C78F PX5: 249A00630095166C194E008C6AC35800063B57CE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\splitter - ImagePath [C:\WINDOWS\system32\drivers\splitter.sys]
C:\WINDOWS\System32\Drivers\sptd.sys InMem: 0 Det [G] MD5: D390675B8CE45E5FB359338E5E649329 PX5: 4ADFB285F8AFE7B276750AE823E8B2008F580CD3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sptd - ImagePath [C:\WINDOWS\System32\Drivers\sptd.sys]
C:\WINDOWS\system32\DRIVERS\sr.sys InMem: 0 Det [G] MD5: 896F566AFC498077172EAE8A50E8BAF8 PX5: 4D90659E00D8A4771F1A013E6E421F00F36027A5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sr - ImagePath [C:\WINDOWS\system32\DRIVERS\sr.sys]
C:\WINDOWS\System32\Drivers\SRTSP.SYS InMem: 0 Det [G] MD5: 655773F2F1A3730C6CF20280A49F4EE1 PX5: 1DD1D417301984FF4202043B130D1400C924A4DD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SRTSP - ImagePath [C:\WINDOWS\System32\Drivers\SRTSP.SYS]
C:\WINDOWS\System32\Drivers\SRTSPL.SYS InMem: 0 Det [G] MD5: 2A0AAF370D4C6574A34AE2F4A0709CAE PX5: 01002A81B081CA96D8150436B08AFF001D0EFE05
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SRTSPL - ImagePath [C:\WINDOWS\System32\Drivers\SRTSPL.SYS]
C:\WINDOWS\System32\Drivers\SRTSPX.SYS InMem: 0 Det [G] MD5: 3104BDCEACE2D5710776DD05E6A286C1 PX5: 36B4AA46B0FD10BAAA7700DE242B82008FE67123
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SRTSPX - ImagePath [C:\WINDOWS\System32\Drivers\SRTSPX.SYS]
C:\WINDOWS\system32\DRIVERS\srv.sys InMem: 0 Det [G] MD5: EA554A3FFC3F536FE8320EB38F5E4843 PX5: 75BFBC608040FEEB14BC05A8A20D28000AA8481B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Srv - ImagePath [C:\WINDOWS\system32\DRIVERS\srv.sys]
C:\WINDOWS\system32\DRIVERS\StreamIP.sys InMem: 0 Det [G] MD5: 284C57DF5DC7ABCA656BC2B96A667AFB PX5: 37C869AE00A1D1423CD000F9D66948002AC47A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\streamip - ImagePath [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
C:\WINDOWS\system32\DRIVERS\swenum.sys InMem: 0 Det [G] MD5: 03C1BAE4766E2450219D20B993D6E046 PX5: FDB253C8004ADC8E110200CB82EF3C003BACCEF1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swenum - ImagePath [C:\WINDOWS\system32\DRIVERS\swenum.sys]
C:\WINDOWS\system32\drivers\swmidi.sys InMem: 0 Det [G] MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D PX5: D73823E800EBA9D4D48400057CBBEE004EA1E5C8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swmidi - ImagePath [C:\WINDOWS\system32\drivers\swmidi.sys]
C:\WINDOWS\System32\Drivers\SYMDNS.SYS InMem: 0 Det [G] MD5: A16D76BAA5D2CBE45C57FA582C1208E5 PX5: 3B4B9F31B88AB3603278005E48B5450013729768
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMDNS - ImagePath [C:\WINDOWS\System32\Drivers\SYMDNS.SYS]
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS InMem: 0 Det [G] MD5: 9E4188476848B2EF86F9C44D5164E724 PX5: 01217FF230AE4BC0E4F501F631970800241D4AF6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SymEvent - ImagePath [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
C:\WINDOWS\System32\Drivers\SYMFW.SYS InMem: 0 Det [G] MD5: C64D200569A18EA6C676266DEE3AC158 PX5: 230B8D6238669E4C3A4602B8B7860400FA8EB5D2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMFW - ImagePath [C:\WINDOWS\System32\Drivers\SYMFW.SYS]
C:\WINDOWS\System32\Drivers\SYMIDS.SYS InMem: 0 Det [G] MD5: 7764D3D7A3C858F04CED3C1F16410D89 PX5: 82161BB9B80816279C2B001C6E67E400D5420EFA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMIDS - ImagePath [C:\WINDOWS\System32\Drivers\SYMIDS.SYS]
C:\Programmi\File comuni\Symantec Shared\SymcData\idsdefs\20080212.002\SymIDSco.sys InMem: 0 Det [G] MD5: 5EA7A6B3F5BCFE67097F059AA36DDF60 PX5: F85B2777703CF8F4698C021AB79A200092E982B5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMIDSCO - ImagePath [C:\Programmi\File comuni\Symantec Shared\SymcData\idsdefs\200802]
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS InMem: 0 Det [G] MD5: 8522728AC549D31A4762C184187EFA68 PX5: E4313501B82787FE89EC00BA02F9AB006AC32092
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMNDIS - ImagePath [C:\WINDOWS\System32\Drivers\SYMNDIS.SYS]
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS InMem: 0 Det [G] MD5: 829830A3CA1C5E329D68E26C9CD2DE8D PX5: C15D1F44B85E01946B6500334F03E500369AE0DF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMREDRV - ImagePath [C:\WINDOWS\System32\Drivers\SYMREDRV.SYS]
C:\WINDOWS\System32\Drivers\SYMTDI.SYS InMem: 0 Det [G] MD5: B1AA9704124B494C34E8D372E6654196 PX5: 0F97E0ED38BAD874EC8102115A2B73006A1C2319
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SYMTDI - ImagePath [C:\WINDOWS\System32\Drivers\SYMTDI.SYS]
C:\WINDOWS\system32\drivers\sysaudio.sys InMem: 0 Det [G] MD5: 650AD082D46BAC0E64C9C0E0928492FD PX5: 23CF2276806778A5EDCF00D9512FDE00BB195FEF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sysaudio - ImagePath [C:\WINDOWS\system32\drivers\sysaudio.sys]
C:\WINDOWS\system32\smlogsvc.exe InMem: 0 Det [G] MD5: BC8B8694DEF74B4E6C626322D4321A54 PX5: C0E6801A0095AB606A660128541E440050C06325
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SysmonLog - ImagePath [C:\WINDOWS\system32\smlogsvc.exe]
C:\WINDOWS\system32\DRIVERS\tcpip.sys InMem: 0 Det [G] MD5: 90CAFF4B094573449A0872A0F919B178 PX5: 9F6EEC1C80D7CCB57E0F0545DD505C004B15302D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Tcpip - ImagePath [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
C:\WINDOWS\system32\DRIVERS\termdd.sys InMem: 0 Det [G] MD5: A540A99C281D933F3D69D55E48727F47 PX5: 3111E3EA882052CE9F39002D38F46900A7415306
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermDD - ImagePath [C:\WINDOWS\system32\DRIVERS\termdd.sys]
C:\WINDOWS\system32\tlntsvr.exe InMem: 0 Det [G] MD5: 2A9DAAEF2CC0333DB6F129F2F8B3D3FD PX5: F869AF89008EB51B24EC0113A0DCBB001FBDD7D2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TlntSvr - ImagePath [C:\WINDOWS\system32\tlntsvr.exe]
C:\WINDOWS\system32\DRIVERS\U81xbus.sys InMem: 0 Det [G] MD5: 8452977E2331AF70652C3A4C28D2706D PX5: 636BA6AE80BA08EBCCA600C627B20300F4153A82
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\U81xbus - ImagePath [C:\WINDOWS\system32\DRIVERS\U81xbus.sys]
C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys InMem: 0 Det [G] MD5: E39C410FCD87570E36DCC34F6D2502B7 PX5: 31921DB1B0BD154417E5006CB132E600A31EB800
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\U81xmdfl - ImagePath [C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys]
C:\WINDOWS\system32\DRIVERS\U81xmdm.sys InMem: 0 Det [G] MD5: EB0BBF5D8C53F1ABE7911907B276A0B6 PX5: C32C40E1006473694A6D01A50AC5480064D084D1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\U81xmdm - ImagePath [C:\WINDOWS\system32\DRIVERS\U81xmdm.sys]
C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys InMem: 0 Det [G] MD5: F0EEA020CC5986260B87CB92050AF160 PX5: A8190750A0C050122E5901E335052400CB6E5CB3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\U81xmgmt - ImagePath [C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys]
C:\WINDOWS\system32\DRIVERS\U81xobex.sys InMem: 0 Det [G] MD5: AA1EB6BFD8176C25C04B803542BCD7AC PX5: 397FA604C036B20526CC0133E3978500C1304D58
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\U81xobex - ImagePath [C:\WINDOWS\system32\DRIVERS\U81xobex.sys]
C:\WINDOWS\system32\DRIVERS\uagp35.sys InMem: 0 Det [G] MD5: 49C805D42D75EDDC9B6A7130999C9054 PX5: 9D095C07801C22E3AE6600D63D61E600F240BE62
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\uagp35 - ImagePath [C:\WINDOWS\system32\DRIVERS\uagp35.sys]
C:\WINDOWS\system32\DRIVERS\update.sys InMem: 0 Det [G] MD5: CED744117E91BDC0BEB810F7D8608183 PX5: DB815C1080BD5D598E3605C672D6A20096A59C7E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Update - ImagePath [C:\WINDOWS\system32\DRIVERS\update.sys]
C:\WINDOWS\System32\ups.exe InMem: 0 Det [G] MD5: E4896F38A3F8DACEA6EA8D7EC9889D91 PX5: B1B748F7000750CB484000B4D1F04D00484BD2C2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UPS - ImagePath [C:\WINDOWS\System32\ups.exe]
C:\WINDOWS\system32\drivers\usbaudio.sys InMem: 0 Det [G] MD5: 45A0D14B26C35497AD93BCE7E15C9941 PX5: FF94AD3180F83D9CE71F009B89049300D8E6B2BA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbaudio - ImagePath [C:\WINDOWS\system32\drivers\usbaudio.sys]
C:\WINDOWS\system32\DRIVERS\usbccgp.sys InMem: 0 Det [G] MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79 PX5: 3051DD5F80B0E02D7BC400CFE2D7F10086CC5663
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbccgp - ImagePath [C:\WINDOWS\system32\DRIVERS\usbccgp.sys]
C:\WINDOWS\system32\DRIVERS\usbehci.sys InMem: 0 Det [G] MD5: 15E993BA2F6946B2BFBBFCD30398621E PX5: 42E57CAC00DC4FAF684000867EE93C003087E4F7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbehci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
C:\WINDOWS\system32\DRIVERS\usbhub.sys InMem: 0 Det [G] MD5: C72F40947F92CEA56A8FB532EDF025F1 PX5: 1972CD35009EF197E1E10053A918EE0090181966
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbhub - ImagePath [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
C:\WINDOWS\system32\DRIVERS\usbscan.sys InMem: 0 Det [G] MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85 PX5: A345B33E004758873B29000DE02C9B00A6455141
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbscan - ImagePath [C:\WINDOWS\system32\DRIVERS\usbscan.sys]
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS InMem: 0 Det [G] MD5: 6CD7B22193718F1D17A47A1CD6D37E75 PX5: 6135CAAA80509344675C002A218295006093CEAA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\USBSTOR - ImagePath [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
C:\WINDOWS\system32\DRIVERS\usbuhci.sys InMem: 0 Det [G] MD5: F8FD1400092E23C8F2F31406EF06167B PX5: 4756F37D00016D8B5030004DF844F10054C11836
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbuhci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
C:\Programmi\MSN Messenger\usnsvc.exe InMem: 0 Det [GP] MD5: C5B70A6AA947667CE0E5FC84A05EC8B6 PX5: 5ADE8CB4702068007B8E0103793683003D23EE98
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usnjsvc - ImagePath [C:\Programmi\MSN Messenger\usnsvc.exe]
C:\WINDOWS\system32\DRIVERS\V0220Dev.sys InMem: 0 Det [G] MD5: D26829D436F592F6D80D71B9C02C690F PX5: F7705F74C07625C83A9B020517DA4C00A0A6F11A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\V0220Dev - ImagePath [C:\WINDOWS\system32\DRIVERS\V0220Dev.sys]
C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys InMem: 0 Det [G] MD5: EB4E73963BC2EDA84B93B29174E15B02 PX5: 55E779B48098A66418AC00F96BBA4900D32687D7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\V0220Vfx - ImagePath [C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys]
C:\WINDOWS\System32\drivers\vga.sys InMem: 0 Det [G] MD5: 8A60EDD72B4EA5AEA8202DAF0E427925 PX5: 14B18202007EA0B752C8003693833D00BCED634F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VgaSave - ImagePath [C:\WINDOWS\System32\drivers\vga.sys]
C:\WINDOWS\system32\DRIVERS\viaide.sys InMem: 0 Det [G] MD5: 59CB1338AD3654417BEA49636457F65D PX5: 763F36E3001A65E115B100F2DCFD2A00D63490D3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ViaIde - ImagePath [C:\WINDOWS\system32\DRIVERS\viaide.sys]
C:\WINDOWS\system32\DRIVERS\viamraid.sys InMem: 0 Det [G] MD5: 65864ABA65EEE06EA586009301834E43 PX5: BD3CAE81809E417B1FB901DF03EEE500A7993B2D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\viamraid - ImagePath [C:\WINDOWS\system32\DRIVERS\viamraid.sys]
C:\WINDOWS\System32\vssvc.exe InMem: 0 Det [G] MD5: 147C653AD61BD01556723B3C8C4FAFC8 PX5: F8FD01E1006746AE7C9C04ADE2180F00B254A617
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VSS - ImagePath [C:\WINDOWS\System32\vssvc.exe]
C:\WINDOWS\system32\DRIVERS\wanarp.sys InMem: 0 Det [G] MD5: 984EF0B9788ABF89974CFED4BFBAACBC PX5: D61BDDFF00BF41D487E5002B87E94900EE92AF43
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wanarp - ImagePath [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
C:\WINDOWS\system32\DRIVERS\wceusbsh.sys InMem: 0 Det [G] MD5: DC7F91B2ED24A738C807EA07F298928C PX5: E6535FF68050EE6296E7012837A2D30057809BD8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wceusbsh - ImagePath [C:\WINDOWS\system32\DRIVERS\wceusbsh.sys]
C:\WINDOWS\system32\DRIVERS\Wdf01000.sys InMem: 0 Det [G] MD5: FD47474BD21794508AF449D9D91AF6E6 PX5: 3F2CEB17E015BE6B81170798A6F9CE00B2E12A31
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wdf01000 - ImagePath [C:\WINDOWS\system32\DRIVERS\Wdf01000.sys]
C:\WINDOWS\system32\drivers\wdmaud.sys InMem: 0 Det [G] MD5: EFD235CA22B57C81118C1AEB4798F1C1 PX5: 1A706C8200C406CF446E0184AD924B00FE330A09
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wdmaud - ImagePath [C:\WINDOWS\system32\drivers\wdmaud.sys]
C:\WINDOWS\system32\wbem\wmiapsrv.exe InMem: 0 Det [G] MD5: 0EE2A2754039B13A632489726689DAD0 PX5: A8EB9B0C007C19C1EE9501FD1D31580061EB57F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiApSrv - ImagePath [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
C:\WINDOWS\System32\Drivers\wpdusb.sys InMem: 0 Det [G] MD5: 1385E5AA9C9821790D33A9563B8D2DD0 PX5: A638B0C8000D268C4AED005D8693620025555564
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WpdUsb - ImagePath [C:\WINDOWS\System32\Drivers\wpdusb.sys]
C:\WINDOWS\System32\drivers\ws2ifsl.sys InMem: 0 Det [G] MD5: 6ABE6E225ADB5A751622A9CC3BC19CE8 PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WS2IFSL - ImagePath [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS InMem: 0 Det [G] MD5: D5842484F05E12121C511AA93F6439EC PX5: B2CFBF068074D4084BB4001A2B9A35007D8AF7A1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WSTCODEC - ImagePath [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
C:\WINDOWS\system32\WpdMtpDr.dll InMem: 0 Det [G] MD5: 63967C9486A020ADFC0AFD1B90D3DF37 PX5: 25A0473600E79E3E107A05FAB5FCA700AD4683F6
REGSERVICE - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr - ImagePath [C:\WINDOWS\system32\WpdMtpDr.dll]
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe InMem: 0 Det [G] MD5: 033FF248550305ED52ED2D2844A8A11B PX5: DA17C5410038B21A602001FADE6C4C00FFF86873
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - StartCCC [C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe]
C:\WINDOWS\system32\RunDll32.exe InMem: 0 Det [G] MD5: F88CDB0CCC416B3778736BE74CDEBB94 PX5: 797CA9E8007174E38209003396ABA600D9E79205
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - Cmaudio [RunDll32 cmicnfg.cpl,CMICtrlWnd]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.i]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} - StubPath [C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dl]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\system\cmicnfg.cpl InMem: 0 Det [G] MD5: F12A9D234CC866B731625B93898E9993 PX5: 5C92260F00FA8EBA30F6276422D2420093A0673A
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - Cmaudio [RunDll32 cmicnfg.cpl,CMICtrlWnd]
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Cmcpls [C:\WINDOWS\System\cmicnfg.cpl]
C:\WINDOWS\system32\userinit.exe InMem: 0 Det [G] MD5: C1E7FE19F98A877BF8F941BF48148695 PX5: 33A4BB2F001DA1EB620B00510674AE00F15A5361
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UserInit [C:\WINDOWS\system32\userinit.exe]
C:\WINDOWS\system32\logonui.exe InMem: 0 Det [G] MD5: 43BDF167CE792A5639D99AD7F1EABC1C PX5: 6B3184960083D65DDE0B0761A134100078FE806C
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UIHost [logonui.exe]
C:\WINDOWS\system32\autochk.exe InMem: 0 Det [G] MD5: 779768A0A8091EDB749DCB8FE60213E1 PX5: 38890F3300760B775A86096430A56A00DB68AE82
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - BootExecute [autocheck]
C:\WINDOWS\system32\Java.exe InMem: 0 Det [G] MD5: 08996DD4135EEDCB346BC4AD97B88A72 PX5: CF91D0AB004CEFDC1058024195AB4E00D7A77728
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} - [Java (Sun)]
C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll InMem: 0 Det [G] MD5: 1FC79CF17ECA1F4E0FC784ABB8D72C31 PX5: 18FDF0650029FF2F9067038B74E5FB00E6236711
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} - KeyFileName [C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll]
C:\WINDOWS\system32\Security.dll InMem: 0 Det [G] MD5: 71ECCDFAED35071ECB63430732E4276F PX5: 6E962CC0006BCF2D162C007F8D738E00DB8BC691
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - [Security Update for Microsoft .NET Framework 2.0 (KB922770)]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - [Security Update for Microsoft .NET Framework 2.0 (KB928365)]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F} - [Security Update for Microsoft .NET Framework 2.0 (KB917283)]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - [Security]
C:\WINDOWS\system32\msieftp.dll InMem: 0 Det [G] MD5: 9BA0424BF46A751E9F68829A9AFBE680 PX5: 44133DFB00C5C1B9D64903B9EB9B6E00A95E5477
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9} - KeyFileName [C:\WINDOWS\system32\msieftp.dll]
C:\WINDOWS\system32\ieudinit.exe InMem: 0 Det [G] MD5: 324ECD19DB11EBDBA37E1F69D887B565 PX5: 73CA61DA00728720360A0021165ED300383A334D
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - StubPath [C:\WINDOWS\system32\ieudinit.exe]
C:\WINDOWS\inf\unregmp2.exe InMem: 0 Det [G] MD5: D2490A74A0814C09E3844F2D41DAF1F2 PX5: FC6E369700C7E58BF0180217C418240009C77A80
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Stubpath [C:\WINDOWS\inf\unregmp2.exe /ShowWMP]
C:\WINDOWS\system32\ie4uinit.exe InMem: 0 Det [G] MD5: 5082EB7CEBC228028E5326D1CB05B925 PX5: 4744B054003C4032144001425FEA5D00DFFD0625
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - StubPath [C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - StubPath [C:\WINDOWS\system32\ie4uinit.exe -BaseSettings]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - LocalizedName [@C:\WINDOWS\system32\ie4uinit.exe,-21]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - LocalizedName [@C:\WINDOWS\system32\ie4uinit.exe,-20]
C:\WINDOWS\system32\IEDKCS32.DLL InMem: 0 Det [G] MD5: 78A279D37A53D5617E61F23AAFF505D1 PX5: 9FB6E06100A76C9BDE4E054D2A167800B0FE311E
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - LocalizedName [@C:\WINDOWS\system32\iedkcs32.dll,-3052]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} - DllName [iedkcs32.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} - DllName [iedkcs32.dll]
C:\WINDOWS\system32\shmgrate.exe InMem: 0 Det [G] MD5: F8CBCDAA8C509F6A424834FE51956E21 PX5: 20602ECB00AD0F89A6D6007CC62E8E00FE74C13B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - StubPath [%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE]
C:\WINDOWS\system32\regsvr32.exe InMem: 0 Det [G] MD5: DA9623D7E0CA24DD3E08523287E05A4C PX5: 9F2DE48F0086912530FD001A3E083800D58E0872
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} - StubPath [%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %System]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} - StubPath [regsvr32.exe /s /n /i:U shell32.dll]
C:\Programmi\Outlook Express\setup50.exe InMem: 0 Det [G] MD5: 5565E7539564F955441DE6FDCBE447A9 PX5: 990052A900467F972069015D0AA93E00C6116D6B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WI]
C:\WINDOWS\system32\mscories.dll InMem: 0 Det [G] MD5: 46E55AEA48BAD9297DF685C722619BD6 PX5: 652959240095250822A60140F37F47001792531A
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} - StubPath [C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dl]
C:\WINDOWS\system32\logon.scr InMem: 0 Det [G] MD5: 6FA8411D60C4FAEE5102EEE1367AB34D PX5: 509D0B6F00114C175E1803F3B4819D004996445C
REGSCRNSAVE - \REGISTRY\User\.DEFAULT\Control Panel\Desktop - SCRNSAVE.EXE [logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-19\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-20\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-18\Control Panel\Desktop - SCRNSAVE.EXE [logon.scr]
C:\WINDOWS\system32\gptext.dll InMem: 0 Det [G] MD5: F286C70F59F434B6DDBAB5738B6B029B PX5: 3937BBDB001CF5150EDE03108010A6002700AFB6
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} - DllName [gptext.dll]
C:\WINDOWS\system32\fdeploy.dll InMem: 0 Det [G] MD5: B4767457D286EBB4767C5EC1DF9A7424 PX5: 4B245433003392E32A140131FF3EF30000999A70
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} - DllName [fdeploy.dll]
C:\WINDOWS\system32\dskquota.dll InMem: 0 Det [G] MD5: 78B72D69EE065560A89B7ECE65ED7E2C PX5: 67A29FF30003BFCF6E3801450DA1040095E8819B
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} - DllName [dskquota.dll]
C:\WINDOWS\System32\srchadmin.dll InMem: 0 Det [G] MD5: 904B192919CF43929289E9661BAF57FD PX5: C2445D0C00E0767AE6DA0315DFBAF000870F820F
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93} - DllName [%SystemRoot%\System32\srchadmin.dll]
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Search Admin [%SystemRoot%\System32\srchadmin.dll]
C:\WINDOWS\system32\appmgmts.dll InMem: 0 Det [G] MD5: 00E50CD4D9247CB56EFC1360C32AB755 PX5: D38F92810065B7EDAC840228F23E3C004E625C37
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} - DllName [appmgmts.dll]
C:\WINDOWS\system32\cryptnet.dll InMem: 0 Det [G] MD5: F8DD2E38ECC275AE94EDC7C0492416EF PX5: 7068F9AD00A507EDF8EF0072A0BBE3005197631B
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet - DllName [cryptnet.dll]
C:\WINDOWS\system32\sclgntfy.dll InMem: 0 Det [G] MD5: 5FF2551A3D740476F06B20F59CD7F0BE PX5: 164435B300B5B4E0548400AA1F6E0800C2CDD06A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy - DllName [sclgntfy.dll]
C:\WINDOWS\system32\comm.drv InMem: 0 Det [G] MD5: 01B656374912D7CCF7465A3893F18982 PX5: 0D8B262B3068553F296F004B25B4F300F3172575
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - comm.drv [comm.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\vga.drv InMem: 0 Det [G] MD5: 9C86BBB80450AF95B6A4EA8EBDA93D76 PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - display.drv [vga.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mmsystem.dll InMem: 0 Det [G] MD5: 7B3633A771FFAD1CFB8D999FB5FC2687 PX5: B7018ADE208113FC103101C8EB6DD700B1D99765
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - drivers [mmsystem.dll]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\keyboard.drv InMem: 0 Det [G] MD5: ED4BF709AAD8B665075DE06A0945B030 PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - keyboard.drv [keyboard.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mouse.drv InMem: 0 Det [G] MD5: 7D29780AC88BB7292CDCFF71BA67433D PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - mouse.drv [mouse.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wfwnet.drv InMem: 0 Det [G] MD5: 5302ADA9B0793C84151FC463DD65D7BF PX5: E9641F0220200734353000D28FC59A003BEC664C
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - network.drv [wfwnet.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\progman.exe InMem: 0 Det [G] MD5: DF0960F73F899D517FFE5A96F8715E0E PX5: C0D0815600445D69AC3B01B2DAB067005DE0E11A
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - shell [progman.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\sound.drv InMem: 0 Det [G] MD5: 028A1F74926DC3DF2D9629EDC9AEBAFB PX5: E70CAE91D00DCE52067C00647C846400B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - sound.drv [sound.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\system.drv InMem: 0 Det [G] MD5: 4A00D59AE6D75BDFC2C8E5182C4B1376 PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - system.drv [system.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntvdm.exe InMem: 0 Det [G] MD5: 0FEA136CC628C6182E91598F7990229C PX5: DFD881F400018F016A4F06473E7EAA001AE7779E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - cmdline [%SystemRoot%\system32\ntvdm.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - wowcmdline [%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386]
C:\WINDOWS\system32\commdlg.dll InMem: 0 Det [G] MD5: 282C6A1E0565458CE162C907A84043F4 PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ctl3dv2.dll InMem: 0 Det [G] MD5: 637D88E7A1BEDC4457C80DBC8BA9F135 PX5: C84734B440655DC66A4D00304EF8AC0014627D07
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ddeml.dll InMem: 0 Det [G] MD5: BF6529DE6619C4970E727F58E0AD48D1 PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\lanman.drv InMem: 0 Det [G] MD5: E9D142FEAA02E867C8DCDDFE84E29E20 PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\netapi.dll InMem: 0 Det [G] MD5: 0F4AD2E828A6CB0F100CB36F3AC6FAEE PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olecli.dll InMem: 0 Det [G] MD5: CA0305757C0648715F6D92BA0C43992F PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olesvr.dll InMem: 0 Det [G] MD5: 16BF834A84A7DC0D24EDC8E924C90637 PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\pmspl.dll InMem: 0 Det [G] MD5: 57F8A50513E43AAF6A7B23389E389BBC PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\shell.dll InMem: 0 Det [G] MD5: DC8A8C47542EDD026AD8F4AC3D6C2292 PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\toolhelp.dll InMem: 0 Det [G] MD5: C86363C599E5D6836C21A3A3FD21C388 PX5: 87219368400265353643009B30E21C003936EBD7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\win87em.dll InMem: 0 Det [G] MD5: C980C971AD4FF3CA5CEFDEF40932D3A1 PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winoldap.mod InMem: 0 Det [G] MD5: 0DDFD6315DA4B29D09D09B6873EA460B PX5: E19A53B2202676D208C7002132DA8800B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winsock.dll InMem: 0 Det [G] MD5: 68485C5EF0E2EFCEBF21BBB1042B823B PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winspool.exe InMem: 0 Det [G] MD5: 0B4B94B78123E8035B84105BC024F9F8 PX5: F5BB157440E5748C08D600021F9AD300B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wowdeb.exe InMem: 0 Det [G] MD5: A7B82D6B38A2ACD3B2684E7371C6CE93 PX5: C1613D5DB0A80A260ABB006471357400B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\timer.drv InMem: 0 Det [G] MD5: 01DC53809B29550424FDB88345F6872C PX5: 01DC5380F09B29550F040024FDB8830045F6872C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\compobj.dll InMem: 0 Det [G] MD5: 40F9FC896B2BA69FDC04D75E9D00DD01 PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\storage.dll InMem: 0 Det [G] MD5: 3A5CD674ADA85BCC1FF26B81B4CDEFB5 PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2.dll InMem: 0 Det [G] MD5: 145AA8ECF0526C093F71117C181694AB PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2disp.dll InMem: 0 Det [G] MD5: EB38BE7D7CF9EC15442A9D24CB39A2AC PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2nls.dll InMem: 0 Det [G] MD5: 32CFCC848A57F87638E31E8735515F80 PX5: 09B13294B021FA9E558F026E08072F00900228B5
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\typelib.dll InMem: 0 Det [G] MD5: 7161255DFA81E67B66B746D2504D2F2B PX5: C0620321C004C14EB60D020DCCE16200701F9AEA
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msvideo.dll InMem: 0 Det [G] MD5: 0FEC57467004486CF202ED7BDFA5DCEE PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avifile.dll InMem: 0 Det [G] MD5: 92FBB472D13A6CC283529301810922FB PX5: 23078576D07C879BAB0E016052733100CC123BD6
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msacm.dll InMem: 0 Det [G] MD5: B3E0E6C925D333FDCA47808EBF787CB2 PX5: 9509859960B48961EF3C0048E192C7002EB67DBB
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciavi.drv InMem: 0 Det [G] MD5: E6A1BB6F039486BCEB825B365AA5548D PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciseq.drv InMem: 0 Det [G] MD5: 6F3561B8890792B0F61C353D1FC85F9C PX5: 6F3561B8D089079262B000F61C353D001FC85F9C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciwave.drv InMem: 0 Det [G] MD5: 2D1A8D96222A829884C50D453B805765 PX5: 2D1A8D9600222A826E980084C50D45003B805765
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avicap.dll InMem: 0 Det [G] MD5: 4A78D6C08D90BDE538D5B538A082C1C9 PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntsd.exe InMem: 0 Det [G] MD5: 3ECFFB9259462ACCCAF0063841E85E9B PX5: 834FBBDD002D211C7C10004432E9BD00FC3D4F55
REGIFEO - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a - Debugger [ntsd -d]
C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe InMem: 0 Det [G] MD5: 73FA09B84B23A1897809A84F976D5D99 PX5: 587994D7C0C94489B8832A797FF23600AB5ECAC5
REGRTMDBG - \REGISTRY\Machine\Software\Microsoft\Remote Debugger Autolaunch\Msvsmon Protocol v8040 - Visual Studio.NET Whidbey ["C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debug]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll InMem: 0 Det [G] MD5: 233CE7C252D3AC7DE4A793C45B6F4CC3 PX5: B885D7570011A1C33E580C3C0EDB9F0028F9BD5D
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll]
C:\WINDOWS\system32\msapsspc.dll InMem: 0 Det [G] MD5: 9B6E96F4EC4104BCB180C5BEA2787B3F PX5: 8C479BBA0065475850000105207F00002CA02E51
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\digest.dll InMem: 0 Det [G] MD5: 9B4CD31081F2CE1D69D2580D015C82EA PX5: 2283761F0087EB020C9B01CC3CCBC600B4AB6B96
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\msnsspc.dll InMem: 0 Det [G] MD5: A99939BAE7757437683F4D6B1021A499 PX5: 5FC3C3D6008FE4D0702D042D3521CB003038EB19
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\Resources\themes\Luna\Luna.msstyles InMem: 0 Det [G] PX5: D4AC08E190E1815FF0763FFB772E82003759142D
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Themes - InstallVisualStyle [%SystemRoot%\Resources\themes\Luna\Luna.msstyles]
C:\WINDOWS\system32\rdpclip.exe InMem: 0 Det [G] MD5: 456E33D8A5B34B0B9B5DE1270E13C7A3 PX5: 3129DB34009CADCFF4300018D68AB90013FA4372
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - StartupPrograms [rdpclip]
C:\WINDOWS\system32\rdpwsx.dll InMem: 0 Det [G] MD5: 98B543037E34C640622FA61E895326C4 PX5: 2D4F90888862EA65546401DF11DAFF009FB4CACF
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - WsxDll [rdpwsx]
C:\WINDOWS\system32\RDPCFGEX.DLL InMem: 0 Det [G] MD5: 0F6F4433F47441C14F17D5348CF609B0 PX5: 648184F200AE0568123C00C1F661D900A8042FB8
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - CfgDll [RDPCFGEX.DLL]
C:\WINDOWS\System32\cmd.exe InMem: 0 Det [G] MD5: 94744851B6A9BDCEFCD26CC61A6AFD12 PX5: 174F65020044C14C121406F23AA7F300C65DE81F
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\1.0 - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\Defaults - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGSAFESEC - \REGISTRY\Machine\System\CurrentControlSet\Control\SafeBoot - AlternateShell [cmd.exe]
C:\WINDOWS\system32\rdpsnd.dll InMem: 0 Det [G] MD5: 1C5C414CC29D507B89E355E1733A7491 PX5: 34FBA65500CFB6AF4EE7003742BB470065937B12
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wave [rdpsnd.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - mixer [rdpsnd.dll]
C:\WINDOWS\system32\imaadp32.acm InMem: 0 Det [G] MD5: 316F81B3EC381C1C76E07CA43FC12BFC PX5: 528D926A00EB3B4A408A0067B777E0007219DE4B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.imaadpcm [imaadp32.acm]
C:\WINDOWS\system32\msadp32.acm InMem: 0 Det [G] MD5: 147BA07670FA18D112D631B9EEC2CA21 PX5: 9896734D003A7B4A3AD6001B2D129300C6CAD27F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msadpcm [msadp32.acm]
C:\WINDOWS\system32\msg711.acm InMem: 0 Det [G] MD5: D609EDECB9692217BCA166C09A8AA6D0 PX5: 98836843004ECD5624170012D62AF300ADA7FDE1
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg711 [msg711.acm]
C:\WINDOWS\system32\msgsm32.acm InMem: 0 Det [G] MD5: DBB6C6DBA7C404BF266E064889C45907 PX5: 7715C6930008610D4E5300A5AC1D5400348AB758
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msgsm610 [msgsm32.acm]
C:\WINDOWS\system32\tssoft32.acm InMem: 0 Det [G] MD5: 49445261FFAAB7F8B915C4D3041AA7F4 PX5: 9DB260C30072F5C620530046E6B0DC000EF1898D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.trspch [tssoft32.acm]
C:\WINDOWS\system32\iccvid.dll InMem: 0 Det [G] MD5: BE4DE2539B3DB9D31D75FE0D323C52EE PX5: 0CEE20B80002FE623A80014E667E0900EDC97E34
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.cvid [iccvid.dll]
C:\WINDOWS\system32\msh263.drv InMem: 0 Det [G] MD5: B2E67E6045966C14A746627DCCF3F67D PX5: D1EBECF00092F1C390AB04548720B200A8771D55
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.I420 [msh263.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M263 [msh263.drv]
C:\WINDOWS\system32\ir32_32.dll InMem: 0 Det [G] MD5: CDE3AEAEEFF57DBB43133F46E96AD8C5 PX5: 48C6FD2800CF7D770AB40340E9EE0B00336C0935
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv31 [ir32_32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv32 [ir32_32.dll]
C:\WINDOWS\system32\ir41_32.ax InMem: 0 Det [G] MD5: 757C7944EB0D518020BB59A1A3AE9826 PX5: 88C1844600D60C2BF2960C06110E8900D716354E
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv41 [ir41_32.ax]
C:\WINDOWS\system32\iyuv_32.dll InMem: 0 Det [G] MD5: 193315B73270BAD33A3C2F527C8380F6 PX5: 8D2F485A000F6953BA8B00EF89F3AE0028DCEE98
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.IYUV [iyuv_32.dll]
C:\WINDOWS\system32\msrle32.dll InMem: 0 Det [G] MD5: 7B999CA58C6276D885F17ABC73982009 PX5: 6AD29AC5008293D12C2D00B216F74700B26503F0
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mrle [msrle32.dll]
C:\WINDOWS\system32\msvidc32.dll InMem: 0 Det [G] MD5: D648EDBA85278839E30979CE627E5C81 PX5: CE4E524C0073A8EC64FF00E1300C68000D8D97A8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.msvc [msvidc32.dll]
C:\WINDOWS\system32\msyuv.dll InMem: 0 Det [G] MD5: B35E1E08BF94E68DAF5D9F52485EA368 PX5: 92EC75E800DB9BE5440C000A47ABC3009642377A
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.UYVY [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YUY2 [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YVYU [msyuv.dll]
C:\WINDOWS\system32\tsbyuv.dll InMem: 0 Det [G] MD5: A892EC07DFFC3D8BF879102982F08721 PX5: 86646A040019522320A100B4BB4D900094B11477
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YVU9 [tsbyuv.dll]
C:\WINDOWS\system32\msg723.acm InMem: 0 Det [G] MD5: D53BDE174AD076AE58C8245A524CFB85 PX5: 11020CC8008FB79ED00601EAD6C03900AA679A83
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg723 [msg723.acm]
C:\WINDOWS\system32\msh261.drv InMem: 0 Det [G] MD5: 35F5338123495C871C4C7CC9FCE784F6 PX5: A41AA5420008DA3EF0B402388EE55600B25D24F8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M261 [msh261.drv]
C:\WINDOWS\system32\msaud32.acm InMem: 0 Det [G] MD5: 9EFCA60A4BDCF77FC5E2337E3AB61B1E PX5: C38F33CC0026C9E080B10460DFC46F004CE633B9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msaudio1 [msaud32.acm]
C:\WINDOWS\system32\sl_anet.acm InMem: 0 Det [G] MD5: C2E1907DDE505F02585E7C85F927333A PX5: 3DA8D952002B67BF508D01A57E615F00B2B2EA92
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.sl_anet [sl_anet.acm]
C:\WINDOWS\system32\iac25_32.ax InMem: 0 Det [G] MD5: 60B88C336EF385EB0ED77B73852712F3 PX5: D062C8E7003B5A390C1703C014BB9700CE1BED53
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.iac2 [C:\WINDOWS\system32\iac25_32.ax]
C:\WINDOWS\system32\ir50_32.dll InMem: 0 Det [G] MD5: B11FB596034932DC55A7638911F482C2 PX5: 8FA030FE0030B5D3865F0B4087D0420068F6854C
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv50 [ir50_32.dll]
C:\WINDOWS\system32\xvidvfw.dll InMem: 0 Det [G] MD5: E8F602CA1E700496240CF07D9681D040 PX5: EEC1C1CF006B507E205902D35DF7EA00DF04A594
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.XVID [xvidvfw.dll]
C:\WINDOWS\system32\VfWWDM32.dll InMem: 0 Det [G] MD5: 148B5330921C365FA4A2DB6C431A9B2C PX5: 50A7CDEB00FEFE76D6A800E76B929700EFCC0032
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - MSVideo8 [VfWWDM32.dll]
C:\WINDOWS\system32\sirenacm.dll InMem: 0 Det [G] MD5: C2BDE52E48E668FE6F95C40BBA7AA310 PX5: 92D29F56708DC7D2C7BF005BB97C8A00D5F934F9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.siren [sirenacm.dll]
C:\WINDOWS\system32\mobilev.acm InMem: 0 Det [G] MD5: 2F2D08FA7E0AE68DBB2A836056B4618E PX5: D352C36A52103C5EE0B500BAF47031002761CD98
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - MSACM.CEGSM [mobilev.acm]
C:\WINDOWS\system32\vct3216.acm InMem: 0 Det [G] MD5: 83A083A42F97BCF3F8E016820178DDE2 PX5: A8B5CFD700A70B57440E012658B30500CBDE42E1
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.voxacm160 [vct3216.acm]
C:\WINDOWS\system32\scg726.acm InMem: 0 Det [G] MD5: DC4B2F21968AC6E7E6C8A4417ED0D85C PX5: 5F44D1F8B7CE296F337E00A5C951FE007B5C9F1A
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.scg726 [scg726.acm]
C:\WINDOWS\system32\alf2cd.acm InMem: 0 Det [G] MD5: 8210141840CE237FBF40B6E26E2DD11D PX5: CC3B55D5003C64F0984800E0ABECCF009D0F31C1
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.alf2cd [alf2cd.acm]
C:\WINDOWS\system32\AC3ACM.acm InMem: 0 Det [G] MD5: 59683D1E4CD0B1AD6AE32E1D627AE25F PX5: 6732A8410031C4E5408A010540795E00978E7D0E
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.ac3acm [AC3ACM.acm]
C:\WINDOWS\system32\mcdvd_32.dll InMem: 0 Det [G] MD5: 521F1463E9733FD867E097727DD90177 PX5: 8A83029A009C0AD6FE2403290B03B700D71B25C4
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.dvsd [mcdvd_32.dll]
C:\WINDOWS\system32\mpg4c32.dll InMem: 0 Det [G] MD5: 016BE824802F3869A7DA2F2B6329B563 PX5: 05FD8AD84072E10450C106E8D49CCF005E072D5B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mpg4 [mpg4c32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mp42 [mpg4c32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mp43 [mpg4c32.dll]
C:\WINDOWS\system32\rsvpsp.dll InMem: 0 Det [G] MD5: B4B4BC22821A8A0AC357297B784B996E PX5: 316FAA8C007F4493605401B98234D5008F685EE8
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
C:\WINDOWS\system32\ipxrip.dll InMem: 0 Det [G] MD5: 2DAC54A61B837FAC36FFD92B7E39B3FF PX5: 859821B9009D40A9548200AD83A363008B36EF0D
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXRIP - DllName [ipxrip.dll]
C:\WINDOWS\system32\ipxsap.dll InMem: 0 Det [G] MD5: 3EEA6D343B3D6FCF500DB1837C07DF06 PX5: 85797B9500D099280499015DBB948C00AAAAF548
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXSAP - DllName [ipxsap.dll]
C:\WINDOWS\System32\iprtrmgr.dll InMem: 0 Det [G] MD5: 30584106B1E3C4F836D35C92BA38B184 PX5: D40494A6008ED12A98FE023AAD1857000DD8C7B5
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip - DllPath [%SystemRoot%\System32\iprtrmgr.dll]
C:\WINDOWS\System32\ipxrtmgr.dll InMem: 0 Det [G] MD5: 7FF943A30BA413C3F43E8441A28B7AA7 PX5: 4718448E00AA1CC09C1B00C6E262700012078A35
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx - DllPath [%SystemRoot%\System32\ipxrtmgr.dll]
C:\WINDOWS\system32\Firewall.cpl InMem: 0 Det [G] MD5: 486C95D7867757EF75946CDC7FA547DD PX5: C6AD4E5900619E5B3AA801566FFF65004318E0B5
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Internet Connection Firewall [Firewall.cpl]
C:\WINDOWS\system32\NetSetup.cpl InMem: 0 Det [G] MD5: 6C00E8B5734CD98456E36A1919393597 PX5: 1727E2B500CA6EDF648A0091303FF7003D7EE312
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - NetSetupWizard [NetSetup.cpl]
C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl InMem: 0 Det [G] MD5: B281E4E0C7DE6016F067191AA0B10047 PX5: 4B95DF2F0028608F7026024663B5470081E40772
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Speech [C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl]
C:\Programmi\Microsoft Office\Office12\MLCFG32.CPL InMem: 0 Det [G] MD5: CD2E930E206F5D6647C12C0BCB614101 PX5: 7C810CE440F34A90451701C7F0577100E02E8640
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - mlcfg32.cpl [C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL]
C:\Programmi\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl InMem: 0 Det [G] MD5: D946FD9BB2BCAE1C0D4F796690978D24 PX5: F810470F0002DB0E405709A737D1DA003F8472D2
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Nero BurnRights [C:\Programmi\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl]
C:\Programmi\Symantec\LiveUpdate\S32LUCP2.CPL InMem: 0 Det [G] MD5: E908B3321C7BD6F606FE800E1BA30FD0 PX5: A3C28D7C58326F8B55B7070E9AC2140061F3B96B
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - SYMLIVE [C:\Programmi\Symantec\LiveUpdate\S32LUCP2.CPL]
C:\WINDOWS\system32\Magnify.exe InMem: 0 Det [G] MD5: B8485B1B335C0C00397DD7ABC041475D PX5: 8FD0DD1200F1CC211E520147693D72005CC20F83
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier - Application path [Magnify.exe]
C:\WINDOWS\system32\osk.exe InMem: 0 Det [G] MD5: 7D5B9DD2D397E5D323C5DE2D0B4CAEB6 PX5: 865A974F008F100B4EF6035F16FFB2007D13E899
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard - Application path [osk.exe]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\GIFIMP32.FLT InMem: 0 Det [G] MD5: 3EA24F7FC44D3853E83426C12B67C681 PX5: 84D2B872308981F9BF570329B226A900908A8352
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\GIF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\GIF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\JPEGIM32.FLT InMem: 0 Det [G] MD5: 13B49FCD0B41B7DBB5872F0055E6EF14 PX5: 01E5873538811227C15E021F73B8120041AB700B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\JPEG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\JPEG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\PNG32.FLT InMem: 0 Det [G] MD5: 25EBC1E36D19BEF849D1BB269F0EB705 PX5: 3DC90F9B580731FB899903BA4067C600560CECF6
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\PNG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PNG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\CGMIMP32.FLT InMem: 0 Det [G] MD5: 27A3FE604FC3FDE802ABFCCFDF0F3D83 PX5: 26C2B8043076260C07B7049773A9E200BB5C0695
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CGM - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\CGMIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\EPSIMP32.FLT InMem: 0 Det [G] MD5: FB0161006561F0992BEDA1E1D3C6C88D PX5: 0459F1B8487E1E81CD7806AE91D486004D4C1742
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\EPS - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\EPSIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\PICTIM32.FLT InMem: 0 Det [G] MD5: C026A387AF6ECBFF73E11B3EE50A0161 PX5: CA1A9E5C48DCADAFF36D000C1B333A009CB8571B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PICT - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PICTIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\WPGIMP32.FLT InMem: 0 Det [G] MD5: A4A3A73334B673A744229EDCAECBECFE PX5: 61FB3A4150D1E8CFB92E02968B03DB008EFABF2A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\WPG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\WPGIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx InMem: 0 Det [G] MD5: 7CFDD7F54C64BFF62F64665A7E567896 PX5: D9CCCE7600AE330472C5014263EDAE006E08A176
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\ieinfo5 - [C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\OINFO12.OCX InMem: 0 Det [G] MD5: 532A16ACFBE3043E0ED03F7FFD34C079 PX5: B45475B3587EA55E8B680852EEE51400718D8FC5
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\OInfo12 - [C:\PROGRA~1\FILECO~1\MICROS~1\MSINFO\OINFO12.OCX]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe InMem: 0 Det [G] MD5: 12644A48270558AEC35230E476534F48 PX5: DCC20BBB0036A3BB9EFA00953DF8F200E6CDE36A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo - Path [C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe]
C:\Programmi\Microsoft Office\Office12\MSQRY32.EXE InMem: 0 Det [G] MD5: 9B652187D92BE2C3852D622A30B02069 PX5: 74830D4F1878708741130A804B9A780043C66B06
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSQuery - Path [C:\PROGRA~1\MICROS~2\Office12\MSQRY32.EXE]
C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv InMem: 0 Det [G] MD5: 20B2A413BEFA1B0D309416BF8228DC95 PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\HTML - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\HTML - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv]
C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv InMem: 0 Det [G] MD5: C396093CF40FC44D54390B6DE5B5A975 PX5: 866A893D1893730D69BA00B5F7B862005D0684E8
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MEWord12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\Word12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\Word97 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MEWord12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Word12 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Word97 - Path [C:\Programmi\Microsoft Office\Office12\Wordcnvpxy.cnv]
C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll InMem: 0 Det [G] MD5: 226476A54C0B789D8AE151A6047F84DE PX5: 818AF32B53DB764F707E0006952B4A001A02475B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSInkWriter - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSPocketInkWord - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSInkWriter - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSInkWriterTemplate - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSPocketInkWord - Path [C:\Programmi\Microsoft ActiveSync\pwiofcnv.dll]
C:\Programmi\Microsoft ActiveSync\pwoffcnv.dll InMem: 0 Det [G] MD5: 3D621CB42C1ED37F25E52C07730AECE2 PX5: C2616EAA53565A8AA07B005656667200A7AC9112
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSPocketWord - Path [C:\Programmi\Microsoft ActiveSync\pwoffcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSPocketWord - Path [C:\Programmi\Microsoft ActiveSync\pwoffcnv.dll]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSPocketWordTemplate - Path [C:\Programmi\Microsoft ActiveSync\pwoffcnv.dll]
C:\Programmi\File comuni\Microsoft Shared\Textconv\works632.cnv InMem: 0 Det [G] MD5: CC9698CB84AC18DF14E70580FC4028F1 PX5: 5B8862FF082FB0E34BA60152692FD400F277144C
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWorksWin6 - Path [C:\Programmi\File comuni\Microsoft Shared\Textconv\works632.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWorksWin6 - Path [C:\Programmi\File comuni\Microsoft Shared\Textconv\works632.cnv]
C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc InMem: 0 Det [G] MD5: AFD63CA25E43793FD7C42C5F74961559 PX5: 71A6A3C449C4AC08B01A01656F55D100B9B2E691
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWinWrite.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc InMem: 0 Det [G] MD5: DA91B90D37135534D061B7E3480FC11C PX5: 255241CE4A8E0D0D40E903D813E15E00D95525A3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv InMem: 0 Det [G] MD5: 40A28E9CC57F760A213A71FCE642CEDD PX5: E4DB25CE10AF0B4B41E904034C3FBD003A7F764C
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord8 - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv]
C:\Programmi\File comuni\Microsoft Shared\TextConv\RECOVR32.CNV InMem: 0 Det [G] MD5: 946BBCDCA29EFC242B0194A98F20212B PX5: D0F5F460484668FE7FBD00FA98D0DA005CB205A0
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Recover - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\RECOVR32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT632.CNV InMem: 0 Det [G] MD5: 3A95E167B9D97E36846229B06E4FF446 PX5: 93C03FC150E7A57B792F03C8E85F3200F71E55F0
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WordPerfect6x - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WPFT632.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT532.CNV InMem: 0 Det [G] MD5: 99BAC236069BF6524D75C826252AA9EB PX5: B1947D83503E3624BB1A02E0157C2200E8210CFC
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WrdPrfctDos - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WPFT532.CNV]
C:\WINDOWS\system32\mshta.exe InMem: 0 Det [G] MD5: 08A8931DB4D9302F9804C4DFA14596D1 PX5: 718367AA002A4EB4B2EB00A2C177ED00FAF63606
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\htafile\shell\open\command - [C:\WINDOWS\system32\mshta.exe "%1" %*]
C:\WINDOWS\system32\shscrap.dll InMem: 0 Det [G] MD5: 886E25758E76F75B62955E031EAAA7E5 PX5: CEE438A6004ACC126CE400DA76EA3300F6FBD343
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\System32\WScript.exe InMem: 0 Det [G] MD5: 58F5AC58D277F1C44E71295AAFD403F8 PX5: 4850A70600D60426C0410166FCF6E000B918B6A5
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSHFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSFFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
C:\WINDOWS\system32\mmc.exe InMem: 0 Det [G] MD5: B0B93DE885F03974C12B6238D68A6F67 PX5: C6EB514E00915CDD74820CD0EB0CF8007694B8C8
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\MSCFile\shell\open\command - [%SystemRoot%\system32\mmc.exe "%1" %*]
C:\Programmi\Outlook Express\msimn.exe InMem: 0 Det [G] MD5: 9A4B8A0D20B22E0E8BBC495CD0FC7EEA PX5: C590CE8500B66EAEEC1A000D7D657F00AB8E0704
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\mailto\shell\open\command - ["%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1]
C:\Programmi\Internet Explorer\IEXPLORE.EXE InMem: 0 Det [G] MD5: E854D02E4231F704D9BE782A424E6D8B PX5: 55CD1F6B00EC74268A63091AA4D14C00941221C8
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ftp\shell\open\command - ["C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1]
C:\Programmi\Bytescout PPT To PDF Scout\PPTConv.exe InMem: 0 Det [u] MD5: AD50A8B51EF2D1B3E3D2467CEA6043B1 PX5: 6EB495ED009DA8C3684C19436235870094BF5CCD
C:\Programmi\Easy Video Splitter\splitter.exe InMem: 0 Det [GP] MD5: 12413878AFBFD6A0692D98659DBCC36A PX5: 0A399158008109D560FC0FAB2E734B00D41664EA
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe InMem: 0 Det [GP] MD5: C4CA7416A6DF6D95075F81D9E3B41AD1 PX5: 3DF7D3A40061C4A70C8E069553313F002B40F674
C:\Programmi\LimeWire\LimeWire.exe InMem: 0 Det [G] MD5: 365418B2FEFCA481C6CE388DA076EAC2 PX5: 4528FB82001377224056023A82CA7F000E0BD396
C:\Documents and Settings\patrizio\Desktop\OOo_2.2.1_Win32Intel_install_it.exe InMem: 0 Det [u] PX5: E75FB9CEB74926E351171B3C105979068A057FD6
C:\Documents and Settings\patrizio\Desktop\SkypeSetup.exe InMem: 0 Det [u] PX5: 95A7286B28B107EEB19558FFCE40BA01D46ACAB7
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe InMem: 0 Det [G] PX5: 6C700EEC508DBDDC87544EADE68961007E2DEC5A
C:\Documents and Settings\patrizio\Desktop\WindowsDesktopSearch-KB917013-V301-XP-x86-ita.exe InMem: 0 Det [G] PX5: 27AFFC9C78F22BA0A1EF493B33CB0F00D229FE82
C:\Programmi\Mozilla Firefox\firefox.exe InMem: 0 Det [G] PX5: 11B3B50B687017BAA5607423888619006B744D73
C:\Programmi\MSN Messenger\msnmsgr.exe InMem: 0 Det [G] PX5: 59E438AB70B0D00595F1567CB8966B00C9ABD6B9
C:\WINDOWS\system32\drivers\abp480n5.sys InMem: 0 Det [G] MD5: 6ABB91494FE6C59089B9336452AB2EA3 PX5: C1BD84230067F4EA5CEF003B6C801800F0A16602
C:\WINDOWS\system32\drivers\acpiec.sys InMem: 0 Det [G] MD5: 49AC5CD87FBDDA62F3E25190019E7627 PX5: F21BE3DC800E8A0A2F3C009238A73C008905B399
C:\WINDOWS\system32\drivers\adpu160m.sys InMem: 0 Det [G] MD5: 9A11864873DA202C996558B2106B0BBC PX5: A646098B00C8A7478EF4012AC693E40053E6B855
C:\WINDOWS\system32\drivers\aha154x.sys InMem: 0 Det [G] MD5: C23EA9B5F46C7F7910DB3EAB648FF013 PX5: B5CCD41400024B8C3232007262F16400589648E4
C:\WINDOWS\system32\drivers\aic78u2.sys InMem: 0 Det [G] MD5: 19DD0FB48B0C18892F70E2E7D61A1529 PX5: 841F37AC80EF3F36D7BD000A10720200E4552005
C:\WINDOWS\system32\drivers\aic78xx.sys InMem: 0 Det [G] MD5: B7FE594A7468AA0132DEB03FB8E34326 PX5: 645E88DA8053B973DE9500E552F9DF00FDCB4867
C:\WINDOWS\system32\drivers\aliide.sys InMem: 0 Det [G] MD5: 1140AB9938809700B46BB88E46D72A96 PX5: BC6DDD5E808533E01498005CD48AF0000F761377
C:\WINDOWS\system32\drivers\amdk6.sys InMem: 0 Det [G] MD5: 03BBCA770830A6FFC5A57B697D150F2F PX5: 4242D904806C60F8A08300740C09B400A99A704A
C:\WINDOWS\system32\drivers\amdk7.sys InMem: 0 Det [G] MD5: A4FF6CFCD83941B3628779CB32959C2B PX5: EABF85AE00CF7D2BA2F600B95331A000E92CF98B
C:\WINDOWS\system32\drivers\amsint.sys InMem: 0 Det [G] MD5: 79F5ADD8D24BD6893F2903A3E2F3FAD6 PX5: 983BFBAD005D94832FCE00E56154ED006EF2904F
C:\WINDOWS\system32\drivers\arp1394.sys InMem: 0 Det [G] MD5: F0D692B0BFFB46E30EB3CEA168BBC49F PX5: E79B803D809043E9ED9C00655C5EAE00E1E46E49
C:\WINDOWS\system32\drivers\asc.sys InMem: 0 Det [G] MD5: 62D318E9A0C8FC9B780008E724283707 PX5: 57B586F580FE82A86794006034353E00FFEDC97A
C:\WINDOWS\system32\drivers\asc3350p.sys InMem: 0 Det [G] MD5: 69EB0CC7714B32896CCBFD5EDCBEA447 PX5: AD3D9E1A803A53B9579300764BBA6D0023C757B9
C:\WINDOWS\system32\drivers\asc3550.sys InMem: 0 Det [G] MD5: 5D8DE112AA0254B907861E9E9C31D597 PX5: F329E1C6001CB2953AAF005BD8D557009377D482
C:\WINDOWS\system32\drivers\ati2erec.dll InMem: 0 Det [G] MD5: 4DB587BEDC4958A057CD918845AEB596 PX5: 6ACA4ED200BA5AF5C02B00AE8DEF5400EB9BA97A
C:\WINDOWS\system32\drivers\atmepvc.sys InMem: 0 Det [G] MD5: 39A0A59180F19946374275745B21AEBA PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B
C:\WINDOWS\system32\drivers\atmlane.sys InMem: 0 Det [G] MD5: 0128E78FE835F074E469F03DB681CA9E PX5: 823332B380717184DAFD00B035ED9500F95C0458
C:\WINDOWS\system32\drivers\atmuni.sys InMem: 0 Det [G] MD5: E7EF69B38D17BA01F914AE8F66216A38 PX5: 92E7BF650082565E607E05AD216E0900953642D5
C:\WINDOWS\system32\drivers\battc.sys InMem: 0 Det [G] MD5: EA22EDADF90C0ABA8319454B2A07B700 PX5: EB6F1BAC00003DE437C500D2CB8267002617D2AD
C:\WINDOWS\system32\drivers\beep.sys InMem: 0 Det [G] MD5: DA1F27D85E0D1525F6621372E7B685E9 PX5: F62FA4F780D77A5110B2005CD7507900637E04C1
C:\WINDOWS\system32\drivers\bridge.sys InMem: 0 Det [G] MD5: E4E6A0922E3D983728C9AD4E8D466954 PX5: 69CABDC3803104ED17D001BEA902E2004A7836B0
C:\WINDOWS\system32\drivers\cbidf2k.sys InMem: 0 Det [G] MD5: 90A673FC8E12A79AFBED2576F6A7AAF9 PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7
C:\WINDOWS\system32\drivers\cd20xrnt.sys InMem: 0 Det [G] MD5: F3EC03299634490E97BBCE94CD2954C7 PX5: 585C4579008238981E0B00FA57DBFC004069176C
C:\WINDOWS\system32\drivers\cdaudio.sys InMem: 0 Det [G] MD5: C1B486A7658353D33A10CC15211A873B PX5: 7D0D30B9001A5352491B006D9C79D000079079B1
C:\WINDOWS\system32\drivers\cdfs.sys InMem: 0 Det [G] MD5: CD7D5152DF32B47F4E36F710B35AAE02 PX5: 0225C13D004CC9CDF93000922132D000BA57D976
C:\WINDOWS\system32\drivers\cdrbsdrv.sys InMem: 0 Det [G] MD5: 248349293CA42EE5DB61DC1FD85A2F49 PX5: 8F7BC4CE00F0F78F7E0A00B5A17A5800A9514447
C:\WINDOWS\system32\drivers\changer.sys InMem: 0 Det [G] MD5: DAF1A8193B6CAF0FB858CADCC5C4AF4A PX5: FEBC5C5B00A5D832203A00C9150B3C0054623664
C:\WINDOWS\system32\drivers\cinemst2.sys InMem: 0 Det [G] MD5: 0CCCBD6EF94910804921BF04A2107EF8 PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424
C:\WINDOWS\system32\drivers\classpnp.sys InMem: 0 Det [G] MD5: D86173B401470F06D9810F7962969DDF PX5: 61280642007AE0BEC20400D8EC4D8200079FF3CE
C:\WINDOWS\system32\drivers\cmdide.sys InMem: 0 Det [G] MD5: 03A71B880380D15A0F951612B0F52BE8 PX5: 1090D35F00826C091A0300BA9B616000882568E7
C:\WINDOWS\system32\drivers\COH_Mon.sys InMem: 0 Det [G] MD5: 4ECDE31D8CF3C342BEF518AF954F513B PX5: 64E382AF605883645DC9000B73B5E8000B0EBD3D
C:\WINDOWS\system32\drivers\cpqarray.sys InMem: 0 Det [G] MD5: 3EE529119EED34CD212A215E8C40D4B6 PX5: 83BD9FEC80CF65303A83008B3639D70054F0FDB8
C:\WINDOWS\system32\drivers\cpqdap01.sys InMem: 0 Det [G] MD5: 9624293E55AD405415862B504CA95B73 PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3
C:\WINDOWS\system32\drivers\crusoe.sys InMem: 0 Det [G] MD5: F8C288D89AD71BF1AFF0F9E4DB5D3A10 PX5: E4FE1A7080AF31429EBC00A2612936006E0D7B97
C:\WINDOWS\system32\drivers\dac2w2k.sys InMem: 0 Det [G] MD5: E550E7418984B65A78299D248F0A7F36 PX5: 2988280A8061B19BBDB80278B0C05C0011F9526A
C:\WINDOWS\system32\drivers\dac960nt.sys InMem: 0 Det [G] MD5: 683789CAA3864EB46125AE86FF677D34 PX5: 4A76D57C80C85C4939AF009F3428130045C96C9B
C:\WINDOWS\system32\drivers\diskdump.sys InMem: 0 Det [G] MD5: D16C81677A9BE399C63CD2EA486472A5 PX5: 6D7A5F848072A37B37EB00C342763700264F9014
C:\WINDOWS\system32\drivers\dpti2o.sys InMem: 0 Det [G] MD5: 40F3B93B4E5B0126F2F5C0A7A5E22660 PX5: 1646100FE09545F24E5D003D74376C00785BB51E
C:\WINDOWS\system32\drivers\drmk.sys InMem: 0 Det [G] MD5: FF86422268DE771D571E123EB7092C6A PX5: 73B664558055CFD9EB9800CC44976A00031F37A9
C:\WINDOWS\system32\drivers\dxapi.sys InMem: 0 Det [G] MD5: FE97D0343ACFDEBDD578FC67CC91FA87 PX5: D0E069F50027643C29470029619BD400B7B7054A
C:\WINDOWS\system32\drivers\dxg.sys InMem: 0 Det [G] MD5: D3DAC8432110AAD0B02A58B4459AB835 PX5: 3F54B7A780F0ED98157C011AE18D4A00EE6485EB
C:\WINDOWS\system32\drivers\dxgthk.sys InMem: 0 Det [G] MD5: A73F5D6705B1D820C19B18782E176EFD PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14
C:\WINDOWS\system32\drivers\fastfat.sys InMem: 0 Det [G] MD5: 3117F595E9615E04F05A54FC15A03B20 PX5: 1E68B78D00BA4E2F30E102605EF38B00BED2E67D
C:\WINDOWS\system32\drivers\fips.sys InMem: 0 Det [G] MD5: 333FBBC71BDCBB46C58A3B51B3D51184 PX5: 1007D8C50089CEC889D600EFFDE6B800D02A5DA9
C:\WINDOWS\system32\drivers\fsvga.sys InMem: 0 Det [G] MD5: 25A7F5539209BE062D4BB3F9CD84BD16 PX5: 78ACD409008333CF30C90046F776F800BAB458CE
C:\WINDOWS\system32\drivers\fs_rec.sys InMem: 0 Det [G] MD5: 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A PX5: 2E3179C900CB71741FBA004F645EEB00865149D3
C:\WINDOWS\system32\drivers\hidclass.sys InMem: 0 Det [G] MD5: 378055AB8DDA86228683C697C4E11685 PX5: 800EAA28801FAC928DC800F3F0296600134890AF
C:\WINDOWS\system32\drivers\hidparse.sys InMem: 0 Det [G] MD5: 5FFF41CD5108E9051D255C37825AF697 PX5: 202AE5AF805FDB4161470039E900C0009EB401B0
C:\WINDOWS\system32\drivers\hpn.sys InMem: 0 Det [G] MD5: B028377DEA0546A5FCFBA928A8AEFAE0 PX5: E3E88DDE608451A865E100EA998B2E0037855B2B
C:\WINDOWS\system32\drivers\hpzid412.sys InMem: 0 Det [G] MD5: 2A8A2AA68185B47632188F1A8BE44170 PX5: 1D2698C110528AF6C72800EB4A5C4D008009C81B
C:\WINDOWS\system32\drivers\hpzipr12.sys InMem: 0 Det [G] MD5: 0A520679B0AD3F438E88B746D0C5BA6C PX5: 43E0A317D06FDCA43EDC00410B1AC500121F1DD6
C:\WINDOWS\system32\drivers\hpzius12.sys InMem: 0 Det [G] MD5: 1D53F2B2051A3FCE2C8EF0E01B042E25 PX5: 30C355FD70351FCB57620050235DE300DB35189F
C:\WINDOWS\system32\drivers\hpzs2k12.sys InMem: 0 Det [G] MD5: A0C3293471FF9591F61C08C6346620F2 PX5: F3805FFCB85C6BDEC48600C0D48C1300423C5AAA
C:\WINDOWS\system32\drivers\i2omgmt.sys InMem: 0 Det [G] MD5: 8F09F91B5C91363B77BCD15599570F2C PX5: 510CA09D0048E0B620E4008D21A9D3008D5A0DA2
C:\WINDOWS\system32\drivers\i2omp.sys InMem: 0 Det [G] MD5: ED6BF9E441FDEA13292A6D30A64A24C3 PX5: 53DD5A928056D71F48AC00DEF5424100686103FA
C:\WINDOWS\system32\drivers\imagedrv.sys InMem: 0 Det [G] MD5: 25EDD75E23C5EF6B33D0FBCCE125A601 PX5: 3C11D7B200AF52D217B100E01B523C0062C31D17
C:\WINDOWS\system32\drivers\imagesrv.sys InMem: 0 Det [G] MD5: 9C4BBACF4E9B9543C3CE23F1FE556941 PX5: 3AE6FD8C0077A269F23F01BAA2ECA40083866402
C:\WINDOWS\system32\drivers\ini910u.sys InMem: 0 Det [G] MD5: 4A40E045FAEE58631FD8D91AFC620719 PX5: C7702821802D11853E090094CBC4E400E259EFF7
C:\WINDOWS\system32\drivers\inport.sys InMem: 0 Det [G] MD5: C290ED1483C883F2B305F532B15328C9 PX5: E4210BC7001F01C0359F00D22ED78A00619C2001
C:\WINDOWS\system32\drivers\intelide.sys InMem: 0 Det [G] MD5: 7C15B34147134381421D7044479A1D73 PX5: 13577194803FCB8815F90068ABEFAF00861C758E
C:\WINDOWS\system32\drivers\ks.sys InMem: 0 Det [G] MD5: B9540E258F952650DE8DEC68719A5C97 PX5: 78D9F49380D52F3B2603022FFE8CE100B4CA1585
C:\WINDOWS\system32\drivers\ksecdd.sys InMem: 0 Det [G] MD5: EB7FFE87FD367EA8FCA0506F74A87FBB PX5: 774C935980F76922670D01959D71E6009D9267E6
C:\WINDOWS\system32\drivers\lbrtfdc.sys InMem: 0 Det [G] MD5: CC50A66548C2F285BC8A7B0B8AA578E3 PX5: D3D99067805CCB65878500557D5D27003CEC0276
C:\WINDOWS\system32\drivers\mcd.sys InMem: 0 Det [G] MD5: D1F8BE91ED4DDB671D42E473E3FE71AB PX5: 874B185900D5916B1EF900C2FE181D00136FAB22
C:\WINDOWS\system32\drivers\mf.sys InMem: 0 Det [G] MD5: 729D83E56C29C510258A6E9E79FFDDC3 PX5: F49C56310087ADB9F998009652109C00BB35FCB1
C:\WINDOWS\system32\drivers\mnmdd.sys InMem: 0 Det [G] MD5: 4AE068242760A1FB6E1A44BF4E16AFA6 PX5: 33A41DEC8064684210700001C4EA1400320E2D4F
C:\WINDOWS\system32\drivers\modem.sys InMem: 0 Det [G] MD5: B30D2DB351E3191BD71232036CFE711A PX5: F22F2ACE0067686F7617004AA04CD400DCD5102E
C:\WINDOWS\system32\drivers\mountmgr.sys InMem: 0 Det [G] MD5: 65653F3B4477F3C63E68A9659F85EE2E PX5: 7309084F00AE944FA5B9001585E15200FF872CDC
C:\WINDOWS\system32\drivers\mqac.sys InMem: 0 Det [G] MD5: 157A32DDC6A019A4E31B19D604D2F127 PX5: A4B93ADE00A3CC201DAC01B48E57ED00D6108E71
C:\WINDOWS\system32\drivers\mraid35x.sys InMem: 0 Det [G] MD5: 3F4BB95E5A44F3BE34824E8E7CAF0737 PX5: C698A15680F72A6A43410027AE857800E03AD3D3
C:\WINDOWS\system32\drivers\msfs.sys InMem: 0 Det [G] MD5: 561B3A4333CA2DBDBA28B5B956822519 PX5: 075BA4B3803111464A9700E6E20263008B5F85A4
C:\WINDOWS\system32\drivers\mup.sys InMem: 0 Det [G] MD5: 82035E0F41C2DD05AE41D27FE6CF7DE1 PX5: 488AE40380446D0EA57D014A890CCF00C681450A
C:\WINDOWS\system32\drivers\ndis.sys InMem: 0 Det [G] MD5: 558635D3AF1C7546D26067D5D9B6959E PX5: D3D6286080F2E0F0CA7A02249DEC7F001D734284
C:\WINDOWS\system32\drivers\ndproxy.sys InMem: 0 Det [G] MD5: 59FC3FB44D2669BC144FD87826BB571F PX5: FB8873A080F72F00942D005DFF5068001A60ED1C
C:\WINDOWS\system32\drivers\nic1394.sys InMem: 0 Det [G] MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC PX5: 720917AF800A6EE8F12400F5E9C6E000F750E215
C:\WINDOWS\system32\drivers\nikedrv.sys InMem: 0 Det [G] MD5: BE984D604D91C217355CDD3737AAD25D PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9
C:\WINDOWS\system32\drivers\npfs.sys InMem: 0 Det [G] MD5: 4F601BCB8F64EA3AC0994F98FED03F8E PX5: 20DA5FD280719B5A789A008E44C90300CCA72CD2
C:\WINDOWS\system32\drivers\ntfs.sys InMem: 0 Det [G] MD5: 19A811EF5F1ED5C926A028CE107FF1AF PX5: F6D2D4BD008F0B21C44F08EC65529C002F16FA15
C:\WINDOWS\system32\drivers\null.sys InMem: 0 Det [G] MD5: 73C1E1F395918BC2C6DD67AF7591A3AD PX5: 7047032880E19D2B0B4300F23A496700B79BCD14
C:\WINDOWS\system32\drivers\nwlnkipx.sys InMem: 0 Det [G] MD5: 79EA3FCDA7067977625B3363A2657C80 PX5: B455E8AE80D2C31959AC01662F7EE7009B9C1B54
C:\WINDOWS\system32\drivers\nwlnknb.sys InMem: 0 Det [G] MD5: 56D34A67C05E94E16377C60609741FF8 PX5: 04BB889700AAB944F73D0096D8122400A0912260
C:\WINDOWS\system32\drivers\nwlnkspx.sys InMem: 0 Det [G] MD5: C0BB7D1615E1ACBDC99757F6CEAF8CF0 PX5: 38D410228045AB3DDA820098A4E752008EA9780C
C:\WINDOWS\system32\drivers\nwrdr.sys InMem: 0 Det [G] MD5: 3F18D9365BE71C7B2E43B7CF4A0C1A10 PX5: 83E10CED0073D0907FCD02CE4498B500A105309E
C:\WINDOWS\system32\drivers\OLD379.tmp InMem: 0 Det [G] MD5: AF4B8CC5EA40C57208796920068DDCD5 PX5: 778DC592806E81285E38002E29B35300FFD25030
C:\WINDOWS\system32\drivers\oprghdlr.sys InMem: 0 Det [G] MD5: 4BB30DDC53EBC76895E38694580CDFE9 PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14
C:\WINDOWS\system32\drivers\p3.sys InMem: 0 Det [G] MD5: ACF18D9F903B29790B8F8E01535F37D4 PX5: BC6A682380C862C2B56A0022A0FE9B00ED93F9A1
C:\WINDOWS\system32\drivers\partmgr.sys InMem: 0 Det [G] MD5: 3334430C29DC338092F79C38EF7B4CD0 PX5: CD5C0D6C00BC0D35496D00DCA66DE800E5B26EF9
C:\WINDOWS\system32\drivers\parvdm.sys InMem: 0 Det [G] MD5: 0DABEF655A444CB1E193626FB1D24B9F PX5: D78233F200E873FD1B40001BF0D2FD00501E1542
C:\WINDOWS\system32\drivers\pciide.sys InMem: 0 Det [G] MD5: B2DF00D650FD6C4EE781740ED3C8E67F PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14
C:\WINDOWS\system32\drivers\pciidex.sys InMem: 0 Det [G] MD5: 520B91AB011456B940D9B05FC91108FF PX5: DD4713DB00668128625F00A6F0879B00FA781103
C:\WINDOWS\system32\drivers\pcmcia.sys InMem: 0 Det [G] MD5: 28F3538A2091993A03506311A05053E8 PX5: 1E5E2DAE80A234A7D5E1011E8065A7000BABC19F
C:\WINDOWS\system32\drivers\perc2.sys InMem: 0 Det [G] MD5: 6C14B9C19BA84F73D3A86DBA11133101 PX5: A43AD585A01480D56AE700F494050400D8326688
C:\WINDOWS\system32\drivers\perc2hib.sys InMem: 0 Det [G] MD5: F50F7C27F131AFE7BEBA13E14A3B9416 PX5: 280C41CF809F7F2E153800F3159B7600EC8E5F7E
C:\WINDOWS\system32\drivers\portcls.sys InMem: 0 Det [G] MD5: 5B0F00E43A7094C0B7E433CB42C79164 PX5: AD607B188079CDEF39B802DAB6A7B200F599BD35
C:\WINDOWS\system32\drivers\processr.sys InMem: 0 Det [G] MD5: 2BE7F01E46970E946AA18CBA3DE019EB PX5: AF0FBDFA005416189A000040A9FF7600B2B78287
C:\WINDOWS\system32\drivers\ql1080.sys InMem: 0 Det [G] MD5: 0A63FB54039EB5662433CABA3B26DBA7 PX5: A82C642380AE2BE59DA700943B27FD00DC447A6B
C:\WINDOWS\system32\drivers\ql10wnt.sys InMem: 0 Det [G] MD5: 6503449E1D43A0FF0201AD5CB1B8C706 PX5: 7595631F80DF50C381F200FF279FAF00F5EF7B24
C:\WINDOWS\system32\drivers\ql12160.sys InMem: 0 Det [G] MD5: 156ED0EF20C15114CA097A34A30D8A01 PX5: 36C6F79E008C7970B15D0042B56E550063C1516E
C:\WINDOWS\system32\drivers\ql1240.sys InMem: 0 Det [G] MD5: 70F016BEBDE6D29E864C1230A07CC5E6 PX5: F2BAC8600017931F9E4B00F553CCA000C43C7732
C:\WINDOWS\system32\drivers\ql1280.sys InMem: 0 Det [G] MD5: 907F0AEEA6BC451011611E732BD31FCF PX5: 0A6F8C92806C6174BFD3001253C5130062859538
C:\WINDOWS\system32\drivers\rawwan.sys InMem: 0 Det [G] MD5: 01524CD237223B18ADBB48F70083F101 PX5: 3623B25780ED679386B1006F511AA700A8DBED63
C:\WINDOWS\system32\drivers\rdpwd.sys InMem: 0 Det [G] MD5: B54CD38A9EBFBF2B3561426E3FE26F62 PX5: F059F0E3086A11EC2111023C258C8900CFC29C24
C:\WINDOWS\system32\drivers\rio8drv.sys InMem: 0 Det [G] MD5: A56FE08EC7473E8580A390BB1081CDD7 PX5: 689BF8B80051228F2F8000540597A5009049C8B5
C:\WINDOWS\system32\drivers\riodrv.sys InMem: 0 Det [G] MD5: 0A854DF84C77A0BE205BFEAB2AE4F0EC PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7
C:\WINDOWS\system32\drivers\rmcast.sys InMem: 0 Det [G] MD5: 9D54C7C15847B933E03D6E7C9307BAE5 PX5: 51F889B700FC9166166A03256E7AAC00D3C16FD6
C:\WINDOWS\system32\drivers\rndismp.sys InMem: 0 Det [G] MD5: 7CE8B277F3207EA82D7D22AD348BEFC6 PX5: F5E4CD0480C828137517005714D7F1002CA246EF
C:\WINDOWS\system32\drivers\rootmdm.sys InMem: 0 Det [G] MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7 PX5: F3E7979300A8EEA3177100743639FF0080591A18
C:\WINDOWS\system32\drivers\scsiport.sys InMem: 0 Det [G] MD5: D7FD0FF761E28AC0EA35AD71E0CD67E9 PX5: BAEDAB6C00163F8D78C6012DFF6A240038CAB5E8
C:\WINDOWS\system32\drivers\sdbus.sys InMem: 0 Det [G] MD5: 02FC71B020EC8700EE8A46C58BC6F276 PX5: BA494C87000D7A4F08B4013D43118E00EBAF0531
C:\WINDOWS\system32\drivers\sffdisk.sys InMem: 0 Det [G] MD5: 1D9F1BEC651815741F088A8FB88E17EE PX5: AF380F15808E7A972B3D001ABF251400652E930D
C:\WINDOWS\system32\drivers\sffp_sd.sys InMem: 0 Det [G] MD5: 586499FD312FFD7F78553F408E71682E PX5: 35A841FC0030CAF028AD002AAB39F600184DF1C4
C:\WINDOWS\system32\drivers\SjyPkt.sys InMem: 0 Det [G] MD5: 3D7EF286E806F9BD9339AA52E28DCD67 PX5: A6D07FDEDC13E7BD347F009E014E7A001E983F34
C:\WINDOWS\system32\drivers\smclib.sys InMem: 0 Det [G] MD5: 017DAECF0ED3AA731313433601EC40FA PX5: 8A9722BD003AC63939580092009AC20088FC78D8
C:\WINDOWS\system32\drivers\sonydcam.sys InMem: 0 Det [G] MD5: ADDC9E4757A68AB60562AD3CB9C288D6 PX5: 0B9EAE4180F27A6F636900C11EF4E3002F2E7423
C:\WINDOWS\system32\drivers\sonyhcb.sys InMem: 0 Det [G] MD5: E78CD3BB53A208DFAB8FC826384307E0 PX5: 2E6F0D72D1DC93541760002FACB14F006C66A65C
C:\WINDOWS\system32\drivers\sonyhcc.sys InMem: 0 Det [G] MD5: 55E48017295F26BA266F935DA49C59A4 PX5: 5FF891EB5348169A97250046D9286C000105A5A7
C:\WINDOWS\system32\drivers\sonyhcs.sys InMem: 0 Det [G] MD5: 610F515FCD95D37F3252E1C250EF8C61 PX5: 07E43CE3937E99BF93D70494015CA400BFE72BD2
C:\WINDOWS\system32\drivers\sparrow.sys InMem: 0 Det [G] MD5: 83C0F71F86D3BDAF915685F3D568B20E PX5: 34EF085980E9566F4AC800ACA767DA00AD03B518
C:\WINDOWS\system32\drivers\stream.sys InMem: 0 Det [G] MD5: C43356072EB3E88CD62958DB10CEAD47 PX5: E9758E5F00F11219BE3300252F112F00F38A6C5B
C:\WINDOWS\system32\drivers\symc810.sys InMem: 0 Det [G] MD5: 1FF3217614018630D0A6758630FC698C PX5: 726B03B580033B4F3FF70050993647004EA53D5F
C:\WINDOWS\system32\drivers\symc8xx.sys InMem: 0 Det [G] MD5: 070E001D95CF725186EF8B20335F933C PX5: A176C643801C41297FB00031AC7E6200A76AF5F8
C:\WINDOWS\system32\drivers\symndisv.sys InMem: 0 Det [G] MD5: D193684004658FE4F3F143CA6DD9EF8B PX5: 356E67A7384B84C095B200367BEF9A00F3C5C100
C:\WINDOWS\system32\drivers\sym_hi.sys InMem: 0 Det [G] MD5: 80AC1C4ABBE2DF3B738BF15517A51F2C PX5: 71BB2597E0A078A96ED200558FFED400800CEC2F
C:\WINDOWS\system32\drivers\sym_u3.sys InMem: 0 Det [G] MD5: BF4FAB949A382A8E105F46EBB4937058 PX5: F7063075E0AC6E5A777A00060D477100337B9826
C:\WINDOWS\system32\drivers\tape.sys InMem: 0 Det [G] MD5: A2A9CA0D1A9AC1FF54220AA0789FE5CF PX5: 1278B1EF80B32A683A3F0096934CD200746C2998
C:\WINDOWS\system32\drivers\tcpip6.sys InMem: 0 Det [G] MD5: DCCACDD2747ADA221AECE5C9ADA5D551 PX5: 5D79645C800A9DEE710003BFD457ED00F0D2E94E
C:\WINDOWS\system32\drivers\tdi.sys InMem: 0 Det [G] MD5: 6891B74AB9A016064E82A419388D0601 PX5: D2E197368059988748C500010EF1F2006AC8B3D9
C:\WINDOWS\system32\drivers\tdpipe.sys InMem: 0 Det [G] MD5: 38D437CF2D98965F239B0ABCD66DCB0F PX5: 3FCBC6C1086354332FFD003DE3512D00CB438F2A
C:\WINDOWS\system32\drivers\tdtcp.sys InMem: 0 Det [G] MD5: ED0580AF02502D00AD8C4C066B156BE9 PX5: 8942980688A6EF76558200032BC6D800A375DA91
C:\WINDOWS\system32\drivers\tosdvd.sys InMem: 0 Det [G] MD5: 699450901C5CCFD82357CBC531CEDD23 PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE
C:\WINDOWS\system32\drivers\toside.sys InMem: 0 Det [G] MD5: B5CEE774DA04340C6F4C0FD14286A50E PX5: 660069178081BD481391002BE0F151008E41C9CB
C:\WINDOWS\system32\drivers\tsbvcap.sys InMem: 0 Det [G] MD5: D74A8EC75305F1D3CFDE7C7FC1BD62A9 PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD
C:\WINDOWS\system32\drivers\tunmp.sys InMem: 0 Det [G] MD5: 87A0E9E18C10A9E454238E3330E2A26D PX5: CBD0AEE38035D6A5300B00CF5C419100CB427E52
C:\WINDOWS\system32\drivers\U81xcm.sys InMem: 0 Det [G] MD5: 5737E3B371DB33A0C619DDF19D0221B3 PX5: AD2FA2DA001025DD1836006ADB99A500D042C8D0
C:\WINDOWS\system32\drivers\U81xcmnt.sys InMem: 0 Det [G] MD5: 5737E3B371DB33A0C619DDF19D0221B3 PX5: AD2FA2DA001025DD1836006ADB99A500D042C8D0
C:\WINDOWS\system32\drivers\U81xwh.sys InMem: 0 Det [G] MD5: 4A4AA9301E284599ABF4AA0557E82F1C PX5: CF312F517000A54716BB00C81A68A00073D4FF63
C:\WINDOWS\system32\drivers\U81xwhnt.sys InMem: 0 Det [G] MD5: 4A4AA9301E284599ABF4AA0557E82F1C PX5: CF312F517000A54716BB00C81A68A00073D4FF63
C:\WINDOWS\system32\drivers\udfs.sys InMem: 0 Det [G] MD5: 12F70256F140CD7D52C58C7048FDE657 PX5: 5FD2643980FF4C93024701049FF5A900913F1B6B
C:\WINDOWS\system32\drivers\ultra.sys InMem: 0 Det [G] MD5: 1B698A51CD528D8DA4FFAED66DFC51B9 PX5: 41CE68A780B045778F98006DDDA3600052A1B522
C:\WINDOWS\system32\drivers\usb8023.sys InMem: 0 Det [G] MD5: AF090265EC388BAB320F1FF7E7A7D5EA PX5: 6C38C2AE8005B13A31EC001CD2E193004FD5788A
C:\WINDOWS\system32\drivers\usbcamd.sys InMem: 0 Det [G] MD5: 2654EECC6FB13603EBDDCD5C8EA943D1 PX5: D11C923000C0476E5DDA002FC1E34E00BC32EEBC
C:\WINDOWS\system32\drivers\usbcamd2.sys InMem: 0 Det [G] MD5: 61018BA9DF6B63E51D9753C980E73EC2 PX5: D11C923080C0476E5DDA002FC1E34E002B3DC035
C:\WINDOWS\system32\drivers\usbd.sys InMem: 0 Det [G] MD5: 596EB39B50D6EBD9B734DC4AE0544693 PX5: F328D8568037A02F12FA00A0B0E095005A1BACA9
C:\WINDOWS\system32\drivers\usbintel.sys InMem: 0 Det [G] MD5: 2853FD4C4489E0F8BFCF78EFCDB7E998 PX5: 46A2709480A8B9863E99007B5ED70B000E5AFC3D
C:\WINDOWS\system32\drivers\usbport.sys InMem: 0 Det [G] MD5: 2034CA78F9C6E787B4B76D81AC888351 PX5: A1EF174180FC34972E3902AA15903200854523B2
C:\WINDOWS\system32\drivers\usbser.sys InMem: 0 Det [G] MD5: 49106EE29074E6A3D3AC9E24C6D791D8 PX5: FAA01DEA00C3822D64C200E9D9D51700173A783C
C:\WINDOWS\system32\drivers\V0220STB.SYS InMem: 0 Det [G] MD5: E3072321BEA438D2B8D23610EC91D70A PX5: 79193934164DA7E90CA5006004F77000B79BCD14
C:\WINDOWS\system32\drivers\vdmindvd.sys InMem: 0 Det [G] MD5: 55E01061C74A8CEFFF58DC36114A8D3F PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF
C:\WINDOWS\system32\drivers\videoprt.sys InMem: 0 Det [G] MD5: D5A9D123F5ED7C9965A481BD20CF66D8 PX5: BBE87C52808D55E2379801ACFA738900C0632DEC
C:\WINDOWS\system32\drivers\volsnap.sys InMem: 0 Det [G] MD5: 698869E82C57169F2140C04A272BF12B PX5: AC3AFD0E80294768D03200EE1153E40098EF3DD1
C:\WINDOWS\system32\drivers\wdfldr.sys InMem: 0 Det [G] MD5: DED98A3E466251CCAB93D579144B048C PX5: 3BAF46DFE0FEFF7D7D93004FA882B400CC532E98
C:\WINDOWS\system32\drivers\wmilib.sys InMem: 0 Det [G] MD5: 2F31B7F954BED437F2C75026C65CAF7B PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3
C:\kmd.exe InMem: 0 Det [G] MD5: 94744851B6A9BDCEFCD26CC61A6AFD12 PX5: 174F65020044C14C121406F23AA7F300C65DE81F
C:\WINDOWS\Nircmd.exe InMem: 0 Det [G] MD5: C1C4F864EDF67DFDA95B9819263E2939 PX5: 0B3C1B20004F5906C8C90059DB861D009E07DDDA
C:\WINDOWS\unins000.exe InMem: 0 Det [G] MD5: FA216964C56ACEB2ECAFCE0815494DBC PX5: F61B8FB359550E748D5B0A1B8473C000AFC77B0B
C:\WINDOWS\system32\advpack.dll.mui InMem: 0 Det [G] MD5: 9CE8525C1766082857D3ACB9F01573B2 PX5: 5A12196A005E7A2E30A3009A60D51200ACCB3580
C:\WINDOWS\system32\dpcdll.dll.wga InMem: 0 Det [G] MD5: D9DA0FCAC056CEAC157D5DD77FA0456E PX5: CB6C3F7B00306CB57C5001C0E2BEEC00B6DFFE21
C:\WINDOWS\system32\fdsv.exe InMem: 0 Det [UP] MD5: F464045F5AD11DD2708E620A8404DA7B PX5: A1258BC200FDB42420A2013DB96DD40004A98489
C:\WINDOWS\system32\grep.exe InMem: 0 Det [G] MD5: 9E05A9C264C8A908A8E79450FCBFF047 PX5: 3135F7601CE57F623A270192F3A51400FAF55654
C:\WINDOWS\system32\ieframe.dll.mui InMem: 0 Det [G] MD5: 5198FFAE588EAA2E66519325A821136A PX5: 7CFF633600E0BA21C0580FB2DDEACF0049B43F2E
C:\WINDOWS\system32\MRT.exe InMem: 0 Det [G] PX5: 081B95C7783BFC0234EC0DCF1B97100199E13E71
C:\WINDOWS\system32\MSPCLOCK.sys InMem: 0 Det [G] MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 PX5: 3656535900693AA115D1001337247B009D5BCE4B
C:\WINDOWS\system32\mssph.dll.mui InMem: 0 Det [G] MD5: 8F6FF1081B04E7C2B49B658AE4E0F315 PX5: CB398E9E0085198012DD00F33396EB00086E272E
C:\WINDOWS\system32\mssphtb.dll.mui InMem: 0 Det [G] MD5: 0D7E038E10CAB7AC0DCC543CA6231543 PX5: 5387806D00FA771F0A2D005F0CA59200B79BCD14
C:\WINDOWS\system32\mssrch.dll.mui InMem: 0 Det [G] MD5: 1F748BF3EBDDC11210A712BD931E58E5 PX5: F80467D30031E2E10C24004827F1DD00B79BCD14
C:\WINDOWS\system32\mucltui.dll.mui InMem: 0 Det [G] MD5: 0B4F08D15CAF75A5C75120B1FDE1E1AA PX5: A5CEE5C07828FA91754700AE8244D0004ACFFC69
C:\WINDOWS\system32\pidgen.dll.wga InMem: 0 Det [G] MD5: 1503A79DC852746AF74AE4BFD43CBADC PX5: A75E813C00019FDB5E47009251D0BF008DC7682C
C:\WINDOWS\system32\propsys.dll.mui InMem: 0 Det [G] MD5: EF22285FBD40F1B9E01D42F9EC684E1D PX5: 0D2C9519003E917BE0DB004568B68700A76110CC
C:\WINDOWS\system32\searchindexer.exe.mui InMem: 0 Det [G] MD5: 4FACFB61F6F020DEDCF1227C84F87855 PX5: 891028A100597D93149600FCCFEB87006F5DA82A
C:\WINDOWS\system32\sed.exe InMem: 0 Det [G] MD5: 2B657A67AEBB84AEA5632C53E61E23BF PX5: 32B63D37005C3986820E013B062ED9007A77AC9C
C:\WINDOWS\system32\srchadmin.dll.mui InMem: 0 Det [G] MD5: 6ED604980CB0C62A9FA447CDA45E88D3 PX5: 9B82D4C4004AD155607D00A0A7F60500F4CAAE61
C:\WINDOWS\system32\swreg.exe InMem: 0 Det [BP] MD5: 01D95A1F8CF13D07CC564AABB36BCC0B PX5: F583C28B008EFEE4785C023A5217460062E7F95F Malware Group: Generic.Malware
C:\WINDOWS\system32\swsc.exe InMem: 0 Det [GP] MD5: B7517DB073B28F5696A1E5528ABEB5D0 PX5: 9AD6007400EF58FB16FD02C93D5A11007C587A2D
C:\WINDOWS\system32\swxcacls.exe InMem: 0 Det [G] MD5: B1A9CF0B6F80611D31987C247EC630B4 PX5: A88EC77C004D09AD3EAD03886C024100562C6F9B
C:\WINDOWS\system32\tquery.dll.mui InMem: 0 Det [G] MD5: 903A8F168DC6B5FECE9C48E48EC2FDC4 PX5: 842772F800CE4B46F06903B2E86B0200506ABD39
C:\WINDOWS\system32\VFind.exe InMem: 0 Det [G] MD5: AB44CCD0FA8E55EF88DB941EEF95560A PX5: 68A93FE80065CBB0C08A00C62063DC00FC32EEE3
C:\WINDOWS\system32\VundoFixSVC.exe InMem: 0 Det [G] MD5: 09F56AC1B2A7550F967DECCAB2612680 PX5: BDA7D47C00489FBE604A0072DF8FEA0096775C78
C:\WINDOWS\system32\watchdog.sys InMem: 0 Det [G] MD5: C9BF2F12C4E6C12F8A85FBA4B6BC6208 PX5: A5490EC7005C2AF84570001E79455E0011553B7B
C:\WINDOWS\system32\win32k.sys InMem: 0 Det [G] MD5: 6AFDE6C2294DB179A558377F9EB5A0F7 PX5: AF40E9838058D78E21CB1CA553259300AEAD9216
C:\WINDOWS\system32\wuapi.dll.mui InMem: 0 Det [G] MD5: B7B1EBD53C9E861DB7A8AB7D13D8E1D8 PX5: 92E0CC095853C0C1753300650DDDAD00C0399BC2
C:\WINDOWS\system32\wuaucpl.cpl.mui InMem: 0 Det [G] MD5: 5271DCC72118B26619D1F8F4B3372A06 PX5: FD92C06C58084CD4759C00E6600FAC0065A26BA6
C:\WINDOWS\system32\wuaueng.dll.mui InMem: 0 Det [G] MD5: A9875E8F8A1852E0E325A02CE421ED36 PX5: 8F87ECF5583D62C253DE00AB7F3D51002C1F4DC0
C:\WINDOWS\system32\wucltui.dll.mui InMem: 0 Det [G] MD5: 7A5740C5A55447E88A760322334244D5 PX5: 70241DA158CC4AF1959400D2361A37006066AE07
C:\WINDOWS\system32\zip.exe InMem: 0 Det [G] MD5: 5E832F4FAF5F481F2EAF3B3A48F603B8 PX5: 6A67689000B47A4A0A0D017314D3030032CE2915
End of PrevxCSI Log - http://www.prevx.com
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 20:41.
