|
|||||||
|
|
|
 |
|
|
Strumenti |
01-05-2008, 11:59
|
#1 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
Infetto dopo la formattazione
Ciao a tutti, ecco il mio problema:
pochi giorni fa ho formattato il comp perchè stava funzionando male e mi sono deciso a fare un po' di pulizia, dopo aver installato dinuovo winxp sp2 e appena collegato a internet ho scaricato l'antivirus avast! dopo la sua installazione mi ha subito trovato vari trojan, la cosa mi sembrava molto strana ma non mi sono preoccupato più di tanto visto che sono riuscito a eliminarli. Péoi ho incominciato a scaricare alcuni programmi, tipo open office, ma non me li faceva installare, mi diceve che c'erano errori riguradanti il file scaricato, ho provato anche con altri programmi e mi dava gli stessi errori, dopo di che mi si apre una finestra di explorer (io uso firefox) con un mess di errore che mi diceva di essere infetto e di scaricare un programma che potesse eliminare i miei vari virus che avevo sul comp a causa della mia navigazione in siti porno...insomma... volevano fregarmi. sono andato sulla vostra guida alla disinfezione e ho seguito tutti i passaggi, cosi vi allego i log file, magari potete aiutarmi: p.s: Non sono riuscito a salvare i log di A-Squared Free v3.x e di Prevx CSI ma ho rilevato degli infetti anche con quelli 
Ultima modifica di dider0t : 01-05-2008 alle 21:00. |
|
|
|
01-05-2008, 12:29
|
#2 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
per a-squared a fine scansione e dopo aver mosso gli oggetti segnalati in quarantena hai il pulsante "salva log", mentre per prevxcsi basta che usi la versione 1.6
 non vogliamo cose zippate leggere le Regole di Sezione per avere visione di altri sistemi per la pubblicazione dei log.
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
01-05-2008, 21:09
|
#3 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
avevo letto le regole ma pensavo che i file zip erano comunque considerati attendibili...vabbè....chiedo scusa.
Ho sostituito i file.zip con i log file di ADSR e a-squared, qui invece allego i log file di hijackthis e GMER e incollo quelli che hnno dimensione maggiore, ovvero i log di activescan e prevx: activescan: Codice:
;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-05-01 11:37:46 PROTECTIONS: 1 MALWARE: 10 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== avast! antivirus 4.8.1169 [VPS 080501-0] 4.8.1169 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tania\Dati applicazioni\Mozilla\Firefox\Profiles\8kq7cebp.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tania\Dati applicazioni\Mozilla\Firefox\Profiles\8kq7cebp.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tania\Cookies\tania@atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.tradedoubler.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.mediaplex.com/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.toplist.cz/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Cookies\pae@toplist[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[ad.yieldmanager.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Dati applicazioni\Mozilla\Firefox\Profiles\51bwrvrh.default\cookies.txt[.overture.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Pae\Cookies\pae@advancedcleaner[1].txt 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Tania\Cookies\tania@advancedcleaner[2].txt 02932269 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Pae\Impostazioni locali\Temporary Internet Files\Content.IE5\0XURO56V\za_080414_update_11[1].gif 02936046 Adware/Adsmart Adware No 0 Yes No C:\WINDOWS\SYSTEM32\DOSXI.EXE ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 184380 MEDIUM MS08-002 184379 MEDIUM MS08-001 182048 HIGH MS07-069 182046 HIGH MS07-067 182043 HIGH MS07-064 179553 HIGH MS07-061 176382 HIGH MS07-057 176383 HIGH MS07-058 170911 HIGH MS07-050 170907 HIGH MS07-046 170906 HIGH MS07-045 170904 HIGH MS07-043 164915 HIGH MS07-035 164913 HIGH MS07-033 164911 HIGH MS07-031 160623 HIGH MS07-027 157262 HIGH MS07-022 157261 HIGH MS07-021 157260 HIGH MS07-020 157259 HIGH MS07-019 156477 HIGH MS07-017 150253 HIGH MS07-016 150249 HIGH MS07-013 150248 HIGH MS07-012 150247 HIGH MS07-011 150243 HIGH MS07-008 150242 HIGH MS07-007 150241 MEDIUM MS07-006 141034 HIGH MS06-076 141033 MEDIUM MS06-075 141030 HIGH MS06-072 137571 HIGH MS06-070 137568 HIGH MS06-067 133387 MEDIUM MS06-065 133386 MEDIUM MS06-064 133385 MEDIUM MS06-063 133379 HIGH MS06-057 131654 HIGH MS06-055 129977 MEDIUM MS06-053 129976 MEDIUM MS06-052 126093 HIGH MS06-051 126092 MEDIUM MS06-050 126087 HIGH MS06-046 126086 MEDIUM MS06-045 126083 HIGH MS06-042 126082 HIGH MS06-041 126081 HIGH MS06-040 123421 HIGH MS06-036 123420 HIGH MS06-035 120825 MEDIUM MS06-032 120823 MEDIUM MS06-030 120818 HIGH MS06-025 120815 HIGH MS06-022 120814 HIGH MS06-021 117384 MEDIUM MS06-018 114666 HIGH MS06-015 114664 HIGH MS06-013 108744 MEDIUM MS06-008 108743 MEDIUM MS06-007 108742 MEDIUM MS06-006 104567 HIGH MS06-002 104237 HIGH MS06-001 96574 HIGH MS05-053 93395 HIGH MS05-051 93394 HIGH MS05-050 93454 MEDIUM MS05-049 ;=================================================================================================================================================================================== Prevx: Codice:
Prevx CSI Log - Version v1.6.104.122
Some non-malicious files are not included in this log.
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] MD5: 036FC522AC5784EBF03C1F85E93415E7 PX5: EAEF384300B86E2BC60900AD18ED0300B6B454BF
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] MD5: 75A0AECC55A3F0B9E2D54119FA4AAB6D PX5: 98EF83350066C70122B20B444BEBEA00D217A1B2
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] MD5: 2B511A5438308A1AC8D48482279810E6 PX5: 457E08CD00DE83E3183600665DD0AE001F0FA82A
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] MD5: 4BA2DBAC6357B3B9D89C53823AFE15C5 PX5: 672F934100D50DA280D100335AB03A0006C3D206
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] MD5: 7B37B598B55BF80415C15BFFE7A992A2 PX5: CDE7154D0060E2E4CE1D00F8B4D58500AEAC4112
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] MD5: 09A89DEE6E15E360B52E556E2A46D97C PX5: 8732376800C35F4172D80484B9A63B00A104B3EF
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] MD5: 08447BDFCE5D1B1956F962602381F5C1 PX5: 0F3EF70A0068B54FD2AC08079BAEE60002A2BAD2
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] MD5: FEB3CC200749FF119BB8B08224A1A594 PX5: D52CD51B0060B5DEAEDC0F6CFC78C3000275A5DD
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] MD5: 2262FE3B392BD2D4D6E59F6024DCE576 PX5: 1F9CE28700B6BB683E2104A31AD9960012802DE9
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] MD5: 2326B65E910186B39D4C58376C97622C PX5: 8DD4793200312BB2E8C40A6B35703B00EAC2F4EA
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] MD5: 09BB0A2C325F7085E24FAE6134DE2D16 PX5: DA31EA390036C3916C5C0A395DA4E3007CA4EABA
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] MD5: E40A1024EF253382BD296A59625BD5F5 PX5: 779FC6C5008166E0DEAA08874C150000A68771E2
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] MD5: 4166454E2BCFCC20D1B8A5AC9FEAB243 PX5: D0D54E6C00E89575B4CC07CFE43BE400C1F31A26
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] MD5: C0F8A404DF967CACB7489C7D56F30674 PX5: E9DDEB920002ADAADEA00048047B1D002E56DB1B
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] MD5: 9E6CB81BE111B9935F6A97C367CABD4E PX5: EAD3CF360087D2AD3C120509FE506F008FB88290
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] MD5: 5588D8AFD51D060F82315C50D7590323 PX5: DD3ED9060033BBFB2E83098709F8D4001E524429
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] MD5: 0A75AC7D90BD8E6BC942DBA004579D5B PX5: 09F301D4001F77D2E0150027945354004927323C
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] MD5: 11BE44F0C0978927AED7D69B75C24937 PX5: 8E19EB1100E774A0488300C192BED30080B1D3E4
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] MD5: 0328058695D324D26528077F5B136636 PX5: 90AEB4A600D0EF596C4F00D134ACAA00BDFD0752
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] MD5: A8DB277FB7C964A2BAE0159BC05C5621 PX5: CC4BFB2E005E161C12BF0576C5EB94007AE54E90
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] MD5: AC31CA2B251FE8057528FA937335B164 PX5: 02BF46CD00DC848D207F0BA7D391AB00DCDEB32E
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] MD5: 2BAF81B8504D9C1600C51A498E5453B3 PX5: 5DB1DF3A00AE978A5A1800B9B5A8C30041FF3076
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] MD5: BB756F78728C2D953574E8652B7E86A8 PX5: BDCF1CB600ACB6D2C2EE007361942C0007606048
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] MD5: 8285B8B146B42FF18ED08C558435011E PX5: 2226211D005B7868DA45009E23898E00149E78C6
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] MD5: 6F83A7ED3217D0E612445612D1991767 PX5: 085443D800EAF0FA42960F6622B8E300CB4CB91D
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] MD5: 9B5A59851D9A237C86210E07E2195A12 PX5: 17E09890009DDCC84AAD00E153CBBA0071FD3882
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] MD5: DE24EBECF7833A4DE925D0832956F21A PX5: 1789B2A5005E39C8D2660086022E8500C3B9450D
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] MD5: 48BD2908FE77ABB5EF42DD4A108600B5 PX5: 0D34C3E0002C3B32B2670226273B8500327F7603
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] MD5: F309C34E0F66DAC995053E91EFFC9002 PX5: 92D4CA5F00EA8A5C340F02F2506EE800E1319CFF
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] MD5: 12EAD983C875ED9BCC8B90E3F77F2E4A PX5: 42D0077300700B1344D7019D11CF0E00A225E294
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] MD5: 0C1F495C1761C126BC820F4DE4C8B967 PX5: 097C6291004A18B14EEC00B4A6264D00B84611B9
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] MD5: 4BA6464CF0D5FE0CD0B43AE4B3B32D26 PX5: 0590994000D0A8B53A390FFB32187D003143117B
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: EA00C46A00DF4A1A601F80DDA7E37000C893634E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 - {AEB6717E-7E19-11d0-97EE-00C04FD91972} [shell32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 - PostBootReminder [%SystemRoot%\system32\SHELL32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - CDBurn [%SystemRoot%\system32\SHELL32.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32 - {0E5CBF21-D15F-11D0-8301-00AA005B4383} [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F01-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F02-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 - [shell32.dll]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [G] MD5: BBF4BC84D6BB5858634657718F319B0B PX5: 4CE7353F0026001C3CA7077551D26B00F192D3F0
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] MD5: 0FE5F5912C30795C455A9645970E6C7C PX5: 0FFEE7C7000006B05465090C27232C00D413C33C
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] MD5: 485B2381CF003DAD79F1371FBEAACD5A PX5: A52E0F9B00E1697FD015036BACB9C10078B33C67
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] MD5: C99FD691ACAFAEEEFD03F1E4E6D3DD60 PX5: D1079ADC002DFDB3487D042258AF1F00F0FB72E4
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll InMem: 1 Det [G] MD5: D81759006D620D41F7FD1D2A4A10C7F3 PX5: 9530DEA70023A05308671094FE66420057AEE923
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] MD5: EA88A16DA0D06069C0C06AB5A4669E26 PX5: 17030F830012904980B601AEBBE29A00B94ABB0D
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] MD5: 500E8EF27757B1C463A4A263ED2C95D2 PX5: 29B6016000DA65A00EB502BB0FFC6D00E022C836
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] MD5: E6F026DBC75B6EED7331EBF581AFD4D8 PX5: 16BA5AAF006AA18914FD002B882F7D0027109E10
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] MD5: 8FBF27AB56DE71E2BDD5A2CCB7FB9023 PX5: 53B4176200566C3D2844029CE35AC3003149753E
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] MD5: 66364440C71911D07468F3791206FB87 PX5: E758784E007AB6358C70131F94722D006C415D83
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] MD5: 086DA77C3C612759D4EF437F67532E2D PX5: 2E534C590076A85BF05D01EC9E4FFB0089A4554F
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] MD5: 840535254EDD74E79D059229C5A2F800 PX5: 49E7BE4C00EA6409841F01CF112B5500E75D0DD5
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] MD5: E2703BB7BEAC36269482A8D32400AD38 PX5: 1CDB8610004CDD7F48CB007245065C0097B2DD61
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] MD5: D5193D474D7BB9CE917B4CF5F3ADA9D4 PX5: D88EDDB7006796175ABD03E85DCCE30039E51CA1
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] MD5: 1DC87F8C450E295FB8CC5039D27292E5 PX5: 8B514EB5005BE141BAA3022C5AD8F400CAAEB534
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] MD5: 38C69B2BC3182A85F0B323C9D1EB7E26 PX5: 36CC0D8B0009157E909D017F19231E0041E0A92E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] MD5: 72E4CAD810A967449CAAB723E99C74B1 PX5: 3C08F14B008AD1456C990109A197100002605D8A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] MD5: A357128EEA84698DCF3ED33E521292CC PX5: A35B6D1900D11F1D3E5102B97EFC0500E974203D
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] MD5: 7013FC08075EEF2D881D55F898F2D402 PX5: 4E92FBCC002BB291EAE5000F10C15F00A1E7AD21
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] MD5: 26ACBD865F8CFF730F1791C4D0854352 PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] MD5: F16C9CDB4A47969B1CF48E0620F6E217 PX5: 6D3509C200E203F6FAF00078D7EA35003D8429D0
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] MD5: AFFA7A2ECB1476F29641C90524F63E2E PX5: 7DDBB66E00F27A20FA0D01B81C65BB005752F1B9
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] MD5: 494EB23EF42602F1622D515960A98074 PX5: 811D12860031DBC676BC0192323E8B00C52133AD
C:\WINDOWS\system32\wldap32.dll InMem: 1 Det [G] MD5: A340DEC6229F08D8B9644F2BE00100FC PX5: 9E81915C002CE532A4010226E6EC3100C992DBA0
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] MD5: 53E5AB61DDCC0F057182BC1B5513B744 PX5: 8E7CD5F4006500C1188E05B6248B9200BAF8CA73
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InprocServer32 - {750fdf0e-2a26-11d1-a3ea-080036587f03} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{10CFC467-4392-11d2-8DB4-00C04FA31A66}\InprocServer32 - {10CFC467-4392-11d2-8DB4-00C04FA31A66} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}\InprocServer32 - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] MD5: 0E8E6901C637095EC3B483475E39731E PX5: DD9EAB9A00D5F12036192D6118710400ADB6810C
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] MD5: 6DEB9059000C34770192B78D85F6D387 PX5: E19B13CB00CFB9ED5C250033B033BB00A27F216F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] MD5: B979BBBA74F4F5DB69C3A5DFDC52828C PX5: D3FD3AB2006F991AE8A30C7CE8FD780095D6A640
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] MD5: 6BE31DD27F035AE0AFF3FA764DDC8B4B PX5: B8AC5953001510F87226084B320E2F00FADEC04D
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] MD5: 0189390CDBBFA0649898486EF5AF4130 PX5: 7768E3ED00658AB9A66507AEECA75E0031A45A6F
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] MD5: 3C1B1065C5BFCA5190E7FA7EFCB11B59 PX5: 1D452FC300F103CCD4AF019C0B4A1000D0C05759
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] MD5: 05E84EEAD6B27C958621A4E6D33859D1 PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] MD5: B088085D01B3E80E2BE0E9CD1838BA9B PX5: CD32AC5300D4DB3A183401A597817D009B477A6B
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] MD5: EAAA11BE5C162266E698F7658BD8A1DA PX5: 8C299C3E002D88084A0000F598A51000C8C9681D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] MD5: E77F6FA2A15390F1727F4C1C55B69DA6 PX5: 55CFB3920083E585A8B8011373392400747D1070
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] MD5: E84A4BFD34F64AF3A9B2E4FF45C02DCA PX5: 42090831009A7DEDFC25041A41C0A6009F850DB8
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] MD5: 232F47C76CD56683A1A329ECCB277F83 PX5: 26E71B8F007D3456D4BB016B5AFBC800D7F565BB
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] MD5: 1FC06B22BA62AB448613461D06C328C9 PX5: 7EA0BF3D001A18F58E38007796CD8000CD7F3FCC
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] MD5: B30C42DFA52A70037AB31A85057A5657 PX5: 2D7DD02900BE71EC5085060A796CD8005BF97344
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] MD5: DC7D49E0DEC335B8E14C734AB1BADE66 PX5: 279F162200D45347000001BBAACC850063724C8D
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] MD5: 26CAAEE19627A49509A5FAAF49E418A0 PX5: 5F6310EE002D3DBC446C1C5A826CF10048881669
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] MD5: D1CAA255F33C06C8302769A86FFB905E PX5: D2B7D57A001E9CD9DA5600E2BE4F3C00079E4466
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] MD5: 0815E8DA286775FA432C7C9EE5E10BA1 PX5: CC1BA69F00AF6D2D3445003B3C2E0700B638080D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] MD5: E0C3289E36894FB2348CB748CDB37516 PX5: DFF408A1009F902E1A360BCBB8D0DD00224FF50F
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] MD5: 12B717E63F23BDF3FD43B295542154D9 PX5: E92EC68300CE21C68E4E06BCC0EDF6004268C49A
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] MD5: 4AC54687B901091378C512A6C56F6214 PX5: 81B30DAB0078862F82C6000202049600DB968CD1
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] MD5: 6E8CE9BB6332762F102A075A65194870 PX5: E002A9EF00BB5FBB44CD027C35B0550058480101
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] MD5: 6AE3588C5FEA68CDFCD743AF5FC95398 PX5: B049763B0042836806A701AA022FCD00F10A90B1
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] MD5: D7D64FF974B96816E1AE2C5B86DE35BA PX5: 0CA48DC3002C50B3BC750065E2B27800000C62EB
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] MD5: CCBD78DDFBDDB5531A2B36684E1A2709 PX5: 5BA16E2800984E107E90042A99DCA400E3F73FD4
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] MD5: 926BB51BB6DE79DEDB93E9C2B0811CCF PX5: 7826BE4E00B0693C362206A7BBB246000E968C98
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] MD5: 8B97D00E5C6A593EBB605CE4B8A5CAA5 PX5: B0DB78E90001F969B24A022F16FE9C007D6DCCBC
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] MD5: 8991AA4FECCD0F90963AA68D120782EB PX5: 6875CD56004DB153365402E13E2E3800ECF2B58B
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] MD5: BC6964976170DC87CAF151A144BE586C PX5: F311FBD900986B6DC09400C9FE9A9C00CD8F608E
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] MD5: 1446EB71ADF0F54980CDD7E5A812E102 PX5: C91F3DA800B1BEBADA0C02480448D00054984981
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] MD5: 24E00A2782F1FBDDA55173F6A92793B4 PX5: B05D914900808F8FCED102E7A46D080020A33905
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] MD5: F450886F41773A5FAEB25E87B758D6A8 PX5: A4E8D0C400046CE116C204B93C6D3F0003672778
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] MD5: 30E14D74BCD1BEEA96A279F78A723346 PX5: 5E3F044E00E5E84280510004471F8A00BD7E5854
C:\WINDOWS\system32\nvappfilter.dll InMem: 1 Det [G] MD5: E34E3576674EB2B728C4423D644A97FD PX5: A065C0E2007578040029021A22CFF2007CAC770A
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 - PackedCatalogItem [%SYSTEMROOT%\system32\nvappfilter.dll]
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] MD5: 337CB52AF1F7CF6C0F57EC8BD14DC6D1 PX5: 644C52BE00A05754C6240337B7759700C1FF12E3
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] MD5: 250D4F4E1E27543C121378268FE07208 PX5: 2CFD58C600B6F9414A810565679BD6001F42D5DE
C:\WINDOWS\system32\rsvpsp.dll InMem: 1 Det [G] MD5: B4B4BC22821A8A0AC357297B784B996E PX5: 316FAA8C007F4493605401B98234D5008F685EE8
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] MD5: 24B2F25A42BA3CAD1D238F2ADAE63F7C PX5: DCF79E3E001DA16F86F70051A83A8600579ADC98
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] MD5: 7FE963BD4BDE86B5EAF5C07C6D0118C3 PX5: E242805400420CE08090017E79023900E657FC90
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] MD5: 08B3A60A4DD7FAE800B552F8F8D5DEB0 PX5: 522AC66D001B6D5A4E8E00D8A0AEF000528059BA
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] MD5: CACD2C63A79268D131EA37E85524CC44 PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] MD5: 73955B04F209D8A1C633867841267A96 PX5: 41467A9700616549387D0095555BE300B7CBF228
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] MD5: 0C015AB735A4624C44CB5696E9208C4C PX5: D10B46960010CCB40A5406A32381BD005F5BEA56
c:\windows\system32\termsrv.dll InMem: 1 Det [G] MD5: C06CD1890279603E15020757E02DE56B PX5: 15A4D5880058E23888C304BFF814830042F0D520
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] MD5: 66DA850192B87548374FE13F38A2A265 PX5: BB3E4FC6005CCAE92CC10044E2AB07008B832EBD
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] MD5: 9E54D8528F9B4324ED20CFCDF3BE6A76 PX5: F3CF001500470019C4F901369ADAFD00DF876B1F
c:\windows\system32\ACTIVEDS.dll InMem: 1 Det [G] MD5: 25E4E36CED6B15DF8D8C10460BE834A2 PX5: EFB02947002647C8F6250205FD9612006E9558F5
c:\windows\system32\adsldpc.dll InMem: 1 Det [G] MD5: 15CE221ACE929705BA7E4346D74E8A06 PX5: 6D8B11FE00EF99F53026027F152EC40097EA0ACA
c:\windows\system32\ATL.DLL InMem: 1 Det [G] MD5: 32BD4CC64449EA2549BE4A8EFC54F4DE PX5: 90FBA32A008A4DC9E6A3004879775D009B9241D5
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] MD5: BB78454C44A5B0F97295A6D66B217D65 PX5: DD7C6D7B00A7C2A842AB003098E8920063CE769A
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] MD5: 057393DFF71E294EDF6DB3AD2A0CD0DE PX5: C442A786008A10AC207B003B3C2E0700E2EB90DB
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] MD5: 3D6F9B5C5C396BFBC14DC565CE624CEF PX5: F53436F60068CE64B23A01BCB3126A00C328DCF2
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] MD5: 312913174D070ED81E9D78DA7B648774 PX5: 3DF4750600996C8B7E470562CED514005814EDBA
c:\windows\system32\rtutils.dll InMem: 1 Det [G] MD5: 204A7D354683A49C37505BE1646C5D43 PX5: BF0F14BA00130FA5ACFA00D907EAE70083958E2B
c:\windows\system32\WMI.dll InMem: 1 Det [G] MD5: 7F9FD6E98CF1898F94D4A6246D4D639E PX5: 781B3D7300C600C41695006A26ACBD006AA9CB45
c:\windows\system32\ESENT.dll InMem: 1 Det [G] MD5: CF52CD81A61E6DEFF93CA40BBA955F30 PX5: 2D3CBE9900CA56E1AA3A1013ABD8CF0050E8E49A
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] MD5: F90A2F77CB88F8201A3AD783D7EDB19C PX5: F64AC68A00F37A69B87E01DB8E696800CC9225D9
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] MD5: 502A30E1A880124D7F71667E75BE9688 PX5: 5142AFD100A220AEFE57076D08D9310067F36935
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] MD5: 27966534A0820CD3BD988BD1517C8FF2 PX5: 8F9E6FFA00F645FE0E950A17A1595B00D082E203
C:\WINDOWS\System32\MPRAPI.dll InMem: 1 Det [G] MD5: B61978022A65FAC95B8E3817D5029870 PX5: F40536E000846CE4547B017CD7ABC100D153D57A
C:\WINDOWS\System32\RASAPI32.dll InMem: 1 Det [G] MD5: 7ECE54A6785E6A07ED02018A32B246E6 PX5: 7E18516500FFE5CC9C5B03564D831C0011FCFEEB
C:\WINDOWS\System32\rasman.dll InMem: 1 Det [G] MD5: 79D87679F6F13F7F18062C39A3C5B38A PX5: 7F1D9BFF002D89D3F04E005C98AFF900ECE9EEA3
C:\WINDOWS\System32\TAPI32.dll InMem: 1 Det [G] MD5: 9B53CE123C15E95DE40592CFECEC5A09 PX5: ECB3A62200F5E5E3C61D0271F9934A0018AE4A00
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] MD5: D7DE6CD7A5F84909B12B7DBD7D93811D PX5: 6CBEE3D600A4FEB310F101DE8C083F003D6F721F
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] MD5: 546254D4769E165CDC3388D74B201FCB PX5: 5DDC4A3800A53317F204023D51875A00711FF5B5
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] MD5: 3DC13080F28F80ED5D31E20E226536A5 PX5: 892E25230047BFE41A2700448F955F00DB3FDA3D
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] MD5: 15EE9EFF206DAA73B9642FCD51A69BB1 PX5: 97A7792B000122A1A6A80092373D18006EB85382
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] MD5: B96429B547C29CFE65E0A31C53F4BB06 PX5: 7EE71DE000CB8C06046102E707BEAD00EAB7A0DE
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] MD5: E0CC838265401128097D182FB583889A PX5: 4924777000FF363CECB300E8D69F7300112A6AF8
c:\windows\system32\certcli.dll InMem: 1 Det [G] MD5: 5F24A58D40870F8FE6CF7E15E73DE146 PX5: 925C7DF9003B9C1200C5031520AB850028BB5515
c:\windows\system32\dmserver.dll InMem: 1 Det [G] MD5: 499FFF7BCA07009A23447776286F0510 PX5: FABFF932000B9F155E610037E22ABC006B953D35
c:\windows\system32\ersvc.dll InMem: 1 Det [G] MD5: FF547B3876B6E652431412345FB8EE11 PX5: 1075AE7B006257925A3B00E01F4D2400B15FB39E
c:\windows\system32\es.dll InMem: 1 Det [G] MD5: 16A4DE76313DD3ABF7635565BAAF1512 PX5: 8CFC4C9B007672F5B6D00383EE01A300F1E4D975
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] MD5: 03A7A19834E2A63C445B3AC5E73AAB50 PX5: 5BE772A20028818F98B300E973AA5500998EE021
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] MD5: 82A782A17AAF3AD92811F5023A94181F PX5: 04962F40002073267A0D01D01873E300127D7D3E
c:\windows\system32\netman.dll InMem: 1 Det [G] MD5: 4AD6F202266A25BC0CC1DCE2A3D91563 PX5: 6E6B756F00C9FE25063E03CE96E58100C196B9F3
c:\windows\system32\netshell.dll InMem: 1 Det [G] MD5: 4CC28DE5620ACE4F613B42A4F836DEDE PX5: F7F9A56A007CF701368C1AE01A3E1600E0C02A68
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InprocServer32 - {7007ACC7-3202-11D1-AAD2-00805FC1270E} [C:\WINDOWS\system32\NETSHELL.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{992CFFA0-F557-101A-88EC-00DD010CCC48}\InprocServer32 - {992CFFA0-F557-101A-88EC-00DD010CCC48} [C:\WINDOWS\system32\NETSHELL.dll]
c:\windows\system32\credui.dll InMem: 1 Det [G] MD5: 2D68AF44B169D033545FA501B9FF4F30 PX5: E886FD9F0056D4F18254029213832F003DEFF647
c:\windows\system32\WZCSAPI.DLL InMem: 1 Det [G] MD5: 28CDDFDF8C30D886284F3549C4A8E284 PX5: EBF8733200CD9B7CCA4C0051E7642A0024707F2E
c:\windows\system32\seclogon.dll InMem: 1 Det [G] MD5: 241D074DAB2A67D2D7616CE7C8B05650 PX5: 5B80E36F00AA396B4A8300B7E7951D00D7AA4B2D
c:\windows\system32\sens.dll InMem: 1 Det [G] MD5: 688BE760C858E347A4E23186B725C86B PX5: 00AF89660086F69E989700E590F03600F597A8F5
c:\windows\system32\srsvc.dll InMem: 1 Det [G] MD5: BA4E8AC9A60C4527C969D08F3ABE9D36 PX5: F652BD0100BA7CC29C6202A16DDB5500C590261B
c:\windows\system32\POWRPROF.dll InMem: 1 Det [G] MD5: 41FF9D663219A1DD0397FE2C5B09436C PX5: 31AB7E9C00B2127E4485007208C03300950D28C1
c:\windows\system32\trkwks.dll InMem: 1 Det [G] MD5: 6C7F265BD43A1D85103EC5CB1251D2B6 PX5: 906F8E37007C9B5A621D011F493B83005C29CC43
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] MD5: A91ACDD987DC3E0E1FCEDDA6F1FFEF2A PX5: CEF9F3BC00C6E32738BF0260919AD800E787713F
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] MD5: B590F13F17409970A6994473EB98EF74 PX5: FAEC6BFB002AF8059230067AACCA280087EB5B02
c:\windows\system32\wuauserv.dll InMem: 1 Det [G] MD5: 4CBB7CC975E5B67022A7F95DFC6EF9EC PX5: 0799809A00702BD41AB400068A66AC0043C84727
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] MD5: FFDC783BD3FB57B38B34C20A51AF2A20 PX5: 21C8E5CB00C120B550EE11BB119AD3007D3D2035
C:\WINDOWS\System32\ADVPACK.dll InMem: 1 Det [G] MD5: 486A0D63381B08D5A41F44E58FE3B4E4 PX5: 40DE446000D9DEB58E9C01A9A95DBB0000B29576
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf]
C:\WINDOWS\System32\SHFOLDER.dll InMem: 1 Det [G] MD5: 8B205EB92B49D10055427365065357E8 PX5: 209DE55C009ABDE8627700E93AF07200F7058D40
C:\WINDOWS\System32\WINHTTP.dll InMem: 1 Det [G] MD5: 5B4EC6C0FBACC85430CE3D6AE8563A0D PX5: 8A8FE9C3008B23F25C3905D494C02C00D181B661
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] MD5: 4D7708FD334C23E17400CA8327CE3D11 PX5: 60605FEC005AB19AEA050033F1225300422702FD
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] MD5: A434E5666A953F6A0406CC99B8B8C6A0 PX5: 192CF4F3003C31E4769D0029DA080500F7D037E4
c:\windows\system32\browser.dll InMem: 1 Det [G] MD5: 72FBF0322BE8A0F25AE722FDE36AB1E6 PX5: 9CDD0A4F005D0D9D2E6201C807EC76000E0D1CE8
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] MD5: 17F70F4E37452A30C35565052AB68BE9 PX5: B11BC224000C550D3E4B01F1618F6300676DF706
c:\windows\system32\msi.dll InMem: 1 Det [G] MD5: C61D523BECF2B858E334E456563A53DC PX5: 6C7B53A80052D9E6CAFC2A54E18763004001657B
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] MD5: 7DB0054945C1C937553F97FA1F1EAFFB PX5: 30B285D60040901346F3037FF72C08005C58C30E
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] MD5: 2E9B41FDD71FDDD9D596CF3FDF0A1FDD PX5: D34E2BC3004DE1451AED08DF0B2B620026599912
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] MD5: 20938C6D287B27AB3F1FDE53FF3507DE PX5: DE687FC600BAAC77C8B4030B6F14AB0094AE7226
C:\WINDOWS\System32\Wbem\FastProx.dll InMem: 1 Det [G] MD5: FC9F0B7216D087F9502ECE38439AE144 PX5: AEBA61B800E4BC9A34F5075F66FDAB005D1447F9
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] MD5: DD3E1E96EA769C31936D9B09F9137954 PX5: 25397BDF00757EBFAAF700E3ED2B7800B9284F1B
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] MD5: BC664C7546EF5C1A5712E7B48AF24741 PX5: 0BDBA5A5000A6748803F0102F9279500D2C1C9B2
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] MD5: 41B4ED9F8D444CE09B6A1FE76AE22040 PX5: DAAC922100087395B4C8026D60ACD300B870E129
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] MD5: FC898B99DB05094DF3F0942DFB39BA79 PX5: 6F57383100059B5E1A78136E055F2B009076402A
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] MD5: 0607FBFB19D8DE4726F4188563DD0519 PX5: 01D9FA2C00EC336504830130CDB57B0066308F3E
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] MD5: 3BD93201E3AFA5A0660C793A4BDAE773 PX5: 2C097C2B007169C960BA0014DCE7CC0038229E38
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] MD5: C5EB8E303FFFC951B9D338F601CB2A28 PX5: 19B6371D00577611F4E200972AE21300251E5074
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] MD5: C3B4CFBA8936D0AF25D5391F53F2DA91 PX5: F4F4A6AD001EC8C1E2C500B4FE61840054C0DDE3
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] MD5: CAD4191048F595A794E14CEE31DB06FD PX5: 6DFA47A500DAF26FE68800D61F5B31009BB0B65D
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] MD5: D110A8CDE08CC1D346814C814D32F2ED PX5: DCBBBE7700F574BEAC5B06A359C30800D52199FA
C:\WINDOWS\system32\wbem\wbemess.dll InMem: 1 Det [G] MD5: 1C4C78B5943AE143513DD1522E14926A PX5: 57BC20470030CEBC2E7C0420B5413100E2A61178
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] MD5: 1DA364FA673E18BC1DE8F5CDF3657DBD PX5: 89882A6E0030CF0B12CE052A40AAE5009F9198F9
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
C:\WINDOWS\system32\wbem\ncprov.dll InMem: 1 Det [G] MD5: 1B8923492B022438764DCF6BD8B0EFA9 PX5: 28C2B58B00AC779DB8320092176FE400CB94678D
C:\WINDOWS\system32\upnp.dll InMem: 1 Det [G] MD5: 7E7491C2CF7A0781C0004D2C5BE71BC4 PX5: 5CC09E6000F77B62063F026310FD670014E0CF2C
C:\WINDOWS\system32\SSDPAPI.dll InMem: 1 Det [G] MD5: 4EA31D2858780DDB446A9DC9B2D23C3D PX5: B458C80C0094BE55886700FEA91CE300F0D01D10
C:\WINDOWS\system32\netcfgx.dll InMem: 1 Det [G] MD5: AB06350510C1F68C7202703480F6FF17 PX5: 4F8DF8B4009990EE9C82091CBF6CD600CD59067D
C:\WINDOWS\System32\rasmans.dll InMem: 1 Det [G] MD5: EDE7D761426CC2AFFF20A3A460F9C85E PX5: B74DD77D0086DE32A83C0202492A5E005A986AC3
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] MD5: 2F8CBA2D2A332EB5D2A7DC084E3B30B3 PX5: D241AAE200E9E6AEC21203236372D7003EB38FD6
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] MD5: F4DE764732E8F6028BB18AADD4912317 PX5: 699D459D008C3BC6E634009735DEBF004B936485
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] MD5: 12C9C630FD867446D8B846C28454A45F PX5: BFCEE8FF0036A1F42CB803103A63E10078271DF9
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] MD5: 8BC01CBCDC4345A7367F2EDCBAA4A07F PX5: D4A3FA58003A460436E500FC8F082200CAF4CCCF
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] MD5: 516447BBB1A13F72E98989580EEAEB36 PX5: C200FF390086F832824F0082C924C70039E73BB5
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] MD5: FF5CBCADD5833B484C773F7DF16F13BF PX5: 9787C23000D76D69E07F0030C6CACA005BA7ED34
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] MD5: 4E2F02E1BA55160806AD42FEE296F8B2 PX5: BB9887B4006414FA44B900C28BC43200412916D4
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] MD5: EA96018804FEB47C384EFDB3D07E7EB9 PX5: 72FD790F00B8268510FF046EA54C6E0080B1B5D1
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] MD5: EA5C2C1F5F74A5660FB0F72E63861030 PX5: 578102E800C1441976DD00BD8619300083827C0B
C:\WINDOWS\System32\HID.DLL InMem: 1 Det [G] MD5: 3B4E115A33A2BFF0D74792D572F448DD PX5: 551CD37300F70F6C527C0010EC920400B756D4FA
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] MD5: 4A48EDCAB3B97997055AC533CAFDB501 PX5: 69B8011C006A35C426B80310309570000552A536
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] MD5: 8ED1589D9A626027E4FAF24C149860E6 PX5: 182944C0006C52E520B8003B3C2E0700820D2E78
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] MD5: D52A1298D47FA8652B30451855265F94 PX5: 289AD96400BB9C934C7F0AD56A0D5500E683D618
C:\WINDOWS\system32\wbem\wbemcons.dll InMem: 1 Det [G] MD5: 89A935A5CB3FE6D25BB87DE3370E6B5E PX5: FEC4B3B500CE633918000143FDB47200CD210469
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] MD5: 1A4CCB390093D1A6F0EEC063F44AFF31 PX5: 3AB739DC00686EC6B26F00A3B54A4300F767B865
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] MD5: 6E008B7EB9B67D555B5EE1C1091F3A7E PX5: 050B19680015AAE33629000A173BF5000631D061
c:\windows\system32\webclnt.dll InMem: 1 Det [G] MD5: EBA8DEA9E279A9A50B608BFF3CBC2CDE PX5: DB971DA600E5CDC008BA01FF1B98B500F9F1371D
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] MD5: 193EE4259EF6C5A9D641CEC0944581D7 PX5: 4A82D0640009D6FB307B0995BA5D61003FB7F7BB
c:\windows\system32\regsvc.dll InMem: 1 Det [G] MD5: 78FBE7DA29307EDE7ED0E33F1C4969BC PX5: 0038ECD50092146CEAE600DC41696F006EFFA138
c:\windows\system32\ssdpsrv.dll InMem: 1 Det [G] MD5: 1FBF38A525EEDD7402BFA7E27236A64F PX5: EFEEB4A70072CCE218E201A90823060000AE77FB
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe InMem: 1 Det [G] MD5: 3CA72CEA90DF8DA569D35CEC89676749 PX5: 26D578FC78352FC143BC00E4E777CD005D6A9F7A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aswUpdSv - ImagePath [C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe]
C:\Programmi\Alwil Software\Avast4\aswCmnS.dll InMem: 1 Det [G] MD5: 8E8CDBD061A3706A43DFC9167552446C PX5: 63AD61B200C71318F05D025E1C8BD80049E3F703
C:\Programmi\Alwil Software\Avast4\aswCmnOS.dll InMem: 1 Det [G] MD5: A8FECB2B0959ADB867BC9BB181A2692E PX5: DA87649F002516A950FD01ECF7FDAD00BE1E67EB
C:\WINDOWS\system32\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\WINDOWS\system32\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\Programmi\Alwil Software\Avast4\aswCmnB.dll InMem: 1 Det [G] MD5: 94C24A7479241CF3A529B5CE2C041273 PX5: E89702140099E823F0D20184EF7F52006C45B5DA
C:\Programmi\Alwil Software\Avast4\ashServ.exe InMem: 1 Det [G] MD5: 6A0A14F60654DF588F55160CB1B6DA8D PX5: 56475EEC78C288F2356102FAA9D03300F37F709F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avast! Antivirus - ImagePath [C:\Programmi\Alwil Software\Avast4\ashServ.exe]
C:\Programmi\Alwil Software\Avast4\aswAux.dll InMem: 1 Det [G] MD5: F2C4C61959450FFDDC97FA7622C3B98F PX5: 686F0808003E43CC10180A167C18F5003AE0E642
C:\Programmi\Alwil Software\Avast4\aswEngin.dll InMem: 1 Det [G] MD5: FFF631E22CBB3476ABB55845472CCA16 PX5: DF48797500426064B02F12BD5C1F68006E45689B
C:\Programmi\Alwil Software\Avast4\aswScan.dll InMem: 1 Det [G] MD5: 6EA6E65AF6E4E8EC917C6E59A148CC45 PX5: 5CF5E3280060C34840F801F9A284B600989FB987
C:\Programmi\Alwil Software\Avast4\ashBase.dll InMem: 1 Det [G] MD5: 834BEB7644F95BF8C949AD4DCA0794A3 PX5: E335161B00F6BC66703F03C9611B1A00C25AE090
C:\Programmi\Alwil Software\Avast4\ashTask.dll InMem: 1 Det [G] MD5: 63E8362908FCDD99ED46D04E662968D8 PX5: A6FE80C2005C4DA4C06B01B8382E1E00AC674078
C:\Programmi\Alwil Software\Avast4\aswInteg.dll InMem: 1 Det [G] MD5: CD01CCBF9DAB74704FE7FCF7188B70B2 PX5: 01CE67490058CE5E580800A68673DF00DBC3D156
C:\Programmi\Alwil Software\Avast4\aswIdle.dll InMem: 1 Det [G] MD5: 4BDA42ABFBFB80592D063567E2D69074 PX5: C178E3E7787088E0272A00761D831A00A1601861
C:\Programmi\Alwil Software\Avast4\Aavm4h.dll InMem: 1 Det [G] MD5: AC64A27497266FDEA8D5C11D427FE932 PX5: 859B04AA00FBB29F40AA03700A0FA20037D1386D
C:\WINDOWS\system32\dbghelp.dll InMem: 1 Det [G] MD5: 87FB429E335A273C6D789377B4C94D39 PX5: CA15549600DD8409C430096381351D009D50E233
C:\Programmi\Alwil Software\Avast4\Italian\Base.dll InMem: 1 Det [G] MD5: BF233CC1E357180340D58BE1080553FE PX5: 0DE9683B007AB56A00C901996CBFB00029B804D2
C:\Programmi\Alwil Software\Avast4\AhResMai.dll InMem: 1 Det [G] MD5: 73E29E045C178783E1A70C5A5F199DC0 PX5: EA12E570009EFD7C8C0100FABBF9D2003C63947F
C:\Programmi\Alwil Software\Avast4\ahResMes.dll InMem: 1 Det [G] MD5: 4F6F570036B80CBA232D9690F05B9480 PX5: B54BFABF00CE4299807A00A972C39900DD2CFB01
C:\Programmi\Alwil Software\Avast4\AhResNS.dll InMem: 1 Det [G] MD5: 20DC464DAF3E2BC3BC2DF53ECB910236 PX5: 10AA42BB0051A2FF7C2100181FCC0400B956D310
C:\Programmi\Alwil Software\Avast4\AhResOut.dll InMem: 1 Det [G] MD5: 67D9BA5625C581E5388CACD5CC21C6AB PX5: B151518B001811F974F100BF7CACC100C20C130F
C:\Programmi\Alwil Software\Avast4\ahResP2P.dll InMem: 1 Det [G] MD5: C1D1B4C9F5EE38824ACE8882BED255DB PX5: 608207EB006030BD809C009F41F91800DD11D159
C:\Programmi\Alwil Software\Avast4\AhResStd.dll InMem: 1 Det [G] MD5: 81CBD442714E8EF04F90A5E39972D98F PX5: 65910B6500C32B92A86E0005B9EB3800CB781A35
C:\Programmi\Alwil Software\Avast4\AhResWS.dll InMem: 1 Det [G] MD5: 2C224641FED631A4F9ACCD2D315C7166 PX5: AB08B440004B4F0FD061002DDDE82A00907F8D64
C:\Programmi\Alwil Software\Avast4\ashSSqlt.dll InMem: 1 Det [G] MD5: 2CCA65B7B88839257B71F37B1B1C0352 PX5: F37584E800AE9D64907103BD606FEE0020DC8C87
C:\WINDOWS\system32\perfos.dll InMem: 1 Det [G] MD5: 4967673E8ED0786F88E2CB58786FAE7E PX5: F2B273BD00DF14CC689F0003CC87FB0024F4B4BB
C:\Programmi\Alwil Software\Avast4\aswRes.dll InMem: 1 Det [G] MD5: 652AAB7E654497D0D4A34C37D2EA97E5 PX5: 4A12B1000029B61F30EA0282E5DA6C00F95E7CEE
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] MD5: 216F8454A9415DD3E451B169DC3121C4 PX5: 703F3D90006B0DE3E2430049B8FF4400BD40056F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler - ImagePath [C:\WINDOWS\system32\spoolsv.exe]
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] MD5: DD90C59EF82D6CDE5886B595CA8D8D8A PX5: EEC4C153008FC3AA248101F4B2E71800601A2E7A
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] MD5: D5882ABF5F3652ACBF36C882EA4DC9A8 PX5: 4416D740002AA3683E4E05C1EF102900643A9BD8
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] MD5: A2660003F73982579EBFEF1F6C2F6234 PX5: ADFEA2D500C13C76C238009F710B75002AA8B844
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] MD5: BBD335EEABDA429E2A4A401AE977ACCC PX5: 84CFC62400E584133C01005DDEFEF70074DE7C99
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] MD5: 1417745D9156EED7C8B871A3F8A8F56D PX5: 4DB1307F00B38383B4DE0091A261F900D73B20B9
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] MD5: 1AE1CDA7F68B0A8603A3117AE5F00B03 PX5: 355B55CF00434C1C429F0037D7A64900612AB6C2
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] MD5: 660E56BC8C253B5B47DCC6560CCD62DA PX5: 3EE5A7330005B84D903F019D6D465800D7DE2821
C:\WINDOWS\system32\NETRAP.dll InMem: 1 Det [G] MD5: E7FC69C00BEBC04DAEF86071822B2B89 PX5: B3940B1900334CEB30F300847BE9340024D302E6
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] MD5: BE4FF5FBBC55DC3C2445377C50497F1F PX5: 84746D7B00F17DE826600104529E590058DFB441
C:\Programmi\a-squared Free\a2service.exe InMem: 1 Det [GP] MD5: 4F87E68E1F5B1C45F2EC10A2AFFB745E PX5: 9ADFF4467835EFB4A244055862F5B8008DD06CB1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a2free - ImagePath [C:\Programmi\a-squared Free\a2service.exe]
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe InMem: 1 Det [G] MD5: B81F8778F5BB485F3B75114F0C99A49F PX5: 9500EFCD3F7428075052004730EDF40012C3F9FD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ForcewareWebInterface - ImagePath [C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Grou]
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll InMem: 1 Det [G] MD5: 005FF09CE9462BFA9002803654D4849F PX5: 59BF9C8A4A292851F0DC01B3D822E60008CC3E96
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll InMem: 1 Det [G] MD5: 365F65E70F5381162D085E7F6C2EEC32 PX5: 790D8CC8537C728D90BE0215F750BE000D311A1F
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll InMem: 1 Det [G] MD5: 2783E1EC4E115F358F5430B30C6A7923 PX5: 1C95F8DB55821D7C90D3002DDDE82A00668A6161
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll InMem: 1 Det [G] MD5: A9A473A7024E043CE5C3A1115E892ABE PX5: 8F6BEF0B41119FBBE0EC03E23FA048007BE6A9B5
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so InMem: 1 Det [G] MD5: D3AEA2F00B256AD5E8BA4D70369058C9 PX5: 43D61EEB4F9204826012002DDDE82A00B909CAAC
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so InMem: 1 Det [G] MD5: 0C1304AE6FA935F224CFCFE71C2E53ED PX5: 2408C6D254CFE85E605D002DDDE82A00DE750461
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so InMem: 1 Det [G] MD5: 60A2F365067028125F4BA35141750AED PX5: 6C80DCAA52903088607000622236B1000889852E
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so InMem: 1 Det [G] MD5: 7AAE6F63ADB92D51D67621C4762ACF38 PX5: BF3738B85416C2D86084002DDDE82A00A65CB118
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so InMem: 1 Det [G] MD5: 14A9876B2F4F62C6D482485CB86D87A8 PX5: A1AE9F9E7330BA256000002DDDE82A00E1EF0C78
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll InMem: 1 Det [G] MD5: 1E0B10A8E1C8F59B5E209D20EE2497A4 PX5: 06FB7811009B689C10A802053DB44B008C190C80
C:\WINDOWS\System32\Wbem\framedyn.dll InMem: 1 Det [G] MD5: 95F398A46A0C449F220D5B6CE5897905 PX5: 277AC8E500749021D640021DA8B978008E053355
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so InMem: 1 Det [G] MD5: 2E41F2517014585B507938EC5ACF9070 PX5: 0E38970459A4324D905F009137943B00401BCDA7
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so InMem: 1 Det [G] MD5: BA73A91F92D7BD1B7577B0BA0F8FF9E7 PX5: 9AD0A27B53B4192970FE003D90FF5C000921BCD3
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so InMem: 1 Det [G] MD5: FCBF8ADB1E332AE54F261B3E29002718 PX5: 833D58535066548660BF002DDDE82A00ADB678CF
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so InMem: 1 Det [G] MD5: B34FB7A0356DB0D8300BD637AB215CFE PX5: 4E8F37EA51A5A3A360EF002DDDE82A00C516891A
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so InMem: 1 Det [G] MD5: 08FBB23C474856B47C1159E64D95B6DA PX5: 0466BE145569BA08609B00FB13FEA800A897D856
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so InMem: 1 Det [G] MD5: 50F2981213F32D6AA1E2413DCDF42937 PX5: 2D6CF71C55DE5AB460F80061426AA100E3ABD5E4
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so InMem: 1 Det [G] MD5: 54D2D383EF96CB78F5142C869ED19E25 PX5: B509726B51CCE9987030002DDDE82A00BE52E884
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so InMem: 1 Det [G] MD5: D1A6BC81ECC9CE4B162CE14C719D8477 PX5: 7440BDB554B0C97CA07100AF49F46A00AE6100CA
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so InMem: 1 Det [G] MD5: ED0B09570692370F817F5EFAD6CF8A0F PX5: 0164781F5556FED680C800B18089F300C88DB2DC
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so InMem: 1 Det [G] MD5: B3E4A89017B115AB1B5850C3C8BA040E PX5: 3F976DDA57D68AFD7098008091161B001888823C
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so InMem: 1 Det [G] MD5: C555E1125C522E972626047C6779FCCF PX5: 4020E3A04E8AA107704F002DDDE82A005813B4C9
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so InMem: 1 Det [G] MD5: 8E4B76FB33783B1EB3DA4972F5D67FA3 PX5: 07FF46BA58813113907000373989B70062D9139E
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so InMem: 1 Det [G] MD5: 29EF46651B3F3DB9A25A8B14FF396607 PX5: 57A6DC725472CF78E050008575E15700235DF39A
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so InMem: 1 Det [G] MD5: 790D834C8C67305FD2CABF94F2A0BB0C PX5: 0836649D562479D2600300E857D1A0007237F622
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so InMem: 1 Det [G] MD5: F9D1BA2B90A4C987E1017CA485FE0167 PX5: 69CAA96C46B4D0C5D0B90110F40CA200A3E5BE74
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll InMem: 1 Det [G] MD5: 40DFD54076168CAA1FBC95C1574A34FA PX5: CB6A350600300839708D02BE622D450004DBC02C
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll InMem: 1 Det [G] MD5: 38B0B1F97E2DD8AFA73D36265A8A9C28 PX5: CEC38E6E00C45336606C0D042A6449003F9BFA89
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe InMem: 1 Det [G] MD5: ACE9C161B76C066288A17FEA4BB7BFFC PX5: 440B22A7447CDA49E04400A07B74C000CE9A1689
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nSvcLog - ImagePath [C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog]
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll InMem: 1 Det [G] MD5: 1E0B10A8E1C8F59B5E209D20EE2497A4 PX5: 06FB7811009B689C10A802053DB44B008C190C80
C:\WINDOWS\system32\nvsvc32.exe InMem: 1 Det [G] MD5: CDE37723E151F52F63A76E92BC19780B PX5: 6105401642E13AC5306F025A32A3F0008848BD13
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NVSvc - ImagePath [C:\WINDOWS\system32\nvsvc32.exe]
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe InMem: 1 Det [G] MD5: B47576825F0A397E1C807C7EC23E1560 PX5: 350B3DFB0079B792207D02DCF809610094222728
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM) - ImagePath [C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcApp]
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll InMem: 1 Det [G] MD5: E938E912099EA29FFBB19BF402CE1641 PX5: CDC34BE2000580E3705C06ACB255C400B91D45A5
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nv_resource_L1033.dll InMem: 1 Det [G] MD5: 2796D4FCFE5DA566B9DA7B0295711F80 PX5: 7A3BC087005EB187206F0163806C76001662CF7B
C:\WINDOWS\system32\wbem\wbemprox.dll InMem: 1 Det [G] MD5: CECE259D273771497D2C96C8121D9C58 PX5: 118AA1B200D76A754A3B0017C7664600A1463C19
C:\WINDOWS\System32\alg.exe InMem: 1 Det [G] MD5: D4A42BF3C11302AA3CCD857034EF1E54 PX5: A1E5D90F00A84BB2AEC200E087F3A200AB0BF90E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG - ImagePath [C:\WINDOWS\System32\alg.exe]
C:\WINDOWS\system32\wscntfy.exe InMem: 1 Det [G] MD5: A49C11376727F7ADC7E206E4C89B24E1 PX5: A36EE43900E6E09B3694008A88863A00DD6FF528
C:\WINDOWS\system32\MSCTF.dll InMem: 1 Det [G] MD5: 5D2F1BEEA828B4951F550BADE794C1EF PX5: 64563C73008EB95E7EDD046B94EDCE00A3D588EB
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] MD5: 178D42BD8FC34A9837417A6CE1D6BB7B PX5: 808EA479005E1672CAB70FD05C1DC9002A5B0A82
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] MD5: AACD7AF37C47D6A8484C6CC91A2EBD11 PX5: 21DE0C1E00286C5086FC0F3BED777100FCA597FC
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InprocServer32 - {5E6AB780-7743-11CF-A12B-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\InprocServer32 - {22BF0C20-6DA7-11D0-B373-00A0C9034938} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\InprocServer32 - {91EA3F8B-C99B-11d0-9815-00C04FD91972} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6413BA2C-B461-11d1-A18A-080036B11A03}\InprocServer32 - {6413BA2C-B461-11d1-A18A-080036B11A03} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\InprocServer32 - {F61FFEC1-754F-11d0-80CA-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\InprocServer32 - {7BA4C742-9E81-11CF-99D3-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\InprocServer32 - {30D02401-6A81-11d0-8274-00C04FD5AE38} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\InprocServer32 - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{07798131-AF23-11d1-9111-00A0C98BA67D}\InprocServer32 - {07798131-AF23-11d1-9111-00A0C98BA67D} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\InprocServer32 - {AF4F6510-F982-11d0-8595-00AA004CD6D8} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11d0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A08C11D2-A228-11d0-825B-00AA005B4383}\InprocServer32 - {A08C11D2-A228-11d0-825B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2763-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7376D660-C583-11d0-A3A5-00C04FD706EC}\InprocServer32 - {7376D660-C583-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6756A641-DE71-11d0-831B-00AA005B4383}\InprocServer32 - {6756A641-DE71-11d0-831B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\InprocServer32 - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7e653215-fa25-46bd-a339-34a2790f3cb7}\InprocServer32 - {7e653215-fa25-46bd-a339-34a2790f3cb7} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{acf35015-526e-4230-9596-becbe19f0ac9}\InprocServer32 - {acf35015-526e-4230-9596-becbe19f0ac9} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2764-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 - {03C036F1-A186-11D0-824A-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2765-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\InprocServer32 - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\InprocServer32 - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\InprocServer32 - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 - {8C7461EF-2B13-11d2-BE35-3078302C2030} [%SystemRoot%\system32\browseui.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11D0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
C:\WINDOWS\system32\SHDOCVW.dll InMem: 1 Det [G] MD5: 4871EAA61BEF8C94826C73842795977A PX5: DE7BBE0100F3689BA480161FA5C20900FE795A42
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524152} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524153} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E61-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0A89A860-D7B1-11CE-8350-444553540000}\InprocServer32 - {0A89A860-D7B1-11CE-8350-444553540000} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocServer32 - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 - {FBF23B40-E3F0-101B-8488-00AA003E56F8} [shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 - {FF393560-C2A7-11CF-BFF4-444553540000} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}\InprocServer32 - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{67EA19A0-CCEF-11d0-8024-00C04FD75D13}\InprocServer32 - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{131A6951-7F78-11D0-A979-00C04FD705A2}\InprocServer32 - {131A6951-7F78-11D0-A979-00C04FD705A2} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}\InprocServer32 - {9461b922-3c5a-11d2-bf8b-00c04fb93661} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InprocServer32 - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 - {871C5380-42A0-1069-A2EA-08002B30309D} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}\InprocServer32 - BarSize [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\InprocServer32 - CLSID [%SystemRoot%\system32\shdocvw.dll]
C:\WINDOWS\system32\themeui.dll InMem: 1 Det [G] MD5: 0F7BFE3EF3FC33FD598427C015BB8B5D PX5: BAC50787005D6D22F49E05A57642CD002A91E075
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{41E300E0-78B6-11ce-849B-444553540000}\InprocServer32 - {41E300E0-78B6-11ce-849B-444553540000} [%SystemRoot%\system32\themeui.dll]
C:\WINDOWS\system32\MSIMG32.dll InMem: 1 Det [G] MD5: 51F309AA675B5B77D19C573B7E0BB253 PX5: CB413D4600B070AF127100D0C427CA00FD59EFF9
C:\WINDOWS\system32\actxprxy.dll InMem: 1 Det [G] MD5: CAC8CE72845461A8C6818071D923FC89 PX5: 007947C1003133828EF901D865E09C00F6A66BF3
C:\WINDOWS\system32\msutb.dll InMem: 1 Det [G] MD5: FC6C38A1249D86FC62F72C8A5E3379DB PX5: 7A3AA486004261ECFC5902E8FBAFDA00B6B25BB1
C:\WINDOWS\system32\ntshrui.dll InMem: 1 Det [G] MD5: 64E0C77FAF1A30547739580EB5F3AACF PX5: 5EB8DF8A0005A80F3870025CC8B2C100D6ECC82F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InprocServer32 - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [ntshrui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InprocServer32 - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [ntshrui.dll]
C:\WINDOWS\system32\LINKINFO.dll InMem: 1 Det [G] MD5: AED27A44228C3B2D24406A2755133922 PX5: 0F5B6BDF001D44C44A1600B3F3AA9500B78D17FC
C:\WINDOWS\system32\webcheck.dll InMem: 1 Det [G] MD5: 9ADAE07A13E295A98F5EE7726354C28F PX5: 7A671D1200F332C4486E04DF4339C300F2AAD0B7
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}\InprocServer32 - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F5175861-2688-11d0-9C5E-00AA00A45957}\InprocServer32 - {F5175861-2688-11d0-9C5E-00AA00A45957} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InprocServer32 - {08165EA0-E946-11CF-9C87-00AA005127ED} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}\InprocServer32 - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}\InprocServer32 - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7D559C10-9FE9-11d0-93F7-00AA0059CE02}\InprocServer32 - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}\InprocServer32 - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D8BD2030-6FC9-11D0-864F-00AA006809D9}\InprocServer32 - {D8BD2030-6FC9-11D0-864F-00AA006809D9} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}\InprocServer32 - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [%SystemRoot%\system32\webcheck.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 - WebCheck [%SystemRoot%\system32\webcheck.dll]
C:\WINDOWS\system32\stobject.dll InMem: 1 Det [G] MD5: 6474C3D1C136C60291B8A5EE9ED1735B PX5: 54D80CDC00F43E2DDE26016C15CB850052548DBB
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 - SysTray [C:\WINDOWS\system32\stobject.dll]
C:\WINDOWS\system32\BatMeter.dll InMem: 1 Det [G] MD5: 66DB9D9CA443D7C8C9222BFF72F61ACF PX5: 73074F1200F9F02570C400FC5F48D3002E4325D8
C:\WINDOWS\System32\drprov.dll InMem: 1 Det [G] MD5: 4F32C69E05AE35FC609218E94B0DF5D9 PX5: BB8EDCE2008403A638800074FD083400905C26EC
C:\WINDOWS\System32\ntlanman.dll InMem: 1 Det [G] MD5: D72C81E7F4986BEB202813FC743AF8D7 PX5: FCEBCD7A009905FEAA4200960455950080D2A1BD
C:\WINDOWS\System32\NETUI0.dll InMem: 1 Det [G] MD5: 9FE57C0551C88667B8FBDE49BD399144 PX5: 074187360063FEE5400A014D6C2C430053ABE349
C:\WINDOWS\System32\NETUI1.dll InMem: 1 Det [G] MD5: A5CA0066DF5A68D4A7403F2E32D620D8 PX5: A4DAD8A200850E09C097034C744E770099F86FBA
C:\WINDOWS\System32\davclnt.dll InMem: 1 Det [G] MD5: FA5791230A59DCC0F1BB0B0A193375A7 PX5: 5E0DDE0C0099E131624800B42D603500DF9BC5AA
C:\WINDOWS\system32\RUNDLL32.EXE InMem: 1 Det [G] MD5: F88CDB0CCC416B3778736BE74CDEBB94 PX5: 797CA9E8007174E38209003396ABA600D9E79205
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NvCplDaemon [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NvMediaCenter [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}\LocalServer32 - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_COMServ]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\system32\NvMcTray.dll InMem: 1 Det [G] MD5: B1528BAF7550303F6FD63C2C61BA6DA1 PX5: B8F271AD005E169C50F80128F8B7AD0032E67442
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NvMediaCenter [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit]
C:\WINDOWS\system32\NVRSIT.DLL InMem: 1 Det [G] MD5: 1FA835B035DF040C9E52864B4F391033 PX5: 866091CE00F691C940E90436A3D6D0005A21272E
C:\WINDOWS\SOUNDMAN.EXE InMem: 1 Det [G] MD5: FF86E640E4E0FD18CFB4696B38867222 PX5: 74AE809600E4CF0F3014015B9E71B600099F352F
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SoundMan [SOUNDMAN.EXE]
C:\Programmi\Alwil Software\Avast4\ashDisp.exe InMem: 1 Det [G] MD5: E1E4780C87DACC69BE77DA4A1B3EC692 PX5: AC45644478C2E6F8359201BFF46741007CFD3DD1
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - avast! [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]
C:\Programmi\Alwil Software\Avast4\Italian\Lang.dll InMem: 1 Det [G] MD5: D5A60099B89CC24F1666EEFB4127BB55 PX5: D7237C6D0044E629E0EB262DDDE82A0083B86B25
C:\WINDOWS\system32\MFC71.DLL InMem: 1 Det [G] MD5: F35A584E947A5B401FEB0FE01DB4A0D7 PX5: 6CC9C2640078308D309410C7EE8D9E0004FCAA75
C:\Programmi\Alwil Software\Avast4\AavmRpch.dll InMem: 1 Det [G] MD5: 48D8145FD48471F5007BC16AE335B8B7 PX5: 4938DACC00D6F0E650750018A780CD00A232FBFF
c:\programmi\alwil software\avast4\ahruimai.dll InMem: 1 Det [G] MD5: 18A94EF6221B9CC1B9EA275F4AF3774B PX5: B04F6EA90091FB0A0023011066EEF900AAD63786
C:\Programmi\Alwil Software\Avast4\ashUInt.dll InMem: 1 Det [G] MD5: 79D96D53F3258505515BB49CDCE33A7A PX5: 8B15D3DE00135D48D055048862198A00E42E0CF9
C:\Programmi\Alwil Software\Avast4\XT1922.dll InMem: 1 Det [G] MD5: 1B407E7D97D1F6C5F0EA81CDF9887D30 PX5: 7E05A91A00A5DC8800D90E5E047F5B00E40B261A
c:\programmi\alwil software\avast4\ahruimes.dll InMem: 1 Det [G] MD5: E87D46A761D30BF0194D5A856C2FC81C PX5: 147D3E81007F6F8790B300880DBA2000065DD353
c:\programmi\alwil software\avast4\ahruins.dll InMem: 1 Det [G] MD5: 120FF0CC0EC3079F80DF752DF86272A1 PX5: 9CDDF911002AA354908D00801A141B001248B90A
c:\programmi\alwil software\avast4\ahruiout.dll InMem: 1 Det [G] MD5: 9F3D7133C08BA4359D97EAC948A0178F PX5: D123B2400055A3EF603E0108D683C500A7BCA569
C:\WINDOWS\system32\MAPI32.dll InMem: 1 Det [G] MD5: 511CD6A6CF17BB6DB532A95162664D77 PX5: 77CE006E0094CBFAB6940177F1356D0035600D22
c:\programmi\alwil software\avast4\ahruip2p.dll InMem: 1 Det [G] MD5: 6C4B6BF2B6F3B589ACCF224FDE2CA335 PX5: C2D25CEB0080CA3B56DB00DEE25D1700BD566116
c:\programmi\alwil software\avast4\ahruistd.dll InMem: 1 Det [G] MD5: F9A39F156D3222BB73426EDB249C584D PX5: 81FA13F90079BF3CE0ED00840059E20085BFCF0B
c:\programmi\alwil software\avast4\ahruiws.dll InMem: 1 Det [G] MD5: 51A49FD7EEBAB2A3D65459525C7CBF86 PX5: C10E7ED700114FD4C0F6006C31E2A8003D61A97A
C:\WINDOWS\system32\RICHED20.DLL InMem: 1 Det [G] MD5: F52BD4C96501F8914264A181BEEC2BB0 PX5: 78A77A26004A717596B506399B8D75004DB2AFC4
C:\WINDOWS\system32\asycfilt.dll InMem: 1 Det [G] MD5: DB8718C2302EE4CA71D062357A47B154 PX5: 7A835B6A0004AA94FE1200A959A9C8007542FDC8
C:\WINDOWS\system32\ctfmon.exe InMem: 1 Det [G] MD5: 5B33B4265966EE063C7FBEA28958D9C2 PX5: 7BE460C100E5509F3C0D00F14B5A510097B91217
REGRUNKEY - \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-21-839522115-436374069-2147104195-1003\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\ctfmon.exe]
REGRUNKEY - \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
C:\Programmi\Mozilla Firefox\firefox.exe InMem: 1 Det [G] PX5: 755E4AFB70811269E41B74104D413500C0247854
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ftp\shell\open\command - [C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1]
C:\Programmi\Mozilla Firefox\js3250.dll InMem: 1 Det [G] MD5: 44739098D0BE4267CC104FB9EF0B1C37 PX5: AE799CBA68D8601500E4074713A86E009409BA70
C:\Programmi\Mozilla Firefox\nspr4.dll InMem: 1 Det [G] MD5: CA43ADC441757A5C3AF6C2189666B6D6 PX5: 5263A09E70E6B3FA76F402F4E50AA80063E8937F
C:\Programmi\Mozilla Firefox\xpcom_core.dll InMem: 1 Det [G] MD5: 43D99F03967D34C4D2E218AA76AF781F PX5: 2652BCFC706A6E5070900690BF6EAB006AEEC17C
C:\Programmi\Mozilla Firefox\plc4.dll InMem: 1 Det [G] MD5: 0667AAFAF251E5AC0895DDF5178B0E2D PX5: 805ED1397829B78F86F6002DDDE82A00C1CDAE2B
C:\Programmi\Mozilla Firefox\plds4.dll InMem: 1 Det [G] MD5: E5B6910FF9948343B3A4486081FF0A52 PX5: D89FD48170A74E7D768A00A323AA33007701EAF1
C:\Programmi\Mozilla Firefox\smime3.dll InMem: 1 Det [G] MD5: C10C6142FE162E07C34C00B089B81992 PX5: 89F2D56768AD0AA4B61B014C7B60990019C64182
C:\Programmi\Mozilla Firefox\nss3.dll InMem: 1 Det [G] MD5: D463A907671CFEF14F1A5C6972875457 PX5: AA1EDE4568A6A7CAC6F105427FB011003B2302D0
C:\Programmi\Mozilla Firefox\softokn3.dll InMem: 1 Det [G] MD5: 8E68ED00B78D466AF2C54CEF64E6A795 PX5: 8542B9B86C54271FE0A2030F4DD1D90063979D82
C:\Programmi\Mozilla Firefox\ssl3.dll InMem: 1 Det [G] MD5: EDF0767972B2C6C446DB599F62F477F2 PX5: CD745CC168357AF9062E021B815ED00000776E17
C:\Programmi\Mozilla Firefox\xpcom_compat.dll InMem: 1 Det [G] MD5: B66AA5A21A065CAD2F2617AE0CA9219D PX5: 5CA5D7C57880F7BB20DF01B3C46778006766C5DD
C:\Programmi\Mozilla Firefox\components\myspell.dll InMem: 1 Det [G] MD5: F05567C633A62E0131A39FB6E3F7B32C PX5: 17BCE6718838929888B7000AF9F43C0070147982
C:\Programmi\Mozilla Firefox\components\jar50.dll InMem: 1 Det [G] MD5: 60C196A1958C1B511342CD52A3FF900D PX5: DE12F24070F77D0B0878018368F55C008B09E338
C:\WINDOWS\system32\msimtf.dll InMem: 1 Det [G] MD5: E41D5BBED01EDD653DFBE699C8B77FBF PX5: 84310A0800BF02296E1202C6BE073C009D305F2B
C:\Programmi\Mozilla Firefox\freebl3.dll InMem: 1 Det [G] MD5: 65667BE18382BD389840F44ECAC44A93 PX5: 656849DF7D6F8DBF10880339B81361005C862A3D
C:\Programmi\Mozilla Firefox\nssckbi.dll InMem: 1 Det [G] MD5: D54B489A0C9E096EA58779B1A987AF0A PX5: 3FC8DF7B70B97A8536BB042D181D9F0054CC9D84
C:\Programmi\Mozilla Firefox\components\spellchk.dll InMem: 1 Det [G] MD5: 9A756BD6625EA08CED926C80B81C0939 PX5: E1CB440280C540A3B6F600BB5161FA00855A1613
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] MD5: CA38A6091ECAC2668EC99AFD4B6C0615 PX5: CDBF4DDD001A7574AE3A01510D252400AF18CE5E
C:\WINDOWS\system32\mlang.dll InMem: 1 Det [G] MD5: F036BC2525F8701628ABB0A550C1C692 PX5: A0FB8BA50045A9FEF20208062C04B3005F96B032
C:\Programmi\Mozilla Firefox\plugins\NPSWF32.dll InMem: 1 Det [G] MD5: 72B7F936C68B8B9A1944753702E1F1FF PX5: ED8953E08067574115CD2CDD4BEF1900B34931C4
C:\WINDOWS\system32\wbem\wmiprvse.exe InMem: 1 Det [G] MD5: C6A8E291E783ACBCDEF2742776E4FC39 PX5: E8727A81009B6F67547D03755F885300B29A27AB
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nmp.dll InMem: 1 Det [G] MD5: B632D602D23CBAF544A581A0D4C93975 PX5: 04714F88006DE8B1F090038990365200522FE03E
C:\Programmi\PrevxCSI\PrevxCSI.exe InMem: 1 Det [GP] MD5: 33A65F35AA5E21CEC68FB2B6D6579AE3 PX5: 44C33105006DEFE686B10169C4A2AC007A8A855B
C:\Programmi\PrevxCSI\CSICORE.DLL InMem: 1 Det [GP] MD5: 8D90B0AF375C6054ACC1A7EE701D32B3 PX5: 963D063600400F5F660204EB6671E700B9BE5AE6
C:\Programmi\PrevxCSI\csiLang.dll InMem: 1 Det [GP] MD5: 130AA8C74E86B5A18AE281D90FC8D42C PX5: 230CF462003A280D801D058AA1A93E0061AB3FB1
C:\Programmi\PrevxCSI\csiPart.dll InMem: 1 Det [GP] MD5: 6191D603FF1E618344BD437DC32D3D86 PX5: 2588513C00E59BA0ACA900D1D25BE100503FE3FF
C:\WINDOWS\system32\DRIVERS\ACPI.sys InMem: 0 Det [G] MD5: AD825CB3397C837D1FB91D566D78DE04 PX5: 6EB7D724001F4D96E0A8029EF0BB700070C5BA93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI - ImagePath [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
C:\WINDOWS\system32\drivers\aec.sys InMem: 0 Det [G] MD5: 841F385C6CFAF66B58FBD898722BB4F0 PX5: 0D5CE55C80399AC42C5E023AA9E661007F4C2597
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec - ImagePath [C:\WINDOWS\system32\drivers\aec.sys]
C:\WINDOWS\System32\drivers\afd.sys InMem: 0 Det [G] MD5: 5AC495F4CB807B2B98AD2AD591E6D92E PX5: EE224F5C0089E9241DEF0273688B740025971F4C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD - ImagePath [C:\WINDOWS\System32\drivers\afd.sys]
C:\WINDOWS\system32\drivers\ALCXWDM.SYS InMem: 0 Det [G] MD5: 933933288DF5ED26D1928215C97D05C7 PX5: 96CE996D4017673B0F2F2306CB2A3D00113F2087
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALCXWDM - ImagePath [C:\WINDOWS\system32\drivers\ALCXWDM.SYS]
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys InMem: 0 Det [G] MD5: 838255D6EF1CA0A4F6B076F6D3425850 PX5: D2B6436150FA3E9450B5006070CF03000672304E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aswFsBlk - ImagePath [C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys]
C:\WINDOWS\system32\DRIVERS\asyncmac.sys InMem: 0 Det [G] MD5: 02000ABF34AF4C218C35D257024807D6 PX5: 8BD45D2B002F3B40389D007E91CC59004B62F8E9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac - ImagePath [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
C:\WINDOWS\system32\DRIVERS\atapi.sys InMem: 0 Det [G] MD5: CDFE4411A69C224BD1D11B2DA92DAC51 PX5: 9D6081B280209DE174C2011395153C00E47C5A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi - ImagePath [C:\WINDOWS\system32\DRIVERS\atapi.sys]
C:\WINDOWS\system32\DRIVERS\atmarpc.sys InMem: 0 Det [G] MD5: EC88DA854AB7D7752EC8BE11A741BB7F PX5: C41A09F600246E0AEA81009B2DE4BF0073057136
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc - ImagePath [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
C:\WINDOWS\system32\DRIVERS\audstub.sys InMem: 0 Det [G] MD5: D9F724AA26C010A217C97606B160ED68 PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub - ImagePath [C:\WINDOWS\system32\DRIVERS\audstub.sys]
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe InMem: 0 Det [G] MD5: 7FBDDB77353D3EB6ABF70F8122292CEC PX5: B9899FBF78D2F04EC54E03AA58EE0000805442F8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avast! Mail Scanner - ImagePath [C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe]
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe InMem: 0 Det [G] MD5: A697E8A40037783358CD5A2CB5F532E0 PX5: F9276E9A7834AD0645C3053D3D927D00E96B2D20
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\avast! Web Scanner - ImagePath [C:\Programmi\Alwil Software\Avast4\ashWebSv.exe]
C:\WINDOWS\system32\DRIVERS\cdrom.sys InMem: 0 Det [G] MD5: AF9C19B3100FE010496B1A27181FBF72 PX5: B3CE44DD80DABE80C1400031E25C450069663A5F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom - ImagePath [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
C:\WINDOWS\system32\cisvc.exe InMem: 0 Det [G] MD5: C4E84243292E37CA3B6FAF4A1855B8A7 PX5: B03833B20005A59D1629005665669D00201F0525
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CiSvc - ImagePath [C:\WINDOWS\system32\cisvc.exe]
C:\WINDOWS\system32\clipsrv.exe InMem: 0 Det [G] MD5: 0A215E4BAC9A1A9381D88C67517C850B PX5: 50E35C41004F616D823700EBB15ECF008A4FA87F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv - ImagePath [C:\WINDOWS\system32\clipsrv.exe]
C:\WINDOWS\system32\dllhost.exe InMem: 0 Det [G] MD5: F4B3C65E2A3406F32D220019DEB522F8 PX5: 6EA1D06F0041EB21141900B4A32FF2002F6B8881
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp - ImagePath [C:\WINDOWS\system32\dllhost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv - ImagePath [C:\WINDOWS\system32\dllhost.exe]
C:\WINDOWS\system32\DRIVERS\disk.sys InMem: 0 Det [G] MD5: 00CA44E4534865F8A3B64F7C0984BFF0 PX5: 61E4E34300C80A908E6D00C10934AF006F571071
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk - ImagePath [C:\WINDOWS\system32\DRIVERS\disk.sys]
C:\WINDOWS\System32\dmadmin.exe InMem: 0 Det [G] MD5: 6C9AAA1AA9BF1699D23DEC4D4113226F PX5: CB8A3D6900018319702703238C5916001DF268F6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin - ImagePath [C:\WINDOWS\System32\dmadmin.exe]
C:\WINDOWS\System32\drivers\dmboot.sys InMem: 0 Det [G] MD5: 6570B4C952F0D8FEE4C6EF2FF5E10C08 PX5: 917F152000320DE9366A0C362239380089D45879
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmboot - ImagePath [C:\WINDOWS\System32\drivers\dmboot.sys]
C:\WINDOWS\System32\drivers\dmio.sys InMem: 0 Det [G] MD5: C57D35621782C7F40770F3E5CA20A182 PX5: 33A7916180B2EE7E5AC702A49AA6DC00E6795F14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmio - ImagePath [C:\WINDOWS\System32\drivers\dmio.sys]
C:\WINDOWS\System32\drivers\dmload.sys InMem: 0 Det [G] MD5: E9317282A63CA4D188C0DF5E09C6AC5F PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmload - ImagePath [C:\WINDOWS\System32\drivers\dmload.sys]
C:\WINDOWS\system32\drivers\DMusic.sys InMem: 0 Det [G] MD5: A6F881284AC1150E37D9AE47FF601267 PX5: 64B493018066E6FACEE6008D21636D008F236B03
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DMusic - ImagePath [C:\WINDOWS\system32\drivers\DMusic.sys]
C:\WINDOWS\system32\drivers\drmkaud.sys InMem: 0 Det [G] MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E PX5: FA93CCC9802BA0DD0B8800D3A4C66500B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\drmkaud - ImagePath [C:\WINDOWS\system32\drivers\drmkaud.sys]
C:\WINDOWS\system32\DRIVERS\fdc.sys InMem: 0 Det [G] MD5: CED2E8396A8838E59D8FD529C680E02C PX5: 030113CC009ED3836B77000B64308F0030511E66
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Fdc - ImagePath [C:\WINDOWS\system32\DRIVERS\fdc.sys]
C:\WINDOWS\system32\DRIVERS\flpydisk.sys InMem: 0 Det [G] MD5: 0DD1DE43115B93F4D85E889D7A86F548 PX5: 60E1171000EEA79E50BF00391F7EE000F2860CEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Flpydisk - ImagePath [C:\WINDOWS\system32\DRIVERS\flpydisk.sys]
C:\WINDOWS\system32\DRIVERS\fltMgr.sys InMem: 0 Det [G] MD5: 157754F0DF355A9E0A6F54721914F9C6 PX5: C07EAE2780FF0E5FE76C019FEA2ECE0003150577
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FltMgr - ImagePath [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
C:\WINDOWS\system32\DRIVERS\ftdisk.sys InMem: 0 Det [G] MD5: F3269A6EE547EA87B949A1CEA4816B38 PX5: D543638280F1FAF5EBA30154BD3E7700D3ED2EEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ftdisk - ImagePath [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
C:\WINDOWS\system32\DRIVERS\gameenum.sys InMem: 0 Det [G] MD5: 5F92FD09E5610A5995DA7D775EADCD12 PX5: 8FEAEAED8011757229C5009524482300FB74C9AC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gameenum - ImagePath [C:\WINDOWS\system32\DRIVERS\gameenum.sys]
C:\WINDOWS\System32\DRIVERS\gmer.sys InMem: 0 Det [G] MD5: 1FF18CE154FA131113FF68791B55B469 PX5: 94B3F8DE51E74E7550B801DEC45D710050F83C6D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gmer - ImagePath [C:\WINDOWS\System32\DRIVERS\gmer.sys]
C:\WINDOWS\system32\DRIVERS\msgpc.sys InMem: 0 Det [G] MD5: C0F1D4A21DE5A415DF8170616703DEBF PX5: A6DC8C520088C979894600B57B2B1A00363C4157
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Gpc - ImagePath [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
C:\WINDOWS\system32\DRIVERS\hidusb.sys InMem: 0 Det [G] MD5: 1DE6783B918F540149AA69943BDFEBA8 PX5: 1484F98A807906C3258400E49D6D650019C14BBC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\hidusb - ImagePath [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
C:\WINDOWS\System32\Drivers\HTTP.sys InMem: 0 Det [G] MD5: C19B522A9AE0BBC3293397F3055E80A1 PX5: 7D54A2AA80AC9B3F039704DAED61AB008C70BD34
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTP - ImagePath [C:\WINDOWS\System32\Drivers\HTTP.sys]
C:\WINDOWS\system32\DRIVERS\i8042prt.sys InMem: 0 Det [G] MD5: 30E64DFA4EFAACC8142EA07766181FB4 PX5: 5176B379805D75ECD1900002BF9BC2003FF0C0D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\i8042prt - ImagePath [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
C:\WINDOWS\system32\DRIVERS\imapi.sys InMem: 0 Det [G] MD5: F8AA320C6A0409C0380E5D8A99D76EC6 PX5: A6DE19768012C7FDA37F00B5535D7900050612BF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Imapi - ImagePath [C:\WINDOWS\system32\DRIVERS\imapi.sys]
C:\WINDOWS\system32\imapi.exe InMem: 0 Det [G] MD5: ED7ABB35C81709FB41972D30FE15311E PX5: 74CFCD09009BDDD14A8402202B1E530034B0D214
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ImapiService - ImagePath [C:\WINDOWS\system32\imapi.exe]
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys InMem: 0 Det [G] MD5: 4448006B6BC60E6C027932CFC38D6855 PX5: 554B18088049820E711F003BBA86E4005B660DCC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ip6Fw - ImagePath [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys InMem: 0 Det [G] MD5: 731F22BA402EE4B62748ADAF6363C182 PX5: E130718C809C039180F700DA0AC8EE00F2B31814
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpFilterDriver - ImagePath [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
C:\WINDOWS\system32\DRIVERS\ipinip.sys InMem: 0 Det [G] MD5: E1EC7F5DA720B640CD8FB8424F1B14BB PX5: 9655BFAF0030F62E523A00C352D248003081C413
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpInIp - ImagePath [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
C:\WINDOWS\system32\DRIVERS\ipnat.sys InMem: 0 Det [G] MD5: B5A8E215AC29D24D60B4D1250EF05ACE PX5: 16BC903800541BF40F8E022F0693810084706928
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpNat - ImagePath [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
C:\WINDOWS\system32\DRIVERS\ipsec.sys InMem: 0 Det [G] MD5: 64537AA5C003A6AFEEE1DF819062D0D1 PX5: 84ED89D600412A2C245201A3F8A740006B772EC6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IPSec - ImagePath [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
C:\WINDOWS\system32\DRIVERS\irenum.sys InMem: 0 Det [G] MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 PX5: 42D7DCAC001BE9A12C7B00EF915041002AED16BC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IRENUM - ImagePath [C:\WINDOWS\system32\DRIVERS\irenum.sys]
C:\WINDOWS\system32\DRIVERS\isapnp.sys InMem: 0 Det [G] MD5: EA3245A8E8758D6B84DE189A5CAAA75E PX5: 8A87001A0002BFB48D1F0066402D8A00BD468997
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\isapnp - ImagePath [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
C:\WINDOWS\system32\DRIVERS\kbdclass.sys InMem: 0 Det [G] MD5: E883AE6EA0B313E659225AA32E449CE9 PX5: 11013D51001BA498620F00A282D06D00135D5A16
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Kbdclass - ImagePath [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
C:\WINDOWS\system32\drivers\kmixer.sys InMem: 0 Det [G] MD5: D93CAD07C5683DB066B0B2D2D3790EAD PX5: 13330EA9009A68969FC70268A04877008F11DB17
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kmixer - ImagePath [C:\WINDOWS\system32\drivers\kmixer.sys]
C:\WINDOWS\system32\mnmsrvc.exe InMem: 0 Det [G] MD5: 940A4E02B7F03C2592A52E16DDDB3E46 PX5: F2F6E69800D71BFC80AE00AF40E07800F93A911A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mnmsrvc - ImagePath [C:\WINDOWS\system32\mnmsrvc.exe]
C:\WINDOWS\system32\DRIVERS\mouclass.sys InMem: 0 Det [G] MD5: C458E314B8722253897C94A714C2E0C0 PX5: 7E80CA6A0038C59C5C6F0047F0E35500920EB276
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mouclass - ImagePath [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
C:\WINDOWS\system32\DRIVERS\mouhid.sys InMem: 0 Det [G] MD5: D7662F0CF5B77BBBE3202716F5BD5318 PX5: 2301F35080287EAB2F80000FDBBFFD00349EAF96
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mouhid - ImagePath [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
C:\WINDOWS\system32\DRIVERS\mrxdav.sys InMem: 0 Det [G] MD5: 46EDCC8F2DB2F322C24F48785CB46366 PX5: 2A28D206005617C9C4F8026FCC47BD006A62BA75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxDAV - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys InMem: 0 Det [G] MD5: 1FD607FC67F7F7C633C3DA65BFC53D18 PX5: 65A2AA0080B21F17E300065044F4DC004CE9A2A9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxSmb - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
C:\WINDOWS\system32\msdtc.exe InMem: 0 Det [G] MD5: 3124662B40761A3EF8F4254D2F32E3F4 PX5: 3A5257C800292C38184B000639E3D800639539E0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSDTC - ImagePath [C:\WINDOWS\system32\msdtc.exe]
C:\WINDOWS\system32\msiexec.exe InMem: 0 Det [G] MD5: EB9501CCA74954E1FE293C65F60BB521 PX5: 573383010027B17A2EFF0168B9CAEC00AB4BDE09
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSIServer - ImagePath [C:\WINDOWS\system32\msiexec.exe]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Package\shell\open\command - ["%SystemRoot%\System32\msiexec.exe" /i "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Patch\shell\open\command - ["%SystemRoot%\System32\msiexec.exe" /p "%1" %*]
C:\WINDOWS\system32\drivers\MSKSSRV.sys InMem: 0 Det [G] MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 PX5: 441E162B80A429811D1500CB9CEDF700CED69BEA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSKSSRV - ImagePath [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
C:\WINDOWS\system32\drivers\MSPCLOCK.sys InMem: 0 Det [G] MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 PX5: 3656535900693AA115D1001337247B009D5BCE4B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPCLOCK - ImagePath [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
C:\WINDOWS\system32\drivers\MSPQM.sys InMem: 0 Det [G] MD5: 1988A33FF19242576C3D0EF9CE785DA7 PX5: 5D7EA63E804A637C13CA0078C414AC000E912E93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPQM - ImagePath [C:\WINDOWS\system32\drivers\MSPQM.sys]
C:\WINDOWS\system32\DRIVERS\mssmbios.sys InMem: 0 Det [G] MD5: 469541F8BFD2B32659D5D463A6714BCE PX5: 5C75220680F731D03C3D001BD399CC00D7DBED29
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mssmbios - ImagePath [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
C:\WINDOWS\system32\drivers\msmpu401.sys InMem: 0 Det [G] MD5: CA3E22598F411199ADC2DFEE76CD0AE0 PX5: A3CEE000801BDB690B4A0070D0883A00B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ms_mpu401 - ImagePath [C:\WINDOWS\system32\drivers\msmpu401.sys]
C:\WINDOWS\system32\DRIVERS\ASACPI.sys InMem: 0 Det [G] MD5: D48659BB24C48345D926ECB45C1EBDF5 PX5: 7309133CB20421B216270097B9A4E300CE1E41B9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MTsensor - ImagePath [C:\WINDOWS\system32\DRIVERS\ASACPI.sys]
C:\WINDOWS\system32\DRIVERS\ndistapi.sys InMem: 0 Det [G] MD5: 08D43BBDACDF23F34D79E44ED35C1B4C PX5: 25AEC9EA809D4D4825A500A2A9E22F00CCB1FFC8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisTapi - ImagePath [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
C:\WINDOWS\system32\DRIVERS\ndisuio.sys InMem: 0 Det [G] MD5: 34D6CD56409DA9A7ED573E1C90A308BF PX5: 0BF3AB388038D73732EB00A9A855ED006D3C0384
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ndisuio - ImagePath [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
C:\WINDOWS\system32\DRIVERS\ndiswan.sys InMem: 0 Det [G] MD5: 0B90E255A9490166AB368CD55A529893 PX5: 304E26E9803B344266FF0104DAA0B500E6B358BD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisWan - ImagePath [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
C:\WINDOWS\system32\DRIVERS\netbios.sys InMem: 0 Det [G] MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 PX5: 6F5EDA40008AE18787EB007972CAB100F174D35C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBIOS - ImagePath [C:\WINDOWS\system32\DRIVERS\netbios.sys]
C:\WINDOWS\system32\DRIVERS\netbt.sys InMem: 0 Det [G] MD5: 0C80E410CD2F47134407EE7DD19CC86B PX5: 7D3B6A2A0069D5737CDE020A47DE6F00F472D659
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBT - ImagePath [C:\WINDOWS\system32\DRIVERS\netbt.sys]
C:\WINDOWS\system32\netdde.exe InMem: 0 Det [G] MD5: DE62EE316FAB09DE3D7A5180F0775ABF PX5: AAA3C89900BB76ABBADC01BFB3AC1B00E2E8A55F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDE - ImagePath [C:\WINDOWS\system32\netdde.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDEdsdm - ImagePath [C:\WINDOWS\system32\netdde.exe]
C:\WINDOWS\system32\DRIVERS\nv4_mini.sys InMem: 0 Det [G] PX5: D6B94961A0604E3395573763EE76120058CF963C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nv - ImagePath [C:\WINDOWS\system32\DRIVERS\nv4_mini.sys]
C:\WINDOWS\system32\DRIVERS\nvata.sys InMem: 0 Det [G] MD5: DCE353985C988BFB7E84FD942068151F PX5: 4F316B9280AF79486AC301003C3D390003EE5AEB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nvata - ImagePath [C:\WINDOWS\system32\DRIVERS\nvata.sys]
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys InMem: 0 Det [G] MD5: 720CC533EECB65553BD86B139CA04433 PX5: 32B8F3940049E124839F0038B5398E00E47E7919
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NVENETFD - ImagePath [C:\WINDOWS\system32\DRIVERS\NVENETFD.sys]
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys InMem: 0 Det [G] MD5: 5F9F545CC5904DD8765F84EE1D056406 PX5: 5E14735C80C7C84C325C00BDB5FEB10070925914
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nvnetbus - ImagePath [C:\WINDOWS\system32\DRIVERS\nvnetbus.sys]
C:\WINDOWS\System32\DRIVERS\NVTcp.sys InMem: 0 Det [G] MD5: 525799E14AD20365E61B2D93933B08C6 PX5: 1070EA49001FFBEA87F70110701264006CD22927
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NVTCP - ImagePath [C:\WINDOWS\System32\DRIVERS\NVTcp.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys InMem: 0 Det [G] MD5: B305F3FAD35083837EF46A0BBCE2FC57 PX5: A826BA3A803B83AE30C000488911C200DC3CA878
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFlt - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys InMem: 0 Det [G] MD5: C99B3415198D1AAB7227F2C88FD664B9 PX5: B9B73139006979BB7FBC0031EA7E320032D237D0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFwd - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
C:\WINDOWS\system32\DRIVERS\parport.sys InMem: 0 Det [G] MD5: 3490EAD0612BFD0E7C1B864EE24E6A4A PX5: 4A82394D8019443A393C017F618C1500973C174B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Parport - ImagePath [C:\WINDOWS\system32\DRIVERS\parport.sys]
C:\WINDOWS\system32\DRIVERS\pci.sys InMem: 0 Det [G] MD5: 91FC1D483D900B1C0600A08B871C39D5 PX5: 9DA3602E807459480C5D01595A918400CA482387
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCI - ImagePath [C:\WINDOWS\system32\DRIVERS\pci.sys]
C:\WINDOWS\system32\DRIVERS\pciide.sys InMem: 0 Det [G] MD5: B2DF00D650FD6C4EE781740ED3C8E67F PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCIIde - ImagePath [C:\WINDOWS\system32\DRIVERS\pciide.sys]
C:\WINDOWS\system32\DRIVERS\raspptp.sys InMem: 0 Det [G] MD5: 1C5CC65AAC0783C344F16353E60B72AC PX5: F406FA260016D348BD2800EFDBDF52003203F53C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PptpMiniport - ImagePath [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
C:\WINDOWS\system32\DRIVERS\processr.sys InMem: 0 Det [G] MD5: 2BE7F01E46970E946AA18CBA3DE019EB PX5: AF0FBDFA005416189A000040A9FF7600B2B78287
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Processor - ImagePath [C:\WINDOWS\system32\DRIVERS\processr.sys]
C:\WINDOWS\system32\DRIVERS\psched.sys InMem: 0 Det [G] MD5: 48671F327553DCF1D27F6197F622A668 PX5: C7C1320E008655110E77011715C66E0009C5AE75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PSched - ImagePath [C:\WINDOWS\system32\DRIVERS\psched.sys]
C:\WINDOWS\system32\DRIVERS\ptilink.sys InMem: 0 Det [G] MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD PX5: F96F182D805891FA452B007EBD870E004C25BA07
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ptilink - ImagePath [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
C:\WINDOWS\System32\drivers\pxark.sys InMem: 0 Det [G] MD5: 84E9A3CFAA5813AC173679AE51374D7C PX5: C1D2D54E00AE19C02A6D0076900F0E000B02FDEE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pxark - ImagePath [C:\WINDOWS\System32\drivers\pxark.sys]
C:\WINDOWS\system32\DRIVERS\rasacd.sys InMem: 0 Det [G] MD5: FE0D99D6F31E4FAD8159F690D68DED9C PX5: EF519CA180B540A42200002C4F06E3005372DD33
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAcd - ImagePath [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys InMem: 0 Det [G] MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C PX5: C15C1546804EC8E6C8410037F34FAD00B1FBF6DF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasl2tp - ImagePath [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
C:\WINDOWS\system32\DRIVERS\raspppoe.sys InMem: 0 Det [G] MD5: 7306EEED8895454CBED4669BE9F79FAA PX5: A8F2C94800B2E031A21A00F0EC682E009B5794D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasPppoe - ImagePath [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
C:\WINDOWS\system32\DRIVERS\raspti.sys InMem: 0 Det [G] MD5: FDBB1D60066FCFBB7452FD8F9829B242 PX5: 506F10F380FEE57C406900BE351741009F00F0DE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Raspti - ImagePath [C:\WINDOWS\system32\DRIVERS\raspti.sys]
C:\WINDOWS\system32\DRIVERS\rdbss.sys InMem: 0 Det [G] MD5: 29D66245ADBA878FFF574CD66ABD2884 PX5: 5F844D0780EA8079B1FB02785D7F63004D612A18
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rdbss - ImagePath [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys InMem: 0 Det [G] MD5: 4912D5B403614CE99C28420F75353332 PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDPCDD - ImagePath [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
C:\WINDOWS\system32\DRIVERS\rdpdr.sys InMem: 0 Det [G] MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD PX5: 02477783007980B5019E03607F7E03003B692115
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rdpdr - ImagePath [C:\WINDOWS\system32\DRIVERS\rdpdr.sys]
C:\WINDOWS\system32\sessmgr.exe InMem: 0 Det [G] MD5: CC0693C481502844A24EF71B90A7195E PX5: 2C67C68B0020C05D2C3E02893D0F09005D1CF7F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDSessMgr - ImagePath [C:\WINDOWS\system32\sessmgr.exe]
C:\WINDOWS\system32\DRIVERS\redbook.sys InMem: 0 Det [G] MD5: A8EEE004A16AF1D583D9DE9F6DE250E0 PX5: AEF2FC7D804F986FE3C7004FF2D91D0029FD0FC2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\redbook - ImagePath [C:\WINDOWS\system32\DRIVERS\redbook.sys]
C:\WINDOWS\system32\locator.exe InMem: 0 Det [G] MD5: 33A8F0FE0005B2D79DF53441679F5149 PX5: C3C0A8550045DDC726E601EBB10B83000E4A4556
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcLocator - ImagePath [C:\WINDOWS\system32\locator.exe]
C:\WINDOWS\system32\rsvp.exe InMem: 0 Det [G] MD5: DCE0D20F8FB66DF41D53734BFF9D66F0 PX5: 2057508700E163D906880231F30F2D00E5519440
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RSVP - ImagePath [C:\WINDOWS\system32\rsvp.exe]
C:\WINDOWS\System32\SCardSvr.exe InMem: 0 Det [G] MD5: 74B1E7FCFCA9A3A23871AA014144013E PX5: FFC6D19800BAA7847E46014ECC3CD200949D4E12
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SCardSvr - ImagePath [C:\WINDOWS\System32\SCardSvr.exe]
C:\WINDOWS\system32\DRIVERS\secdrv.sys InMem: 0 Det [G] MD5: D26E26EA516450AF9D072635C60387F4 PX5: 6C1F33AD30B48B8F6BBC0037A0F8A400F11BD786
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Secdrv - ImagePath [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
C:\WINDOWS\system32\DRIVERS\serenum.sys InMem: 0 Det [G] MD5: A2D868AEEFF612E70E213C451A70CAFB PX5: 4F3C7EAD801665B83CEF00E324D68C009966C2DD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\serenum - ImagePath [C:\WINDOWS\system32\DRIVERS\serenum.sys]
C:\WINDOWS\system32\DRIVERS\serial.sys InMem: 0 Det [G] MD5: DBAB3260E7EB3398CB87267D1410FAD4 PX5: 84269A0C80DA4AE9020E01315B99420097A96A32
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Serial - ImagePath [C:\WINDOWS\system32\DRIVERS\serial.sys]
C:\WINDOWS\system32\drivers\splitter.sys InMem: 0 Det [G] MD5: 8E186B8F23295D1E42C573B82B80D548 PX5: 7680ED1C00E4BEB7199C001CC7BB00005C1626B5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\splitter - ImagePath [C:\WINDOWS\system32\drivers\splitter.sys]
C:\WINDOWS\system32\DRIVERS\sr.sys InMem: 0 Det [G] MD5: 896F566AFC498077172EAE8A50E8BAF8 PX5: 4D90659E00D8A4771F1A013E6E421F00F36027A5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sr - ImagePath [C:\WINDOWS\system32\DRIVERS\sr.sys]
C:\WINDOWS\system32\DRIVERS\srv.sys InMem: 0 Det [G] MD5: 20B7E396720353E4117D64D9DCB926CA PX5: 78EFCD908068AB1521EF0590A8538B00DBC84A4F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Srv - ImagePath [C:\WINDOWS\system32\DRIVERS\srv.sys]
C:\WINDOWS\system32\DRIVERS\swenum.sys InMem: 0 Det [G] MD5: 03C1BAE4766E2450219D20B993D6E046 PX5: FDB253C8004ADC8E110200CB82EF3C003BACCEF1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swenum - ImagePath [C:\WINDOWS\system32\DRIVERS\swenum.sys]
C:\WINDOWS\system32\drivers\swmidi.sys InMem: 0 Det [G] MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D PX5: D73823E800EBA9D4D48400057CBBEE004EA1E5C8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swmidi - ImagePath [C:\WINDOWS\system32\drivers\swmidi.sys]
C:\WINDOWS\system32\drivers\sysaudio.sys InMem: 0 Det [G] MD5: 650AD082D46BAC0E64C9C0E0928492FD PX5: 23CF2276806778A5EDCF00D9512FDE00BB195FEF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sysaudio - ImagePath [C:\WINDOWS\system32\drivers\sysaudio.sys]
C:\WINDOWS\system32\smlogsvc.exe InMem: 0 Det [G] MD5: BC8B8694DEF74B4E6C626322D4321A54 PX5: C0E6801A0095AB606A660128541E440050C06325
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SysmonLog - ImagePath [C:\WINDOWS\system32\smlogsvc.exe]
C:\WINDOWS\system32\DRIVERS\tcpip.sys InMem: 0 Det [G] MD5: 9F4B36614A0FC234525BA224957DE55C PX5: 9B98417C80D576637AFA05B3DB10C5007C1B8E5D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Tcpip - ImagePath [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
C:\WINDOWS\system32\DRIVERS\termdd.sys InMem: 0 Det [G] MD5: A540A99C281D933F3D69D55E48727F47 PX5: 3111E3EA882052CE9F39002D38F46900A7415306
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermDD - ImagePath [C:\WINDOWS\system32\DRIVERS\termdd.sys]
C:\WINDOWS\system32\tlntsvr.exe InMem: 0 Det [G] MD5: 2A9DAAEF2CC0333DB6F129F2F8B3D3FD PX5: F869AF89008EB51B24EC0113A0DCBB001FBDD7D2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TlntSvr - ImagePath [C:\WINDOWS\system32\tlntsvr.exe]
C:\WINDOWS\system32\DRIVERS\update.sys InMem: 0 Det [s] MD5: AFF2E5045961BBC0A602BB6F95EB1345 PX5: B35240AB00E3291D321603412D8E98007B007A17
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Update - ImagePath [C:\WINDOWS\system32\DRIVERS\update.sys]
C:\WINDOWS\System32\ups.exe InMem: 0 Det [G] MD5: E4896F38A3F8DACEA6EA8D7EC9889D91 PX5: B1B748F7000750CB484000B4D1F04D00484BD2C2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UPS - ImagePath [C:\WINDOWS\System32\ups.exe]
C:\WINDOWS\system32\DRIVERS\usbehci.sys InMem: 0 Det [G] MD5: 15E993BA2F6946B2BFBBFCD30398621E PX5: 42E57CAC00DC4FAF684000867EE93C003087E4F7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbehci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
C:\WINDOWS\system32\DRIVERS\usbhub.sys InMem: 0 Det [G] MD5: C72F40947F92CEA56A8FB532EDF025F1 PX5: 1972CD35009EF197E1E10053A918EE0090181966
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbhub - ImagePath [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
C:\WINDOWS\system32\DRIVERS\usbohci.sys InMem: 0 Det [G] MD5: BDFE799A8531BAD8A5A985821FE78760 PX5: 97A6F69780D7B5F44212000A79EBE000E5CEE5D9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbohci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbohci.sys]
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS InMem: 0 Det [G] MD5: 6CD7B22193718F1D17A47A1CD6D37E75 PX5: 6135CAAA80509344675C002A218295006093CEAA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\USBSTOR - ImagePath [C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS]
C:\WINDOWS\System32\drivers\vga.sys InMem: 0 Det [G] MD5: 8A60EDD72B4EA5AEA8202DAF0E427925 PX5: 14B18202007EA0B752C8003693833D00BCED634F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VgaSave - ImagePath [C:\WINDOWS\System32\drivers\vga.sys]
C:\WINDOWS\System32\vssvc.exe InMem: 0 Det [G] MD5: 147C653AD61BD01556723B3C8C4FAFC8 PX5: F8FD01E1006746AE7C9C04ADE2180F00B254A617
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VSS - ImagePath [C:\WINDOWS\System32\vssvc.exe]
C:\WINDOWS\system32\DRIVERS\wanarp.sys InMem: 0 Det [G] MD5: 984EF0B9788ABF89974CFED4BFBAACBC PX5: D61BDDFF00BF41D487E5002B87E94900EE92AF43
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wanarp - ImagePath [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
C:\WINDOWS\system32\drivers\wdmaud.sys InMem: 0 Det [G] MD5: 2797F33EBF50466020C430EE4F037933 PX5: D07DA58400362D6244D2017E5C98E200FC9762AC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wdmaud - ImagePath [C:\WINDOWS\system32\drivers\wdmaud.sys]
C:\WINDOWS\system32\wbem\wmiapsrv.exe InMem: 0 Det [G] MD5: 0EE2A2754039B13A632489726689DAD0 PX5: A8EB9B0C007C19C1EE9501FD1D31580061EB57F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiApSrv - ImagePath [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
C:\WINDOWS\System32\drivers\ws2ifsl.sys InMem: 0 Det [G] MD5: 6ABE6E225ADB5A751622A9CC3BC19CE8 PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WS2IFSL - ImagePath [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
C:\WINDOWS\system32\NvCpl.dll InMem: 0 Det [G] PX5: C5C77304007CFE5A508D732F1F1D2D00A833634C
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NvCplDaemon [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A70C977A-BF00-412C-90B7-034C51DA2439}\InprocServer32 - {A70C977A-BF00-412C-90B7-034C51DA2439} [C:\WINDOWS\system32\nvcpl.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InprocServer32 - {FFB699E0-306A-11d3-8BD1-00104B6F7516} [C:\WINDOWS\system32\nvcpl.dll]
C:\WINDOWS\system32\nwiz.exe InMem: 0 Det [G] MD5: 251AE2EFDE39F8A1440F43276A5DAC8D PX5: D9A18941009AD2BE304517589B501800F80E8D88
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - nwiz [nwiz.exe /install]
C:\WINDOWS\system32\dosxi.exe InMem: 0 Det [BP] MD5: A89BCC79E2039E6D2FB6273E2640FC41 PX5: 4D473E20001701E82ED6001F34962A00273EFED3 Malware Group: Cloaked Malware
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - advap32 ["C:\WINDOWS\system32\\dosxi.exe"/r]
C:\WINDOWS\system32\userinit.exe InMem: 0 Det [G] MD5: C1E7FE19F98A877BF8F941BF48148695 PX5: 33A4BB2F001DA1EB620B00510674AE00F15A5361
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UserInit [C:\WINDOWS\system32\userinit.exe]
C:\WINDOWS\system32\logonui.exe InMem: 0 Det [G] MD5: 43BDF167CE792A5639D99AD7F1EABC1C PX5: 6B3184960083D65DDE0B0761A134100078FE806C
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UIHost [logonui.exe]
C:\WINDOWS\system32\autochk.exe InMem: 0 Det [G] MD5: 779768A0A8091EDB749DCB8FE60213E1 PX5: 38890F3300760B775A86096430A56A00DB68AE82
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - BootExecute [autocheck]
C:\Programmi\Messenger\msmsgs.exe InMem: 0 Det [G] MD5: 53054740672E37BCCC01B8FD8750D05C PX5: 554BA09D003029747233190011D8C200C1DE9FBB
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - KeyFileName [C:\Programmi\Messenger\msmsgs.exe]
REGEXPSHELL - \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} - Exec [C:\Programmi\Messenger\msmsgs.exe]
C:\WINDOWS\system32\msieftp.dll InMem: 0 Det [G] MD5: 9BA0424BF46A751E9F68829A9AFBE680 PX5: 44133DFB00C5C1B9D64903B9EB9B6E00A95E5477
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9} - KeyFileName [C:\WINDOWS\system32\msieftp.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{63da6ec0-2e98-11cf-8d82-444553540000}\InprocServer32 - {63da6ec0-2e98-11cf-8d82-444553540000} [C:\WINDOWS\system32\msieftp.dll]
C:\WINDOWS\inf\unregmp2.exe InMem: 0 Det [G] MD5: 0CEE66443CA52A5FFEC6B9FB1F8C9DD0 PX5: 25973B5F006F9C673084034E2CE1C90027DD3117
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Stubpath [C:\WINDOWS\inf\unregmp2.exe /ShowWMP]
C:\WINDOWS\system32\shmgrate.exe InMem: 0 Det [G] MD5: F8CBCDAA8C509F6A424834FE51956E21 PX5: 20602ECB00AD0F89A6D6007CC62E8E00FE74C13B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - StubPath [%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - StubPath [%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE]
C:\WINDOWS\system32\IEDKCS32.DLL InMem: 0 Det [G] MD5: D99DF44836FD20FAA6B608A9CEE60F5F PX5: FE6CE44B003461A1F06E045F06C65A008605BA00
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} - DllName [iedkcs32.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} - DllName [iedkcs32.dll]
C:\WINDOWS\system32\regsvr32.exe InMem: 0 Det [G] MD5: DA9623D7E0CA24DD3E08523287E05A4C PX5: 9F2DE48F0086912530FD001A3E083800D58E0872
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} - StubPath [%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %System]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} - StubPath [regsvr32.exe /s /n /i:U shell32.dll]
C:\Programmi\Outlook Express\setup50.exe InMem: 0 Det [G] MD5: 5565E7539564F955441DE6FDCBE447A9 PX5: 990052A900467F972069015D0AA93E00C6116D6B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WI]
C:\WINDOWS\system32\ie4uinit.exe InMem: 0 Det [G] MD5: 452FA07DD74200AD8BDADD145487F653 PX5: 77DF5E7B005FEC32864A001224995700729F5FAF
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - StubPath [%SystemRoot%\system32\ie4uinit.exe]
C:\WINDOWS\system32\logon.scr InMem: 0 Det [G] MD5: 6FA8411D60C4FAEE5102EEE1367AB34D PX5: 509D0B6F00114C175E1803F3B4819D004996445C
REGSCRNSAVE - \REGISTRY\User\.DEFAULT\Control Panel\Desktop - SCRNSAVE.EXE [logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-19\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-20\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-21-839522115-436374069-2147104195-1003\Control Panel\Desktop - SCRNSAVE.EXE [C:\WINDOWS\system32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-18\Control Panel\Desktop - SCRNSAVE.EXE [logon.scr]
C:\WINDOWS\system32\gptext.dll InMem: 0 Det [G] MD5: F286C70F59F434B6DDBAB5738B6B029B PX5: 3937BBDB001CF5150EDE03108010A6002700AFB6
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} - DllName [gptext.dll]
C:\WINDOWS\system32\fdeploy.dll InMem: 0 Det [G] MD5: B4767457D286EBB4767C5EC1DF9A7424 PX5: 4B245433003392E32A140131FF3EF30000999A70
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} - DllName [fdeploy.dll]
C:\WINDOWS\system32\dskquota.dll InMem: 0 Det [G] MD5: 78B72D69EE065560A89B7ECE65ED7E2C PX5: 67A29FF30003BFCF6E3801450DA1040095E8819B
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} - DllName [dskquota.dll]
C:\WINDOWS\system32\Security.dll InMem: 0 Det [G] MD5: 71ECCDFAED35071ECB63430732E4276F PX5: 6E962CC0006BCF2D162C007F8D738E00DB8BC691
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - [Security]
C:\WINDOWS\system32\appmgmts.dll InMem: 0 Det [G] MD5: 00E50CD4D9247CB56EFC1360C32AB755 PX5: D38F92810065B7EDAC840228F23E3C004E625C37
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} - DllName [appmgmts.dll]
C:\WINDOWS\system32\cryptnet.dll InMem: 0 Det [G] MD5: F8DD2E38ECC275AE94EDC7C0492416EF PX5: 7068F9AD00A507EDF8EF0072A0BBE3005197631B
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet - DllName [cryptnet.dll]
C:\WINDOWS\system32\sclgntfy.dll InMem: 0 Det [G] MD5: 5FF2551A3D740476F06B20F59CD7F0BE PX5: 164435B300B5B4E0548400AA1F6E0800C2CDD06A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy - DllName [sclgntfy.dll]
C:\WINDOWS\system32\comm.drv InMem: 0 Det [G] MD5: 01B656374912D7CCF7465A3893F18982 PX5: 0D8B262B3068553F296F004B25B4F300F3172575
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - comm.drv [comm.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\vga.drv InMem: 0 Det [G] MD5: 9C86BBB80450AF95B6A4EA8EBDA93D76 PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - display.drv [vga.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mmsystem.dll InMem: 0 Det [G] MD5: 7B3633A771FFAD1CFB8D999FB5FC2687 PX5: B7018ADE208113FC103101C8EB6DD700B1D99765
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - drivers [mmsystem.dll]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\keyboard.drv InMem: 0 Det [G] MD5: ED4BF709AAD8B665075DE06A0945B030 PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - keyboard.drv [keyboard.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mouse.drv InMem: 0 Det [G] MD5: 7D29780AC88BB7292CDCFF71BA67433D PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - mouse.drv [mouse.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wfwnet.drv InMem: 0 Det [G] MD5: 5302ADA9B0793C84151FC463DD65D7BF PX5: E9641F0220200734353000D28FC59A003BEC664C
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - network.drv [wfwnet.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\progman.exe InMem: 0 Det [G] MD5: DF0960F73F899D517FFE5A96F8715E0E PX5: C0D0815600445D69AC3B01B2DAB067005DE0E11A
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - shell [progman.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\sound.drv InMem: 0 Det [G] MD5: 028A1F74926DC3DF2D9629EDC9AEBAFB PX5: E70CAE91D00DCE52067C00647C846400B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - sound.drv [sound.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\system.drv InMem: 0 Det [G] MD5: 4A00D59AE6D75BDFC2C8E5182C4B1376 PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - system.drv [system.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntvdm.exe InMem: 0 Det [G] MD5: 0FEA136CC628C6182E91598F7990229C PX5: DFD881F400018F016A4F06473E7EAA001AE7779E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - cmdline [%SystemRoot%\system32\ntvdm.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - wowcmdline [%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386]
C:\WINDOWS\system32\commdlg.dll InMem: 0 Det [G] MD5: 282C6A1E0565458CE162C907A84043F4 PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ctl3dv2.dll InMem: 0 Det [G] MD5: 637D88E7A1BEDC4457C80DBC8BA9F135 PX5: C84734B440655DC66A4D00304EF8AC0014627D07
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ddeml.dll InMem: 0 Det [G] MD5: BF6529DE6619C4970E727F58E0AD48D1 PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\lanman.drv InMem: 0 Det [G] MD5: E9D142FEAA02E867C8DCDDFE84E29E20 PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\netapi.dll InMem: 0 Det [G] MD5: 0F4AD2E828A6CB0F100CB36F3AC6FAEE PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olecli.dll InMem: 0 Det [G] MD5: CA0305757C0648715F6D92BA0C43992F PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olesvr.dll InMem: 0 Det [G] MD5: 16BF834A84A7DC0D24EDC8E924C90637 PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\pmspl.dll InMem: 0 Det [G] MD5: 57F8A50513E43AAF6A7B23389E389BBC PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\shell.dll InMem: 0 Det [G] MD5: DC8A8C47542EDD026AD8F4AC3D6C2292 PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\toolhelp.dll InMem: 0 Det [G] MD5: C86363C599E5D6836C21A3A3FD21C388 PX5: 87219368400265353643009B30E21C003936EBD7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\win87em.dll InMem: 0 Det [G] MD5: C980C971AD4FF3CA5CEFDEF40932D3A1 PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winoldap.mod InMem: 0 Det [G] MD5: 0DDFD6315DA4B29D09D09B6873EA460B PX5: E19A53B2202676D208C7002132DA8800B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winsock.dll InMem: 0 Det [G] MD5: 68485C5EF0E2EFCEBF21BBB1042B823B PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winspool.exe InMem: 0 Det [G] MD5: 0B4B94B78123E8035B84105BC024F9F8 PX5: F5BB157440E5748C08D600021F9AD300B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wowdeb.exe InMem: 0 Det [G] MD5: A7B82D6B38A2ACD3B2684E7371C6CE93 PX5: C1613D5DB0A80A260ABB006471357400B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\timer.drv InMem: 0 Det [G] MD5: 01DC53809B29550424FDB88345F6872C PX5: 01DC5380F09B29550F040024FDB8830045F6872C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\compobj.dll InMem: 0 Det [G] MD5: 40F9FC896B2BA69FDC04D75E9D00DD01 PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\storage.dll InMem: 0 Det [G] MD5: 3A5CD674ADA85BCC1FF26B81B4CDEFB5 PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2.dll InMem: 0 Det [G] MD5: 145AA8ECF0526C093F71117C181694AB PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2disp.dll InMem: 0 Det [G] MD5: EB38BE7D7CF9EC15442A9D24CB39A2AC PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2nls.dll InMem: 0 Det [G] MD5: 32CFCC848A57F87638E31E8735515F80 PX5: 09B13294B021FA9E558F026E08072F00900228B5
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\typelib.dll InMem: 0 Det [G] MD5: 7161255DFA81E67B66B746D2504D2F2B PX5: C0620321C004C14EB60D020DCCE16200701F9AEA
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msvideo.dll InMem: 0 Det [G] MD5: 0FEC57467004486CF202ED7BDFA5DCEE PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avifile.dll InMem: 0 Det [G] MD5: 92FBB472D13A6CC283529301810922FB PX5: 23078576D07C879BAB0E016052733100CC123BD6
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msacm.dll InMem: 0 Det [G] MD5: B3E0E6C925D333FDCA47808EBF787CB2 PX5: 9509859960B48961EF3C0048E192C7002EB67DBB
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciavi.drv InMem: 0 Det [G] MD5: E6A1BB6F039486BCEB825B365AA5548D PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciseq.drv InMem: 0 Det [G] MD5: 6F3561B8890792B0F61C353D1FC85F9C PX5: 6F3561B8D089079262B000F61C353D001FC85F9C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciwave.drv InMem: 0 Det [G] MD5: 2D1A8D96222A829884C50D453B805765 PX5: 2D1A8D9600222A826E980084C50D45003B805765
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avicap.dll InMem: 0 Det [G] MD5: 4A78D6C08D90BDE538D5B538A082C1C9 PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntsd.exe InMem: 0 Det [G] MD5: 3ECFFB9259462ACCCAF0063841E85E9B PX5: 834FBBDD002D211C7C10004432E9BD00FC3D4F55
REGIFEO - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a - Debugger [ntsd -d]
C:\WINDOWS\system32\mmsys.cpl InMem: 0 Det [G] MD5: B9E3764A67F8D272E88A74E0BDFA1BD0 PX5: 22BCF726009533B384CD093581FB0B00BBF55E93
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00022613-0000-0000-C000-000000000046}\InprocServer32 - {00022613-0000-0000-C000-000000000046} [mmsys.cpl]
C:\WINDOWS\system32\icmui.dll InMem: 0 Det [G] MD5: CC61775DD0099C04C1C464D2E838E0A3 PX5: 79852F4F004FA70AD8870036A8B3F300BFB6CC72
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{176d6597-26d3-11d1-b350-080036a75b03}\InprocServer32 - {176d6597-26d3-11d1-b350-080036a75b03} [icmui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5DB2625A-54DF-11D0-B6C4-0800091AA605}\InprocServer32 - {5DB2625A-54DF-11D0-B6C4-0800091AA605} [%SystemRoot%\System32\icmui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{675F097E-4C4D-11D0-B6C1-0800091AA605}\InprocServer32 - {675F097E-4C4D-11D0-B6C1-0800091AA605} [%SystemRoot%\system32\icmui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DBCE2480-C732-101B-BE72-BA78E9AD5B27}\InprocServer32 - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} [%SystemRoot%\system32\icmui.dll]
C:\WINDOWS\system32\rshx32.dll InMem: 0 Det [G] MD5: 96DBC8F1582FE95B299CD3D6CDBA10A2 PX5: 8E3D69C300B1B3BBA05400C01998E00021B13B08
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32 - {1F2E5C40-9550-11CE-99D2-00AA006E086C} [rshx32.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}\InprocServer32 - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [rshx32.dll]
C:\WINDOWS\system32\docprop.dll InMem: 0 Det [G] MD5: 33CF28FEAC3984EDEA3B8672A0D7F46A PX5: 4D155A630014F006B8E7003E1F6CD600C0918C31
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32 - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} [docprop.dll]
C:\WINDOWS\system32\deskadp.dll InMem: 0 Det [G] MD5: 77DD733136353761750B2258AD368A7E PX5: 1FEBC52C0075696A427B005EACC72200AF70D61C
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{42071712-76d4-11d1-8b24-00a0c9068ff3}\InprocServer32 - {42071712-76d4-11d1-8b24-00a0c9068ff3} [deskadp.dll]
C:\WINDOWS\system32\deskmon.dll InMem: 0 Det [G] MD5: B4D9F35F49B9E5B03C45BEBD96486FE4 PX5: E6AC7E1B00B4347342D70033642CB1001FC78895
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{42071713-76d4-11d1-8b24-00a0c9068ff3}\InprocServer32 - {42071713-76d4-11d1-8b24-00a0c9068ff3} [deskmon.dll]
C:\WINDOWS\system32\dssec.dll InMem: 0 Det [G] MD5: FBA19F60318C5E62CC531F7265E64899 PX5: BF365090005B6ECFCC56008F370997000EDC51ED
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{4E40F770-369C-11d0-8922-00A024AB2DBB}\InprocServer32 - {4E40F770-369C-11d0-8922-00A024AB2DBB} [dssec.dll]
C:\WINDOWS\system32\SlayerXP.dll InMem: 0 Det [G] MD5: 92E3C0617DDA6F19A7B0F680C94C9B6F PX5: 071E70380069307964410011CDEF880004B79666
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}\InprocServer32 - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} [SlayerXP.dll]
C:\WINDOWS\system32\shscrap.dll InMem: 0 Det [G] MD5: 886E25758E76F75B62955E031EAAA7E5 PX5: CEE438A6004ACC126CE400DA76EA3300F6FBD343
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{56117100-C0CD-101B-81E2-00AA004AE837}\InprocServer32 - {56117100-C0CD-101B-81E2-00AA004AE837} [shscrap.dll]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\system32\diskcopy.dll InMem: 0 Det [G] MD5: 18AC1727A4FDD1012974AD76580D0C74 PX5: 74FF218D0092AEB8EC3016F62F9A37009BC24342
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{59099400-57FF-11CE-BD94-0020AF85B590}\InprocServer32 - {59099400-57FF-11CE-BD94-0020AF85B590} [diskcopy.dll]
C:\WINDOWS\system32\ntlanui2.dll InMem: 0 Det [G] MD5: 75AC93BB0EDA95A6B928C7949E60B98B PX5: 0FBD6225003D84B73AA5000A7557EF00532B5590
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{59be4990-f85c-11ce-aff7-00aa003ca9f6}\InprocServer32 - {59be4990-f85c-11ce-aff7-00aa003ca9f6} [ntlanui2.dll]
C:\WINDOWS\system32\printui.dll InMem: 0 Det [G] MD5: CA104D6E9428BA00346CD615A1EE2E31 PX5: CFC465B500331E10BE8C08062B62D70065070AFA
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{77597368-7b15-11d0-a0c2-080036af3f03}\InprocServer32 - {77597368-7b15-11d0-a0c2-080036af3f03} [printui.dll]
C:\WINDOWS\system32\dskquoui.dll InMem: 0 Det [G] MD5: BECA74D3E444B46FA22300B26A46B67D PX5: 22C011F30068927142C902641380E9009CE9DCD6
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7988B573-EC89-11cf-9C00-00AA00A14F56}\InprocServer32 - {7988B573-EC89-11cf-9C00-00AA00A14F56} [dskquoui.dll]
C:\WINDOWS\system32\syncui.dll InMem: 0 Det [G] MD5: AD552FCC0582EA9D1A8F7AB38FB53393 PX5: 32CB8DAC001BF20AF6D60250E1D558008C7994BA
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 - {85BBD920-42A0-1069-A2E4-08002B30309D} [syncui.dll]
C:\WINDOWS\system32\hticons.dll InMem: 0 Det [G] MD5: 487B70D88AE51825E90C98E067205E60 PX5: FDDAAC340069DC70AEDE004813C9AE00464F204F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}\InprocServer32 - {88895560-9AA2-1069-930E-00AA0030EBC8} [C:\WINDOWS\system32\hticons.dll]
C:\WINDOWS\system32\fontext.dll InMem: 0 Det [G] MD5: 71A69EEE673B5D15EBC8479BE12D65C7 PX5: A9B1E4F600762191E233053033E9D8001908E1DB
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BD84B380-8CA2-1069-AB1D-08000948F534}\InprocServer32 - {BD84B380-8CA2-1069-AB1D-08000948F534} [fontext.dll]
C:\WINDOWS\system32\deskperf.dll InMem: 0 Det [G] MD5: 584DAC27268A6A1892062380B1582494 PX5: DEBA621400871F794A8D0005514927006E3B795A
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f92e8c40-3d33-11d2-b1aa-080036a75b03}\InprocServer32 - {f92e8c40-3d33-11d2-b1aa-080036a75b03} [deskperf.dll]
C:\WINDOWS\system32\cryptext.dll InMem: 0 Det [G] MD5: D8340D897AD5CF76E359D3EBBABB5A03 PX5: 144B846200DE013DD4E800E6AFBAF700F56839D9
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 - {7444C717-39BF-11D1-8CD9-00C04FC29D45} [C:\WINDOWS\system32\cryptext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 - {7444C719-39BF-11D1-8CD9-00C04FC29D45} [C:\WINDOWS\system32\cryptext.dll]
C:\WINDOWS\system32\wiashext.dll InMem: 0 Det [G] MD5: C1F811F1EDC12130F9842B93B588957F PX5: C96A74CF00663EB10AB209D765C2F9007A08BE3F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\InprocServer32 - {E211B736-43FD-11D1-9EFB-0000F8757FCD} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}\InprocServer32 - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{905667aa-acd6-11d2-8080-00805f6596d2}\InprocServer32 - {905667aa-acd6-11d2-8080-00805f6596d2} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3F953603-1008-4f6e-A73A-04AAC7A992F1}\InprocServer32 - {3F953603-1008-4f6e-A73A-04AAC7A992F1} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{83bbcbf3-b28a-4919-a5aa-73027445d672}\InprocServer32 - {83bbcbf3-b28a-4919-a5aa-73027445d672} [wiashext.dll]
C:\WINDOWS\system32\remotepg.dll InMem: 0 Det [G] MD5: 248AFC0C31E60BBBFACEAC5FD66B4F3D PX5: B276FC4B0072F7D1EE38004C043BDE00E8D7EAE4
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F0152790-D56E-4445-850E-4F3117DB740C}\InprocServer32 - {F0152790-D56E-4445-850E-4F3117DB740C} [C:\WINDOWS\system32\remotepg.dll]
C:\WINDOWS\system32\wshext.dll InMem: 0 Det [G] MD5: 2A7CE0D301ED72A88B5EDE591AC7C51A PX5: 66026A8D0045E4F800BE0104F649E900B9F8B8B3
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{60254CA5-953B-11CF-8C96-00AA00B8708C}\InprocServer32 - {60254CA5-953B-11CF-8C96-00AA00B8708C} [C:\WINDOWS\system32\wshext.dll]
C:\Programmi\File comuni\System\Ole DB\oledb32.dll InMem: 0 Det [G] MD5: A2033E5A2B7FC1874CACD6D70A7A7095 PX5: 722A7F0200065713701D079CB9F9D70095D47802
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2206CDB2-19C1-11D1-89E0-00C04FD7A829}\InprocServer32 - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} [C:\Programmi\File comuni\System\Ole DB\oledb32.dll]
C:\WINDOWS\system32\mstask.dll InMem: 0 Det [G] MD5: EC25A03FF0624969D508C6F1E25CD664 PX5: 28BAE091003DDB7248B2048CE9759F0060145387
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}\InprocServer32 - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [C:\WINDOWS\system32\mstask.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}\InprocServer32 - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [C:\WINDOWS\system32\mstask.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\InprocServer32 - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} [C:\WINDOWS\system32\mstask.dll]
C:\WINDOWS\system32\wuaucpl.cpl InMem: 0 Det [G] MD5: 747373C80298359850901F5288FAEA3C PX5: B717D614001665127CF602A9F30C1F00792CA187
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5F327514-6C5E-4d60-8F16-D07FA08A78ED}\InprocServer32 - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} [C:\WINDOWS\system32\wuaucpl.cpl]
C:\WINDOWS\system32\twext.dll InMem: 0 Det [G] MD5: 9C0305DF90319693B0B8025976DE5C66 PX5: 83D6D2D5007A7A78AC5A00555BE37F0060757F73
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\InprocServer32 - {596AB062-B4D2-4215-9F74-E9109B0A8153} [%SystemRoot%\system32\twext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9DB7A13C-F208-4981-8353-73CC61AE2783}\InprocServer32 - {9DB7A13C-F208-4981-8353-73CC61AE2783} [%SystemRoot%\system32\twext.dll]
C:\WINDOWS\system32\shmedia.dll InMem: 0 Det [G] MD5: BF30BB4D33AFA9E7E33F82F7DE84F18C PX5: 6F935BCA00698E3154450276A47BF4000FC59B48
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}\InprocServer32 - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}\InprocServer32 - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E4B29F9D-D390-480b-92FD-7DDB47101D71}\InprocServer32 - {E4B29F9D-D390-480b-92FD-7DDB47101D71} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InprocServer32 - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A6FD9E45-6E44-43f9-8644-08598F5A74D9}\InprocServer32 - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{c5a40261-cd64-4ccf-84cb-c394da41d590}\InprocServer32 - {c5a40261-cd64-4ccf-84cb-c394da41d590} [%SystemRoot%\system32\shmedia.dll]
C:\WINDOWS\system32\sendmail.dll InMem: 0 Det [G] MD5: 2E2CF126E0C68EE3954D4033035CA78E PX5: 89815E52001B0148D88B0081AF133A006B487C42
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [C:\WINDOWS\system32\sendmail.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [C:\WINDOWS\system32\sendmail.dll]
C:\WINDOWS\system32\occache.dll InMem: 0 Det [G] MD5: EAA6D95C930615B37D2846778480B3E7 PX5: 214F9BB100EDD7C47CF8015D8AF0380096C50712
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{88C6C381-2E85-11D0-94DE-444553540000}\InprocServer32 - {88C6C381-2E85-11D0-94DE-444553540000} [%SystemRoot%\system32\occache.dll]
C:\WINDOWS\system32\appwiz.cpl InMem: 0 Det [G] MD5: 5811931252689335B915135F40AF5EF1 PX5: 7BF23A6100E0F96772F20888CE0D3F00288DF318
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{352EC2B7-8B9A-11D1-B8AE-006008059382}\InprocServer32 - {352EC2B7-8B9A-11D1-B8AE-006008059382} [%SystemRoot%\system32\appwiz.cpl]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0B124F8F-91F0-11D1-B8B5-006008059382}\InprocServer32 - {0B124F8F-91F0-11D1-B8B5-006008059382} [%SystemRoot%\system32\appwiz.cpl]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CFCCC7A0-A282-11D1-9082-006008059382}\InprocServer32 - {CFCCC7A0-A282-11D1-9082-006008059382} [%SystemRoot%\system32\appwiz.cpl]
C:\WINDOWS\system32\shimgvw.dll InMem: 0 Det [G] MD5: 3528C993453CA6AEC6AB684FF1189950 PX5: BF42E4FC005BE16EB66806F7E01C32002F436309
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{e84fda7c-1d6a-45f6-b725-cb260c236066}\InprocServer32 - {e84fda7c-1d6a-45f6-b725-cb260c236066} [%SystemRoot%\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}\InprocServer32 - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} [%SystemRoot%\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}\LocalServer32 - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_COMServ]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 - {3F30C968-480A-4C6C-862D-EFC0897BB84B} [C:\WINDOWS\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9DBD2C50-62AD-11d0-B806-00C04FD706EC}\InprocServer32 - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} [C:\WINDOWS\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EAB841A0-9550-11cf-8C16-00805F1408F3}\InprocServer32 - {EAB841A0-9550-11cf-8C16-00805F1408F3} [C:\WINDOWS\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}\InprocServer32 - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [%SystemRoot%\system32\shimgvw.dll]
C:\WINDOWS\system32\netplwiz.dll InMem: 0 Det [G] MD5: 497A6C557821B002C784437591FF731B PX5: C0B90A180022DF616EE40D61CC92200055AE5438
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CC6EEFFB-43F6-46c5-9619-51D571967F7D}\InprocServer32 - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} [%SystemRoot%\system32\netplwiz.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{add36aa8-751a-4579-a266-d66f5202ccbb}\InprocServer32 - {add36aa8-751a-4579-a266-d66f5202ccbb} [%SystemRoot%\system32\netplwiz.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6b33163c-76a5-4b6c-bf21-45de9cd503a1}\InprocServer32 - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} [%SystemRoot%\system32\netplwiz.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{58f1f272-9240-4f51-b6d4-fd63d1618591}\InprocServer32 - {58f1f272-9240-4f51-b6d4-fd63d1618591} [%SystemRoot%\system32\netplwiz.dll]
C:\WINDOWS\system32\zipfldr.dll InMem: 0 Det [G] MD5: 84DC2B97AE10DEA7B265A74971634131 PX5: ED969ADB00D5666D2CF80569EB9E87007A803837
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\InprocServer32 - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [%SystemRoot%\system32\zipfldr.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BD472F60-27FA-11cf-B8B4-444553540000}\InprocServer32 - {BD472F60-27FA-11cf-B8B4-444553540000} [%SystemRoot%\system32\zipfldr.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}\InprocServer32 - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [%SystemRoot%\system32\zipfldr.dll]
C:\WINDOWS\system32\cdfview.dll InMem: 0 Det [G] MD5: E44A7AC9A918FE6D8B29C3223D563545 PX5: 078C0056008184D44E1F02922B0F0300CF4E3686
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f39a0dc0-9cc8-11d0-a599-00c04fd64433}\InprocServer32 - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} [%SystemRoot%\system32\cdfview.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}\InprocServer32 - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} [%SystemRoot%\system32\cdfview.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}\InprocServer32 - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} [%SystemRoot%\system32\cdfview.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}\InprocServer32 - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} [%SystemRoot%\system32\cdfview.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}\InprocServer32 - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} [%SystemRoot%\system32\cdfview.dll]
C:\WINDOWS\system32\extmgr.dll InMem: 0 Det [G] MD5: 77989A1FC504E58F198A3990B4115C6D PX5: 29CD981900B2AB34DAC8005A8DC7D40002F9966B
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{692F0339-CBAA-47e6-B5B5-3B84DB604E87}\InprocServer32 - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} [%SystemRoot%\system32\extmgr.dll]
C:\WINDOWS\system32\docprop2.dll InMem: 0 Det [G] MD5: 886BA5DB0A87B5A0D5F85C39424FC2AC PX5: BAD4E96E0064F346BC36008E2891DB0060D308D0
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{883373C3-BF89-11D1-BE35-080036B11A03}\InprocServer32 - {883373C3-BF89-11D1-BE35-080036B11A03} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A9CF0EAE-901A-4739-A481-E35B73E47F6D}\InprocServer32 - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{8EE97210-FD1F-4B19-91DA-67914005F020}\InprocServer32 - {8EE97210-FD1F-4B19-91DA-67914005F020} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}\InprocServer32 - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6A205B57-2567-4A2C-B881-F787FAB579A3}\InprocServer32 - {6A205B57-2567-4A2C-B881-F787FAB579A3} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}\InprocServer32 - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} [C:\WINDOWS\system32\docprop2.dll]
C:\WINDOWS\system32\dsquery.dll InMem: 0 Det [G] MD5: 3241BE7FA4E0191AE13D80B605AC980E PX5: 97CEB5F9000C9E25AA2703A3E1CE88000E6ADB1E
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{8A23E65E-31C2-11d0-891C-00A024AB2DBB}\InprocServer32 - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} [%SystemRoot%\system32\dsquery.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}\InprocServer32 - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [%SystemRoot%\system32\dsquery.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}\InprocServer32 - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} [%SystemRoot%\system32\dsquery.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F020E586-5264-11d1-A532-0000F8757D7E}\InprocServer32 - {F020E586-5264-11d1-A532-0000F8757D7E} [%SystemRoot%\system32\dsquery.dll]
C:\WINDOWS\system32\dsuiext.dll InMem: 0 Det [G] MD5: CA33E221EFA6C8BC9081F62FB81C4F46 PX5: 6A192EC500170EFDBCEB0145A96D9300BCCCF2CE
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0D45D530-764B-11d0-A1CA-00AA00C16E65}\InprocServer32 - {0D45D530-764B-11d0-A1CA-00AA00C16E65} [%SystemRoot%\system32\dsuiext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{62AE1F9A-126A-11D0-A14B-0800361B1103}\InprocServer32 - {62AE1F9A-126A-11D0-A14B-0800361B1103} [%SystemRoot%\system32\dsuiext.dll]
C:\WINDOWS\system32\mydocs.dll InMem: 0 Det [G] MD5: 0E34AD97F42004E23DA845FF4F822090 PX5: 57E2829600BA664D643501A4D8468A0095362A02
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECF03A33-103D-11d2-854D-006008059367}\InprocServer32 - {ECF03A33-103D-11d2-854D-006008059367} [%SystemRoot%\system32\mydocs.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECF03A32-103D-11d2-854D-006008059367}\InprocServer32 - {ECF03A32-103D-11d2-854D-006008059367} [%SystemRoot%\system32\mydocs.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{4a7ded0a-ad25-11d0-98a8-0800361b1103}\InprocServer32 - {4a7ded0a-ad25-11d0-98a8-0800361b1103} [%SystemRoot%\system32\mydocs.dll]
C:\WINDOWS\msagent\agentpsh.dll InMem: 0 Det [G] MD5: 43E7C7538D4FD053D19758DD758A2842 PX5: 7469413C00931FFF5E8700E559045400C1A9DC6C
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\InprocServer32 - {143A62C8-C33B-11D1-84FE-00C04FA34A14} [C:\WINDOWS\msagent\agentpsh.dll]
C:\WINDOWS\system32\dfsshlex.dll InMem: 0 Det [G] MD5: 41F6A64EB0D0C8B6FDFF7C376F4CEC17 PX5: C56F8BCC000B5CE570B200C57894E100F757413D
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}\InprocServer32 - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [C:\WINDOWS\system32\dfsshlex.dll]
C:\WINDOWS\system32\photowiz.dll InMem: 0 Det [G] MD5: 06CFB5CE176F60AA715635A291960ACC PX5: B7418C4500E88487A00C02F731B52500E7F273D2
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{60fd46de-f830-4894-a628-6fa81bc0190d}\InprocServer32 - {60fd46de-f830-4894-a628-6fa81bc0190d} [%SystemRoot%\system32\photowiz.dll]
C:\WINDOWS\System32\mmcshext.dll InMem: 0 Det [G] MD5: D1C8ED56D0DB39E432EDDC5BFCA6DBE5 PX5: 8A0ADE010092153AC6C80087DEA97400BEB13B83
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7A80E4A8-8005-11D2-BCF8-00C04F72C717}\InprocServer32 - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} [%SystemRoot%\System32\mmcshext.dll]
C:\WINDOWS\system32\cabview.dll InMem: 0 Det [G] MD5: B6BF125D2C37CD7DF340B255A07134E8 PX5: 3D37E41700A8F7F74C2701763FA52300CB1B48CD
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InprocServer32 - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} [cabview.dll]
C:\Programmi\Outlook Express\wabfind.dll InMem: 0 Det [G] MD5: 64ECEDD4E261443874CAD4D66FE9FE44 PX5: 4FBC213F00A9A845805300462EEB2700C79BF84F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InprocServer32 - {32714800-2E5F-11d0-8B85-00AA0044F941} [C:\Programmi\Outlook Express\wabfind.dll]
C:\WINDOWS\system32\wmpshell.dll InMem: 0 Det [G] MD5: 26FF66B17AA576421BC14742157871F2 PX5: 38347505000E6E3790E70134E584230099E5F235
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{8DD448E6-C188-4aed-AF92-44956194EB1F}\InprocServer32 - {8DD448E6-C188-4aed-AF92-44956194EB1F} [C:\WINDOWS\system32\wmpshell.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\InprocServer32 - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [C:\WINDOWS\system32\wmpshell.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\InprocServer32 - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [C:\WINDOWS\system32\wmpshell.dll]
C:\WINDOWS\system32\nvshell.dll InMem: 0 Det [G] MD5: 60DC17BDC7AE20282CAAE25E182129E9 PX5: 2371381B0051C449206907CC2BD4670097D004F3
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32 - {1CDB2949-8F65-4355-8456-263E7C208A5D} [C:\WINDOWS\system32\nvshell.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{1E9B04FB-F9E5-4718-997B-B8DA88302A47}\InprocServer32 - {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [C:\WINDOWS\system32\nvshell.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{1E9B04FB-F9E5-4718-997B-B8DA88302A48}\InprocServer32 - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [C:\WINDOWS\system32\nvshell.dll]
C:\Programmi\Alwil Software\Avast4\ashShell.dll InMem: 0 Det [G] MD5: 9870BD3840E3A6FF53F62C166E6F4755 PX5: 9B705E23783A3E8625800115E62F260006BC37F8
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InprocServer32 - {472083B0-C522-11CF-8763-00608CC02F24} [C:\Programmi\Alwil Software\Avast4\ashShell.dll]
C:\Programmi\WinRAR\rarext.dll InMem: 0 Det [G] MD5: 1BF174857A1C396B985CC6EEA1716CC1 PX5: 39BE9DAD00C60733FA6E0134012D62001A20EC4F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InprocServer32 - {B41DB860-8EE4-11D2-9906-E49FADC173CA} [C:\Programmi\WinRAR\rarext.dll]
C:\Programmi\a-squared Free\a2freecontmenu.dll InMem: 0 Det [G] MD5: FD8ED176A58621F1AABBDD7FE42174C5 PX5: 2DC32EDD909DF5714C2B03139648A400230E7F95
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A155339D-CCCD-4714-85EB-3754B804C9DF}\InprocServer32 - {A155339D-CCCD-4714-85EB-3754B804C9DF} [C:\Programmi\a-squared Free\a2freecontmenu.dll]
C:\WINDOWS\system32\msapsspc.dll InMem: 0 Det [G] MD5: 9B6E96F4EC4104BCB180C5BEA2787B3F PX5: 8C479BBA0065475850000105207F00002CA02E51
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\digest.dll InMem: 0 Det [G] MD5: 9B4CD31081F2CE1D69D2580D015C82EA PX5: 2283761F0087EB020C9B01CC3CCBC600B4AB6B96
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\msnsspc.dll InMem: 0 Det [G] MD5: A99939BAE7757437683F4D6B1021A499 PX5: 5FC3C3D6008FE4D0702D042D3521CB003038EB19
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\Resources\themes\Luna\Luna.msstyles InMem: 0 Det [G] PX5: D4AC08E190E1815FF0763FFB772E82003759142D
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Themes - InstallVisualStyle [%SystemRoot%\Resources\themes\Luna\Luna.msstyles]
C:\WINDOWS\system32\rdpclip.exe InMem: 0 Det [G] MD5: 456E33D8A5B34B0B9B5DE1270E13C7A3 PX5: 3129DB34009CADCFF4300018D68AB90013FA4372
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - StartupPrograms [rdpclip]
C:\WINDOWS\system32\rdpwsx.dll InMem: 0 Det [G] MD5: 98B543037E34C640622FA61E895326C4 PX5: 2D4F90888862EA65546401DF11DAFF009FB4CACF
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - WsxDll [rdpwsx]
C:\WINDOWS\system32\RDPCFGEX.DLL InMem: 0 Det [G] MD5: 0F6F4433F47441C14F17D5348CF609B0 PX5: 648184F200AE0568123C00C1F661D900A8042FB8
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - CfgDll [RDPCFGEX.DLL]
C:\WINDOWS\System32\cmd.exe InMem: 0 Det [G] MD5: 94744851B6A9BDCEFCD26CC61A6AFD12 PX5: 174F65020044C14C121406F23AA7F300C65DE81F
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\1.0 - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\Defaults - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGSAFESEC - \REGISTRY\Machine\System\CurrentControlSet\Control\SafeBoot - AlternateShell [cmd.exe]
C:\WINDOWS\system32\rdpsnd.dll InMem: 0 Det [G] MD5: 1C5C414CC29D507B89E355E1733A7491 PX5: 34FBA65500CFB6AF4EE7003742BB470065937B12
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wave [rdpsnd.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - mixer [rdpsnd.dll]
C:\WINDOWS\system32\imaadp32.acm InMem: 0 Det [G] MD5: 316F81B3EC381C1C76E07CA43FC12BFC PX5: 528D926A00EB3B4A408A0067B777E0007219DE4B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.imaadpcm [imaadp32.acm]
C:\WINDOWS\system32\msadp32.acm InMem: 0 Det [G] MD5: 147BA07670FA18D112D631B9EEC2CA21 PX5: 9896734D003A7B4A3AD6001B2D129300C6CAD27F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msadpcm [msadp32.acm]
C:\WINDOWS\system32\msg711.acm InMem: 0 Det [G] MD5: D609EDECB9692217BCA166C09A8AA6D0 PX5: 98836843004ECD5624170012D62AF300ADA7FDE1
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg711 [msg711.acm]
C:\WINDOWS\system32\msgsm32.acm InMem: 0 Det [G] MD5: DBB6C6DBA7C404BF266E064889C45907 PX5: 7715C6930008610D4E5300A5AC1D5400348AB758
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msgsm610 [msgsm32.acm]
C:\WINDOWS\system32\tssoft32.acm InMem: 0 Det [G] MD5: 49445261FFAAB7F8B915C4D3041AA7F4 PX5: 9DB260C30072F5C620530046E6B0DC000EF1898D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.trspch [tssoft32.acm]
C:\WINDOWS\system32\iccvid.dll InMem: 0 Det [G] MD5: BE4DE2539B3DB9D31D75FE0D323C52EE PX5: 0CEE20B80002FE623A80014E667E0900EDC97E34
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.cvid [iccvid.dll]
C:\WINDOWS\system32\msh263.drv InMem: 0 Det [G] MD5: B2E67E6045966C14A746627DCCF3F67D PX5: D1EBECF00092F1C390AB04548720B200A8771D55
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.I420 [msh263.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M263 [msh263.drv]
C:\WINDOWS\system32\ir32_32.dll InMem: 0 Det [G] MD5: CDE3AEAEEFF57DBB43133F46E96AD8C5 PX5: 48C6FD2800CF7D770AB40340E9EE0B00336C0935
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv31 [ir32_32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv32 [ir32_32.dll]
C:\WINDOWS\system32\ir41_32.ax InMem: 0 Det [G] MD5: 757C7944EB0D518020BB59A1A3AE9826 PX5: 88C1844600D60C2BF2960C06110E8900D716354E
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv41 [ir41_32.ax]
C:\WINDOWS\system32\iyuv_32.dll InMem: 0 Det [G] MD5: 193315B73270BAD33A3C2F527C8380F6 PX5: 8D2F485A000F6953BA8B00EF89F3AE0028DCEE98
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iyuv [iyuv_32.dll]
C:\WINDOWS\system32\msrle32.dll InMem: 0 Det [G] MD5: 7B999CA58C6276D885F17ABC73982009 PX5: 6AD29AC5008293D12C2D00B216F74700B26503F0
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mrle [msrle32.dll]
C:\WINDOWS\system32\msvidc32.dll InMem: 0 Det [G] MD5: D648EDBA85278839E30979CE627E5C81 PX5: CE4E524C0073A8EC64FF00E1300C68000D8D97A8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.msvc [msvidc32.dll]
C:\WINDOWS\system32\msyuv.dll InMem: 0 Det [G] MD5: B35E1E08BF94E68DAF5D9F52485EA368 PX5: 92EC75E800DB9BE5440C000A47ABC3009642377A
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.uyvy [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.yuy2 [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.yvyu [msyuv.dll]
C:\WINDOWS\system32\tsbyuv.dll InMem: 0 Det [G] MD5: A892EC07DFFC3D8BF879102982F08721 PX5: 86646A040019522320A100B4BB4D900094B11477
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.yvu9 [tsbyuv.dll]
C:\WINDOWS\system32\msg723.acm InMem: 0 Det [G] MD5: D53BDE174AD076AE58C8245A524CFB85 PX5: 11020CC8008FB79ED00601EAD6C03900AA679A83
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg723 [msg723.acm]
C:\WINDOWS\system32\msh261.drv InMem: 0 Det [G] MD5: 35F5338123495C871C4C7CC9FCE784F6 PX5: A41AA5420008DA3EF0B402388EE55600B25D24F8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M261 [msh261.drv]
C:\WINDOWS\system32\msaud32.acm InMem: 0 Det [G] MD5: 9EFCA60A4BDCF77FC5E2337E3AB61B1E PX5: C38F33CC0026C9E080B10460DFC46F004CE633B9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msaudio1 [msaud32.acm]
C:\WINDOWS\system32\sl_anet.acm InMem: 0 Det [G] MD5: C2E1907DDE505F02585E7C85F927333A PX5: 3DA8D952002B67BF508D01A57E615F00B2B2EA92
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.sl_anet [sl_anet.acm]
C:\WINDOWS\system32\iac25_32.ax InMem: 0 Det [G] MD5: 60B88C336EF385EB0ED77B73852712F3 PX5: D062C8E7003B5A390C1703C014BB9700CE1BED53
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.iac2 [C:\WINDOWS\system32\iac25_32.ax]
C:\WINDOWS\system32\ir50_32.dll InMem: 0 Det [G] MD5: B11FB596034932DC55A7638911F482C2 PX5: 8FA030FE0030B5D3865F0B4087D0420068F6854C
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv50 [ir50_32.dll]
C:\WINDOWS\system32\l3codeca.acm InMem: 0 Det [G] MD5: C5AF10FD0A2C5938C4D962537AF13BA3 PX5: BD6FA9CA00B4F05D702C042DD7B42E003DC5A552
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.l3acm [C:\WINDOWS\system32\l3codeca.acm]
C:\WINDOWS\system32\ipxrip.dll InMem: 0 Det [G] MD5: 2DAC54A61B837FAC36FFD92B7E39B3FF PX5: 859821B9009D40A9548200AD83A363008B36EF0D
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXRIP - DllName [ipxrip.dll]
C:\WINDOWS\system32\ipxsap.dll InMem: 0 Det [G] MD5: 3EEA6D343B3D6FCF500DB1837C07DF06 PX5: 85797B9500D099280499015DBB948C00AAAAF548
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXSAP - DllName [ipxsap.dll]
C:\WINDOWS\System32\iprtrmgr.dll InMem: 0 Det [G] MD5: 30584106B1E3C4F836D35C92BA38B184 PX5: D40494A6008ED12A98FE023AAD1857000DD8C7B5
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip - DllPath [%SystemRoot%\System32\iprtrmgr.dll]
C:\WINDOWS\System32\ipxrtmgr.dll InMem: 0 Det [G] MD5: 7FF943A30BA413C3F43E8441A28B7AA7 PX5: 4718448E00AA1CC09C1B00C6E262700012078A35
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx - DllPath [%SystemRoot%\System32\ipxrtmgr.dll]
C:\WINDOWS\system32\Firewall.cpl InMem: 0 Det [G] MD5: 486C95D7867757EF75946CDC7FA547DD PX5: C6AD4E5900619E5B3AA801566FFF65004318E0B5
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Internet Connection Firewall [Firewall.cpl]
C:\WINDOWS\system32\NetSetup.cpl InMem: 0 Det [G] MD5: 6C00E8B5734CD98456E36A1919393597 PX5: 1727E2B500CA6EDF648A0091303FF7003D7EE312
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - NetSetupWizard [NetSetup.cpl]
C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl InMem: 0 Det [G] MD5: B281E4E0C7DE6016F067191AA0B10047 PX5: 4B95DF2F0028608F7026024663B5470081E40772
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Speech [C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl]
C:\WINDOWS\system32\Magnify.exe InMem: 0 Det [G] MD5: B8485B1B335C0C00397DD7ABC041475D PX5: 8FD0DD1200F1CC211E520147693D72005CC20F83
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier - Application path [Magnify.exe]
C:\WINDOWS\system32\osk.exe InMem: 0 Det [G] MD5: 7D5B9DD2D397E5D323C5DE2D0B4CAEB6 PX5: 865A974F008F100B4EF6035F16FFB2007D13E899
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard - Application path [osk.exe]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx InMem: 0 Det [G] MD5: 7CFDD7F54C64BFF62F64665A7E567896 PX5: D9CCCE7600AE330472C5014263EDAE006E08A176
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\ieinfo5 - [C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe InMem: 0 Det [G] MD5: 12644A48270558AEC35230E476534F48 PX5: DCC20BBB0036A3BB9EFA00953DF8F200E6CDE36A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo - Path [C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe]
C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv InMem: 0 Det [G] MD5: 20B2A413BEFA1B0D309416BF8228DC95 PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\HTML - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\HTML - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv]
C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc InMem: 0 Det [G] MD5: AFD63CA25E43793FD7C42C5F74961559 PX5: 71A6A3C449C4AC08B01A01656F55D100B9B2E691
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWinWrite.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc InMem: 0 Det [G] MD5: DA91B90D37135534D061B7E3480FC11C PX5: 255241CE4A8E0D0D40E903D813E15E00D95525A3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv InMem: 0 Det [G] MD5: 40A28E9CC57F760A213A71FCE642CEDD PX5: E4DB25CE10AF0B4B41E904034C3FBD003A7F764C
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord8 - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv]
C:\WINDOWS\system32\mshta.exe InMem: 0 Det [G] MD5: 5F39CE997F477A43B4F5B569A4AEE56E PX5: 444E52CC00F22ED67278001B497EA1001707F225
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\htafile\shell\open\command - [C:\WINDOWS\system32\mshta.exe "%1" %*]
C:\WINDOWS\System32\WScript.exe InMem: 0 Det [G] MD5: 58F5AC58D277F1C44E71295AAFD403F8 PX5: 4850A70600D60426C0410166FCF6E000B918B6A5
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSHFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSFFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
C:\WINDOWS\system32\mmc.exe InMem: 0 Det [G] MD5: B0B93DE885F03974C12B6238D68A6F67 PX5: C6EB514E00915CDD74820CD0EB0CF8007694B8C8
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\MSCFile\shell\open\command - [%SystemRoot%\system32\mmc.exe "%1" %*]
C:\Programmi\Outlook Express\msimn.exe InMem: 0 Det [G] MD5: 9A4B8A0D20B22E0E8BBC495CD0FC7EEA PX5: C590CE8500B66EAEEC1A000D7D657F00AB8E0704
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\mailto\shell\open\command - ["%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1]
C:\Documents and Settings\Pae\Desktop\OOo_2.4.0_Win32Intel_install_wJRE_it.exe InMem: 0 Det [u] PX5: E75FB9CEB64926E3F317FC3C10597907A2E80702
C:\Programmi\a-squared Free\a2free.exe InMem: 0 Det [UP] MD5: 9FD62EC58ED6A37B6A2A4DB96F027A7D PX5: 59C4C1CE707BE390F8540C1145EAF500B751C729
C:\WINDOWS\system32\drivers\aavmker4.sys InMem: 0 Det [G] MD5: 3D122CE50C43009B867FE868D627CC2B PX5: 8E3B352F402BDBFD692F008515D39500B309EBF4
C:\WINDOWS\system32\drivers\acpiec.sys InMem: 0 Det [G] MD5: 49AC5CD87FBDDA62F3E25190019E7627 PX5: F21BE3DC800E8A0A2F3C009238A73C008905B399
C:\WINDOWS\system32\drivers\amdk6.sys InMem: 0 Det [G] MD5: 03BBCA770830A6FFC5A57B697D150F2F PX5: 4242D904806C60F8A08300740C09B400A99A704A
C:\WINDOWS\system32\drivers\amdk7.sys InMem: 0 Det [G] MD5: A4FF6CFCD83941B3628779CB32959C2B PX5: EABF85AE00CF7D2BA2F600B95331A000E92CF98B
C:\WINDOWS\system32\drivers\arp1394.sys InMem: 0 Det [G] MD5: F0D692B0BFFB46E30EB3CEA168BBC49F PX5: E79B803D809043E9ED9C00655C5EAE00E1E46E49
C:\WINDOWS\system32\drivers\ASUSHWIO.SYS InMem: 0 Det [G] MD5: DE91D0D73C3E61E6826D98FAC2FAC729 PX5: A73AAFA5C01706ED1657005184698A000DFF3991
C:\WINDOWS\system32\drivers\aswmon.sys InMem: 0 Det [G] MD5: 6ADDF942D7099629C7467D6A81EA7912 PX5: A3ED5EA1501872D26C00012D259518007EAC2B55
C:\WINDOWS\system32\drivers\aswmon2.sys InMem: 0 Det [G] MD5: F27F7164266FED646EACD0F6500916DF PX5: CB8A33F450A8E1627124014B37FD1E001CF15579
C:\WINDOWS\system32\drivers\aswRdr.sys InMem: 0 Det [G] MD5: 99B7F5ACAEFB944C5528B39B5ED16810 PX5: 48D9ACAE70B2FC9A5A5300E19F6A9200CB3E7C47
C:\WINDOWS\system32\drivers\aswSP.sys InMem: 0 Det [G] MD5: 90DC7EDA705ABCCB8DB0D688FA415207 PX5: 1658DAB750E3969928AE01A99D73700008308AEF
C:\WINDOWS\system32\drivers\aswTdi.sys InMem: 0 Det [G] MD5: 3C588519F2BE36310E5B13FFA4BC7BD2 PX5: DC15AC11A0115A59A71900A9DB1EAC0066766524
C:\WINDOWS\system32\drivers\atmepvc.sys InMem: 0 Det [G] MD5: 39A0A59180F19946374275745B21AEBA PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B
C:\WINDOWS\system32\drivers\atmlane.sys InMem: 0 Det [G] MD5: 0128E78FE835F074E469F03DB681CA9E PX5: 823332B380717184DAFD00B035ED9500F95C0458
C:\WINDOWS\system32\drivers\atmuni.sys InMem: 0 Det [G] MD5: E7EF69B38D17BA01F914AE8F66216A38 PX5: 92E7BF650082565E607E05AD216E0900953642D5
C:\WINDOWS\system32\drivers\beep.sys InMem: 0 Det [G] MD5: DA1F27D85E0D1525F6621372E7B685E9 PX5: F62FA4F780D77A5110B2005CD7507900637E04C1
C:\WINDOWS\system32\drivers\bridge.sys InMem: 0 Det [G] MD5: E4E6A0922E3D983728C9AD4E8D466954 PX5: 69CABDC3803104ED17D001BEA902E2004A7836B0
C:\WINDOWS\system32\drivers\cbidf2k.sys InMem: 0 Det [G] MD5: 90A673FC8E12A79AFBED2576F6A7AAF9 PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7
C:\WINDOWS\system32\drivers\cdaudio.sys InMem: 0 Det [G] MD5: C1B486A7658353D33A10CC15211A873B PX5: 7D0D30B9001A5352491B006D9C79D000079079B1
C:\WINDOWS\system32\drivers\cdfs.sys InMem: 0 Det [G] MD5: CD7D5152DF32B47F4E36F710B35AAE02 PX5: 0225C13D004CC9CDF93000922132D000BA57D976
C:\WINDOWS\system32\drivers\cinemst2.sys InMem: 0 Det [G] MD5: 0CCCBD6EF94910804921BF04A2107EF8 PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424
C:\WINDOWS\system32\drivers\classpnp.sys InMem: 0 Det [G] MD5: D86173B401470F06D9810F7962969DDF PX5: 61280642007AE0BEC20400D8EC4D8200079FF3CE
C:\WINDOWS\system32\drivers\cpqdap01.sys InMem: 0 Det [G] MD5: 9624293E55AD405415862B504CA95B73 PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3
C:\WINDOWS\system32\drivers\crusoe.sys InMem: 0 Det [G] MD5: F8C288D89AD71BF1AFF0F9E4DB5D3A10 PX5: E4FE1A7080AF31429EBC00A2612936006E0D7B97
C:\WINDOWS\system32\drivers\diskdump.sys InMem: 0 Det [G] MD5: D16C81677A9BE399C63CD2EA486472A5 PX5: 6D7A5F848072A37B37EB00C342763700264F9014
C:\WINDOWS\system32\drivers\drmk.sys InMem: 0 Det [G] MD5: FF86422268DE771D571E123EB7092C6A PX5: 73B664558055CFD9EB9800CC44976A00031F37A9
C:\WINDOWS\system32\drivers\dxapi.sys InMem: 0 Det [G] MD5: FE97D0343ACFDEBDD578FC67CC91FA87 PX5: D0E069F50027643C29470029619BD400B7B7054A
C:\WINDOWS\system32\drivers\dxg.sys InMem: 0 Det [G] MD5: D3DAC8432110AAD0B02A58B4459AB835 PX5: 3F54B7A780F0ED98157C011AE18D4A00EE6485EB
C:\WINDOWS\system32\drivers\dxgthk.sys InMem: 0 Det [G] MD5: A73F5D6705B1D820C19B18782E176EFD PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14
C:\WINDOWS\system32\drivers\fastfat.sys InMem: 0 Det [G] MD5: 3117F595E9615E04F05A54FC15A03B20 PX5: 1E68B78D00BA4E2F30E102605EF38B00BED2E67D
C:\WINDOWS\system32\drivers\fips.sys InMem: 0 Det [G] MD5: 333FBBC71BDCBB46C58A3B51B3D51184 PX5: 1007D8C50089CEC889D600EFFDE6B800D02A5DA9
C:\WINDOWS\system32\drivers\fsvga.sys InMem: 0 Det [G] MD5: 25A7F5539209BE062D4BB3F9CD84BD16 PX5: 78ACD409008333CF30C90046F776F800BAB458CE
C:\WINDOWS\system32\drivers\fs_rec.sys InMem: 0 Det [G] MD5: 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A PX5: 2E3179C900CB71741FBA004F645EEB00865149D3
C:\WINDOWS\system32\drivers\hidclass.sys InMem: 0 Det [G] MD5: 378055AB8DDA86228683C697C4E11685 PX5: 800EAA28801FAC928DC800F3F0296600134890AF
C:\WINDOWS\system32\drivers\hidparse.sys InMem: 0 Det [G] MD5: 5FFF41CD5108E9051D255C37825AF697 PX5: 202AE5AF805FDB4161470039E900C0009EB401B0
C:\WINDOWS\system32\drivers\intelppm.sys InMem: 0 Det [G] MD5: EBC07787034BBE312020D30198A9F362 PX5: 308DA7E000DC5FE09D58006BABC91A0052CD17AF
C:\WINDOWS\system32\drivers\ks.sys InMem: 0 Det [G] MD5: B9540E258F952650DE8DEC68719A5C97 PX5: 78D9F49380D52F3B2603022FFE8CE100B4CA1585
C:\WINDOWS\system32\drivers\ksecdd.sys InMem: 0 Det [G] MD5: EB7FFE87FD367EA8FCA0506F74A87FBB PX5: 774C935980F76922670D01959D71E6009D9267E6
C:\WINDOWS\system32\drivers\mcd.sys InMem: 0 Det [G] MD5: D1F8BE91ED4DDB671D42E473E3FE71AB PX5: 874B185900D5916B1EF900C2FE181D00136FAB22
C:\WINDOWS\system32\drivers\mf.sys InMem: 0 Det [G] MD5: 729D83E56C29C510258A6E9E79FFDDC3 PX5: F49C56310087ADB9F998009652109C00BB35FCB1
C:\WINDOWS\system32\drivers\mnmdd.sys InMem: 0 Det [G] MD5: 4AE068242760A1FB6E1A44BF4E16AFA6 PX5: 33A41DEC8064684210700001C4EA1400320E2D4F
C:\WINDOWS\system32\drivers\modem.sys InMem: 0 Det [G] MD5: B30D2DB351E3191BD71232036CFE711A PX5: F22F2ACE0067686F7617004AA04CD400DCD5102E
C:\WINDOWS\system32\drivers\mountmgr.sys InMem: 0 Det [G] MD5: 65653F3B4477F3C63E68A9659F85EE2E PX5: 7309084F00AE944FA5B9001585E15200FF872CDC
C:\WINDOWS\system32\drivers\mqac.sys InMem: 0 Det [G] MD5: DB07B0088CDFD20C2A22E675120EDE34 PX5: A4B93ADE00A3CC201DAC01B48E57ED0024CEA9D4
C:\WINDOWS\system32\drivers\msfs.sys InMem: 0 Det [G] MD5: 561B3A4333CA2DBDBA28B5B956822519 PX5: 075BA4B3803111464A9700E6E20263008B5F85A4
C:\WINDOWS\system32\drivers\mup.sys InMem: 0 Det [G] MD5: 82035E0F41C2DD05AE41D27FE6CF7DE1 PX5: 488AE40380446D0EA57D014A890CCF00C681450A
C:\WINDOWS\system32\drivers\ndis.sys InMem: 0 Det [G] MD5: 558635D3AF1C7546D26067D5D9B6959E PX5: D3D6286080F2E0F0CA7A02249DEC7F001D734284
C:\WINDOWS\system32\drivers\ndproxy.sys InMem: 0 Det [G] MD5: 59FC3FB44D2669BC144FD87826BB571F PX5: FB8873A080F72F00942D005DFF5068001A60ED1C
C:\WINDOWS\system32\drivers\nic1394.sys InMem: 0 Det [G] MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC PX5: 720917AF800A6EE8F12400F5E9C6E000F750E215
C:\WINDOWS\system32\drivers\nikedrv.sys InMem: 0 Det [G] MD5: BE984D604D91C217355CDD3737AAD25D PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9
C:\WINDOWS\system32\drivers\nmnt.sys InMem: 0 Det [G] MD5: 60CF8C7192B3614F240838DDBAA4A245 PX5: 4F6E51DE803D5E299DD30090E39024009FB3BD94
C:\WINDOWS\system32\drivers\npfs.sys InMem: 0 Det [G] MD5: 4F601BCB8F64EA3AC0994F98FED03F8E PX5: 20DA5FD280719B5A789A008E44C90300CCA72CD2
C:\WINDOWS\system32\drivers\ntfs.sys InMem: 0 Det [G] MD5: B78BE402C3F63DD55521F73876951CDD PX5: 66DDEA8480FFB1BBC4F70843EE9A6E00F3167B2F
C:\WINDOWS\system32\drivers\null.sys InMem: 0 Det [G] MD5: 73C1E1F395918BC2C6DD67AF7591A3AD PX5: 7047032880E19D2B0B4300F23A496700B79BCD14
C:\WINDOWS\system32\drivers\nvnrm.sys InMem: 0 Det [G] MD5: F0C8AE1FEFB954367E2DA224AA97537D PX5: 85F2664C0099F925FFC603326D0D4D002B7ED539
C:\WINDOWS\system32\drivers\nvsnpu.sys InMem: 0 Det [G] MD5: 3F7DF8E70889F74D0F8B5CAD7BC3BA45 PX5: CE402C1980567E9F2DC50305A65842005ADFFCB9
C:\WINDOWS\system32\drivers\nwlnkipx.sys InMem: 0 Det [G] MD5: 79EA3FCDA7067977625B3363A2657C80 PX5: B455E8AE80D2C31959AC01662F7EE7009B9C1B54
C:\WINDOWS\system32\drivers\nwlnknb.sys InMem: 0 Det [G] MD5: 56D34A67C05E94E16377C60609741FF8 PX5: 04BB889700AAB944F73D0096D8122400A0912260
C:\WINDOWS\system32\drivers\nwlnkspx.sys InMem: 0 Det [G] MD5: C0BB7D1615E1ACBDC99757F6CEAF8CF0 PX5: 38D410228045AB3DDA820098A4E752008EA9780C
C:\WINDOWS\system32\drivers\nwrdr.sys InMem: 0 Det [G] MD5: 03373A79440473062C6F3AEDEC6A49C8 PX5: B0D1753100E533537F3C02D47C98B30050AB7A8C
C:\WINDOWS\system32\drivers\oprghdlr.sys InMem: 0 Det [G] MD5: 4BB30DDC53EBC76895E38694580CDFE9 PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14
C:\WINDOWS\system32\drivers\p3.sys InMem: 0 Det [G] MD5: ACF18D9F903B29790B8F8E01535F37D4 PX5: BC6A682380C862C2B56A0022A0FE9B00ED93F9A1
C:\WINDOWS\system32\drivers\partmgr.sys InMem: 0 Det [G] MD5: 3334430C29DC338092F79C38EF7B4CD0 PX5: CD5C0D6C00BC0D35496D00DCA66DE800E5B26EF9
C:\WINDOWS\system32\drivers\parvdm.sys InMem: 0 Det [G] MD5: 0DABEF655A444CB1E193626FB1D24B9F PX5: D78233F200E873FD1B40001BF0D2FD00501E1542
C:\WINDOWS\system32\drivers\pciidex.sys InMem: 0 Det [G] MD5: 520B91AB011456B940D9B05FC91108FF PX5: DD4713DB00668128625F00A6F0879B00FA781103
C:\WINDOWS\system32\drivers\pcmcia.sys InMem: 0 Det [G] MD5: 28F3538A2091993A03506311A05053E8 PX5: 1E5E2DAE80A234A7D5E1011E8065A7000BABC19F
C:\WINDOWS\system32\drivers\portcls.sys InMem: 0 Det [G] MD5: 5B0F00E43A7094C0B7E433CB42C79164 PX5: AD607B188079CDEF39B802DAB6A7B200F599BD35
C:\WINDOWS\system32\drivers\rawwan.sys InMem: 0 Det [G] MD5: 01524CD237223B18ADBB48F70083F101 PX5: 3623B25780ED679386B1006F511AA700A8DBED63
C:\WINDOWS\system32\drivers\rdpwd.sys InMem: 0 Det [G] MD5: D4F5643D7714EF499AE9527FDCD50894 PX5: 58B1048788D70AE7203D02788FCE5900DFC3CF12
C:\WINDOWS\system32\drivers\rio8drv.sys InMem: 0 Det [G] MD5: A56FE08EC7473E8580A390BB1081CDD7 PX5: 689BF8B80051228F2F8000540597A5009049C8B5
C:\WINDOWS\system32\drivers\riodrv.sys InMem: 0 Det [G] MD5: 0A854DF84C77A0BE205BFEAB2AE4F0EC PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7
C:\WINDOWS\system32\drivers\RMCast.sys InMem: 0 Det [G] MD5: 35E81B908AE4E97FC7BDF4607C516FF4 PX5: 3F78954280F868910DA803F8FC6F1400E3565A6B
C:\WINDOWS\system32\drivers\rndismp.sys InMem: 0 Det [G] MD5: 7CE8B277F3207EA82D7D22AD348BEFC6 PX5: F5E4CD0480C828137517005714D7F1002CA246EF
C:\WINDOWS\system32\drivers\rootmdm.sys InMem: 0 Det [G] MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7 PX5: F3E7979300A8EEA3177100743639FF0080591A18
C:\WINDOWS\system32\drivers\scsiport.sys InMem: 0 Det [G] MD5: D7FD0FF761E28AC0EA35AD71E0CD67E9 PX5: BAEDAB6C00163F8D78C6012DFF6A240038CAB5E8
C:\WINDOWS\system32\drivers\sdbus.sys InMem: 0 Det [G] MD5: 02FC71B020EC8700EE8A46C58BC6F276 PX5: BA494C87000D7A4F08B4013D43118E00EBAF0531
C:\WINDOWS\system32\drivers\sffdisk.sys InMem: 0 Det [G] MD5: 1D9F1BEC651815741F088A8FB88E17EE PX5: AF380F15808E7A972B3D001ABF251400652E930D
C:\WINDOWS\system32\drivers\sffp_sd.sys InMem: 0 Det [G] MD5: 586499FD312FFD7F78553F408E71682E PX5: 35A841FC0030CAF028AD002AAB39F600184DF1C4
C:\WINDOWS\system32\drivers\sfloppy.sys InMem: 0 Det [G] MD5: 0D13B6DF6E9E101013A7AFB0CE629FE0 PX5: 6884E1AE807AAB872CD300DC197E0C00B015D834
C:\WINDOWS\system32\drivers\smclib.sys InMem: 0 Det [G] MD5: 017DAECF0ED3AA731313433601EC40FA PX5: 8A9722BD003AC63939580092009AC20088FC78D8
C:\WINDOWS\system32\drivers\sonydcam.sys InMem: 0 Det [G] MD5: ADDC9E4757A68AB60562AD3CB9C288D6 PX5: 0B9EAE4180F27A6F636900C11EF4E3002F2E7423
C:\WINDOWS\system32\drivers\stream.sys InMem: 0 Det [G] MD5: C43356072EB3E88CD62958DB10CEAD47 PX5: E9758E5F00F11219BE3300252F112F00F38A6C5B
C:\WINDOWS\system32\drivers\tape.sys InMem: 0 Det [G] MD5: A2A9CA0D1A9AC1FF54220AA0789FE5CF PX5: 1278B1EF80B32A683A3F0096934CD200746C2998
C:\WINDOWS\system32\drivers\tcpip6.sys InMem: 0 Det [G] MD5: 4D58BB1AE8841AAFD8790AD7E1E3B8EA PX5: 32CF71DE80C22838693903AC6683F600681C92FD
C:\WINDOWS\system32\drivers\tdi.sys InMem: 0 Det [G] MD5: 6891B74AB9A016064E82A419388D0601 PX5: D2E197368059988748C500010EF1F2006AC8B3D9
C:\WINDOWS\system32\drivers\tdpipe.sys InMem: 0 Det [G] MD5: 38D437CF2D98965F239B0ABCD66DCB0F PX5: 3FCBC6C1086354332FFD003DE3512D00CB438F2A
C:\WINDOWS\system32\drivers\tdtcp.sys InMem: 0 Det [G] MD5: ED0580AF02502D00AD8C4C066B156BE9 PX5: 8942980688A6EF76558200032BC6D800A375DA91
C:\WINDOWS\system32\drivers\tosdvd.sys InMem: 0 Det [G] MD5: 699450901C5CCFD82357CBC531CEDD23 PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE
C:\WINDOWS\system32\drivers\tsbvcap.sys InMem: 0 Det [G] MD5: D74A8EC75305F1D3CFDE7C7FC1BD62A9 PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD
C:\WINDOWS\system32\drivers\tunmp.sys InMem: 0 Det [G] MD5: 87A0E9E18C10A9E454238E3330E2A26D PX5: CBD0AEE38035D6A5300B00CF5C419100CB427E52
C:\WINDOWS\system32\drivers\udfs.sys InMem: 0 Det [G] MD5: 12F70256F140CD7D52C58C7048FDE657 PX5: 5FD2643980FF4C93024701049FF5A900913F1B6B
C:\WINDOWS\system32\drivers\usb8023.sys InMem: 0 Det [G] MD5: AF090265EC388BAB320F1FF7E7A7D5EA PX5: 6C38C2AE8005B13A31EC001CD2E193004FD5788A
C:\WINDOWS\system32\drivers\usbcamd.sys InMem: 0 Det [G] MD5: 2654EECC6FB13603EBDDCD5C8EA943D1 PX5: D11C923000C0476E5DDA002FC1E34E00BC32EEBC
C:\WINDOWS\system32\drivers\usbcamd2.sys InMem: 0 Det [G] MD5: 61018BA9DF6B63E51D9753C980E73EC2 PX5: D11C923080C0476E5DDA002FC1E34E002B3DC035
C:\WINDOWS\system32\drivers\usbd.sys InMem: 0 Det [G] MD5: 596EB39B50D6EBD9B734DC4AE0544693 PX5: F328D8568037A02F12FA00A0B0E095005A1BACA9
C:\WINDOWS\system32\drivers\usbintel.sys InMem: 0 Det [G] MD5: 2853FD4C4489E0F8BFCF78EFCDB7E998 PX5: 46A2709480A8B9863E99007B5ED70B000E5AFC3D
C:\WINDOWS\system32\drivers\usbport.sys InMem: 0 Det [G] MD5: 2034CA78F9C6E787B4B76D81AC888351 PX5: A1EF174180FC34972E3902AA15903200854523B2
C:\WINDOWS\system32\drivers\vdmindvd.sys InMem: 0 Det [G] MD5: 55E01061C74A8CEFFF58DC36114A8D3F PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF
C:\WINDOWS\system32\drivers\videoprt.sys InMem: 0 Det [G] MD5: D5A9D123F5ED7C9965A481BD20CF66D8 PX5: BBE87C52808D55E2379801ACFA738900C0632DEC
C:\WINDOWS\system32\drivers\volsnap.sys InMem: 0 Det [G] MD5: 698869E82C57169F2140C04A272BF12B PX5: AC3AFD0E80294768D03200EE1153E40098EF3DD1
C:\WINDOWS\system32\drivers\wmilib.sys InMem: 0 Det [G] MD5: 2F31B7F954BED437F2C75026C65CAF7B PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3
C:\WINDOWS\alcrmv.exe InMem: 0 Det [G] MD5: 44EBFF020ACE3FE4FB52FB9AF64233C6 PX5: 17B5AD8F00731D6820A1022A407AD6007EEDEC9B
C:\WINDOWS\alcupd.exe InMem: 0 Det [s] MD5: 83A5B21630DD5FC39A7AA7AD21F702FB PX5: 58ABC4360066C9DA306A039FC9EC45008EC101C9
C:\WINDOWS\gmer.dll InMem: 0 Det [G] MD5: FAB2F90E635F4092403C746211C9B732 PX5: 76363BBB00B55D74806F0C347EF0330022800035
C:\WINDOWS\gmer.exe InMem: 0 Det [G] MD5: 8EB75F74547DDEA83444CAB367D867BB PX5: C8F8E9E7008F5422A0090BCC464D98007C010C68
C:\WINDOWS\NOTEPAD.EXE InMem: 0 Det [G] MD5: 13363E86B666F195AD0BF5A1630ADE0F PX5: B603F7FE0094FF11128201E40FA14400A1692B2A
C:\WINDOWS\TASKMAN.EXE InMem: 0 Det [G] MD5: 6632AF6B5DA3C19B5CF88F1017A7707E PX5: 3F2A394F00E022653CEA00BD2EAB5600006CD7F7
C:\WINDOWS\system32\access.cpl InMem: 0 Det [G] MD5: 5FF4CDE1433C89D29B3BA23CACA2747E PX5: 66B5761300CDE0E114800159D3951800C9FCAE57
C:\WINDOWS\system32\acctres.dll InMem: 0 Det [G] MD5: 8174569A04C8B6FE4E9406F1FD46397E PX5: 7348E8FA00BD1B75086301DF6B0B3E006FF6B2B1
C:\WINDOWS\system32\accwiz.exe InMem: 0 Det [G] MD5: 560C2E389A9ACE3BCA41F1E443AA9F0B PX5: C8374DA200B936BDE4FD02975AAA1F005BA3A040
C:\WINDOWS\system32\actskin4.ocx InMem: 0 Det [G] MD5: 99825C8AED2FA0AC76AA0FAD770F44C1 PX5: 7C6744DE000B4449D0190584008B2D009206F377
C:\WINDOWS\system32\ALSNDMGR.CPL InMem: 0 Det [G] PX5: 9D856BB600935D63A059F67874BD8F004B40A442
C:\WINDOWS\system32\aswBoot.exe InMem: 0 Det [G] MD5: 4108ED9980F581F502C1D72C0D7F77DA PX5: 706B472B7827EF977DD4114E29354600580260D4
C:\WINDOWS\system32\atrace.dll InMem: 0 Det [G] MD5: 9C8699655B1CCB006029538C82534475 PX5: E984B60E004E8EE62C3100E616D5BD0028B897A3
C:\WINDOWS\system32\AvastSS.scr InMem: 0 Det [G] MD5: 77F34D86310882B8D2C99A24CCABDEB9 PX5: F8B7EB6278E6DB90752E01596B9388009E9D3683
C:\WINDOWS\system32\avmeter.dll InMem: 0 Det [G] MD5: D1D98616C3B91B7688BC2A7AD9A123CE PX5: 461F53D10012C41D403500661C315600B267785A
C:\WINDOWS\system32\avtapi.dll InMem: 0 Det [G] MD5: B4E50303649B40B8D86A4CC62A5CD1B5 PX5: AEF2F5170097D78C900A03070F2E140011C6B698
C:\WINDOWS\system32\avwav.dll InMem: 0 Det [G] MD5: 10A6E5EF5874212B5A127B65F07956DB PX5: 737DE91A00AE1AB21EAD012E3562E6001B580DF7
C:\WINDOWS\system32\batt.dll InMem: 0 Det [G] MD5: 5CE3D189BF845BB30583E61D291E36DE PX5: C6016FE200C2596622E400C49A9E1F0080D17CA0
C:\WINDOWS\system32\bdco1.dll InMem: 0 Det [G] MD5: 3CC4B600C6E70EE373ED547B0041A282 PX5: 63ABEA3A008D97042692006CF0D74B00C6EC6CA0
C:\WINDOWS\system32\bdco1ins.dll InMem: 0 Det [G] MD5: 3CC4B600C6E70EE373ED547B0041A282 PX5: 63ABEA3A008D97042692006CF0D74B00C6EC6CA0
C:\WINDOWS\system32\bitsprx2.dll InMem: 0 Det [G] MD5: 8BC79A27C6EA01DF03450C18C5A3EB3C PX5: E0F29F25008F5CB620C8006E8552EB005057C84D
C:\WINDOWS\system32\bitsprx3.dll InMem: 0 Det [G] MD5: 2B23C4F9ED0862F7DA690AA6E1141EEB PX5: B5FAFBCB00520EA01CCE007C78692D00A6ABE167
C:\WINDOWS\system32\calc.exe InMem: 0 Det [G] MD5: 835ED9C06DA0DEEE11FF863045323F88 PX5: 5BDBC96E001A8363C02501E8D53F0300138D49A1
C:\WINDOWS\system32\CapabilityTable.exe InMem: 0 Det [G] MD5: 9A1F2328C6115C5D7EB8D765E405F6C2 PX5: 859ED6CF009CFE56F0BA06D27F22C300D74E85FF
C:\WINDOWS\system32\catsrv.dll InMem: 0 Det [G] MD5: 1F414AFF4788788E7CCABA417E7A17FD PX5: EA5A009600F2CC138220039312435D001220CD21
C:\WINDOWS\system32\catsrvps.dll InMem: 0 Det [G] MD5: B49C66B253876F1D07AF4A38D0987069 PX5: CCCC5BB500E33C254EE80163D22866001E376DA4
C:\WINDOWS\system32\catsrvut.dll InMem: 0 Det [G] MD5: D3535BDE5C0BCF9ADF24654A1B648ACF PX5: AFF98E87002757BD9656090563C146008F58F070
C:\WINDOWS\system32\cdmodem.dll InMem: 0 Det [G] MD5: 3EBA4AFEAB5DE7D8361B1AA76030043B PX5: E2A111CF006CC5CF3E8A0057EE7CD1000E4D33E7
C:\WINDOWS\system32\cfgbkend.dll InMem: 0 Det [G] MD5: B297281810FD0C84673519EB713FAF1F PX5: 550D5D3300394D809AF80038088C3300098588CF
C:\WINDOWS\system32\charmap.exe InMem: 0 Det [G] MD5: 98ADFDF843AD232471E4EB2A9D6F9BC2 PX5: B2BA607C00117FE93CB201F2CEF5910059B9AD94
C:\WINDOWS\system32\ChCfg.exe InMem: 0 Det [G] MD5: D08E5A736654EEADA712E12C0375751B PX5: 6BA9E7FA001BD8D8A09300B4BA94FF00BBAC4018
C:\WINDOWS\system32\clbcatex.dll InMem: 0 Det [G] MD5: 9B2538A6F722023535E0132AD3275628 PX5: 05D14C9700FB8CA6AE79017BC0F14500983CD4D8
C:\WINDOWS\system32\clipbrd.exe InMem: 0 Det [G] MD5: 690F40CA99A9F0F4795086B8957024B5 PX5: 927A64D10067182C9AEC01198894610034CEA895
C:\WINDOWS\system32\cmprops.dll InMem: 0 Det [G] MD5: B51F0D6B38CE44CD5784883064D03934 PX5: A2160B8D0027E390E05702D39B2C5500865B786C
C:\WINDOWS\system32\comaddin.dll InMem: 0 Det [G] MD5: 51664DA3E7874AFF4848124742BC5286 PX5: 4708344700686E8864F900664FC13D00ADE61A31
C:\WINDOWS\system32\comrepl.dll InMem: 0 Det [G] MD5: 7320B212464B0D1B3D585B167371DDB7 PX5: 5BC0EB4A008C54B3424B010E1A9376004AECCE3C
C:\WINDOWS\system32\comsnap.dll InMem: 0 Det [G] MD5: 45C8BCB636DE30D48933F6A6BEE5ACCB PX5: 44BEF5C200B2A9E04085027364D31200785C21F7
C:\WINDOWS\system32\comuid.dll InMem: 0 Det [G] MD5: 7CB398B42A95C0F3799E54925FAEA401 PX5: 4E4A489E00DFD8193E2A08FC3C96700006D47025
C:\WINDOWS\system32\dcomcnfg.exe InMem: 0 Det [G] MD5: 87A0ACAC0EC8BB49EDDEFF12F2DC090A PX5: BCAA019C00D3B5C914A500708C958D00F6D9A15B
C:\WINDOWS\system32\deskadpv.dll InMem: 0 Det [BP] MD5: 47C50BE99D77165470B7C06A61BD4FD7 PX5: 71FEB19F00AC251358FC012F9C42BB00DD882AB4 Malware Group: Malware Downloader
C:\WINDOWS\system32\dgrpsetu.dll InMem: 0 Det [G] MD5: 5D4779B7FF8E9EC9C234B1E559145253 PX5: 4193CE261D661EA8B055021EB52473004F54853A
C:\WINDOWS\system32\dgsetup.dll InMem: 0 Det [G] MD5: 183916BF2BE2D9FF822A19900EE0F342 PX5: 9D89C0B01C87746D4EB801AD614F2B004CCD0348
C:\WINDOWS\system32\EqnClass.Dll InMem: 0 Det [G] MD5: 089140A88645B4B2E7FE7F3684B208CC PX5: 60C5EBC30095274D940501405D9080004A1F6009
C:\WINDOWS\system32\fdco1.dll InMem: 0 Det [G] MD5: C91AD4BCC0E8A7BC742C24643F72FA4C PX5: 524DF9F500863329145303FE2234F600E053F9B4
C:\WINDOWS\system32\fdco1ins.dll InMem: 0 Det [G] MD5: C91AD4BCC0E8A7BC742C24643F72FA4C PX5: 524DF9F500863329145303FE2234F600E053F9B4
C:\WINDOWS\system32\fltlib.dll InMem: 0 Det [G] MD5: 2F2A8A14741AC77DDCBB34263088F889 PX5: ACFCF3390044535E42FD007AE7CAD300CEA9EE8D
C:\WINDOWS\system32\fltMc.exe InMem: 0 Det [G] MD5: EF51E72942F2A83EAD1E42F06C8DA607 PX5: 7DC3CEF900C2B6BD5859000794657F0025EC9411
C:\WINDOWS\system32\freecell.exe InMem: 0 Det [G] MD5: ABE047BB8018FED236DE3F38812B79FF PX5: 9CE31AF100A89970DABA0061D34EDA005F7F6617
C:\WINDOWS\system32\getuname.dll InMem: 0 Det [G] MD5: ED42DA24BB7E63EBFAD38BA4B2F57727 PX5: 5C6E9A5800D2E8D53E0009C7DF5B6700D7CC4B28
C:\WINDOWS\system32\hypertrm.dll InMem: 0 Det [G] MD5: 81C6D26AAE91BA3F07024D6979A28C28 PX5: 81EA7FF200796FCF5A27059184B9D6007E2A681B
C:\WINDOWS\system32\icfgnt5.dll InMem: 0 Det [G] MD5: 457C562F633619C1FACA88C75A6908EF PX5: 99B2874600C6276640F5008C856063003EC21AE2
C:\WINDOWS\system32\icwdial.dll InMem: 0 Det [G] MD5: 589C342DF33E06DC0DC86EE1E4F47552 PX5: 1030041600DB8AE42053011F10FADE009675ECF2
C:\WINDOWS\system32\icwphbk.dll InMem: 0 Det [G] MD5: ECB781957AFF646E2763AFC631580DF3 PX5: 5509BFA6005E680500B4012BEC609D00690AF18A
C:\WINDOWS\system32\idecoi.dll InMem: 0 Det [G] MD5: FB5497CD15A0A8909AB0E55AC2C49B6B PX5: A92C937500744E199474045B5FBCD000B85EF309
C:\WINDOWS\system32\ils.dll InMem: 0 Det [G] MD5: 409A90FC3BEAC284CF22E86493BA7802 PX5: 92785051002921A6401701877BEF3C00F61B92F6
C:\WINDOWS\system32\inetcfg.dll InMem: 0 Det [G] MD5: EFFB39DEEFB307C6AA6C1F9F80B55490 PX5: 82317CE5000396A140E0043FF3CE1100A391AF1E
C:\WINDOWS\system32\inetcomm.dll InMem: 0 Det [G] MD5: 92E3318680AD259925E3CD18BEF52B38 PX5: 6F7BA8DE0062322F5AD30A718DCC6800D15C0FDF
C:\WINDOWS\system32\inetres.dll InMem: 0 Det [G] MD5: 73E230AD83B0D29CEA963A3AB8D7B040 PX5: 01240F3500388EF8C82C000530AB80006440F2E7
C:\WINDOWS\system32\irclass.dll InMem: 0 Det [G] MD5: E57917C81F996E8B8B5182DDA3B11954 PX5: A1720D6E001A1AEE34D700CC6DD7CD008F7F0C61
C:\WINDOWS\system32\isign32.dll InMem: 0 Det [G] MD5: BEC81BFADFD1F305F770F551125E9BC4 PX5: 85A2977900D18F4C50FB01D3BC848C00752B87F1
C:\WINDOWS\system32\isrdbg32.dll InMem: 0 Det [G] MD5: FDA9CAA6BF75F3CA5589272397ED3AEA PX5: C2B8646500C24DA4807800BD6D6E33004F619697
C:\WINDOWS\system32\KBDAL.DLL InMem: 0 Det [G] MD5: 615DDBB5CBBAE8301C1E7FA95F1E66A3 PX5: 2A3A405B0066D3521A2400E6B5F7B0007FCCF863
C:\WINDOWS\system32\kbdaze.dll InMem: 0 Det [G] MD5: 0304318F189E3CC4A99FCCCB0A68147F PX5: 9B72CA830012D1061679007C84FE8800C4F6549E
C:\WINDOWS\system32\kbdazel.dll InMem: 0 Det [G] MD5: 712A218557F99D136735E0545E5AE223 PX5: 6A4E30150066EEEB16170058FBDA52009B32C958
C:\WINDOWS\system32\kbdblr.dll InMem: 0 Det [G] MD5: A1FA7A83F9D98D84419A8E64286284F4 PX5: 3A6EE5860029A0B51678008DE1F1DE0042AF5F06
C:\WINDOWS\system32\kbdbu.dll InMem: 0 Det [G] MD5: 1DF6E4758611E1328567BFE4D1B28E27 PX5: BA8C93540032EFE2167E0013D1916A00447F56A2
C:\WINDOWS\system32\kbdcr.dll InMem: 0 Det [G] MD5: 5B46568257EE49714564511D58E0DE53 PX5: 4932668100EA297A1AA9004FCBAE8900AB423266
C:\WINDOWS\system32\kbdcz.dll InMem: 0 Det [G] MD5: 36E68E02AF2206FC4A8C73CAEABE1FB0 PX5: D5903214009B0FB91C1C00EA04AA5F0003E0340A
C:\WINDOWS\system32\kbdcz1.dll InMem: 0 Det [G] MD5: AFA30A44ED11A5F9A059A2767AB6A81A PX5: A20065170067FDB11AEA00CF0F132D00990736EE
C:\WINDOWS\system32\kbdcz2.dll InMem: 0 Det [G] MD5: 90535C13EB54E1F2C95478F1B99DCCEB PX5: 23F543570066FA9B1A2C00FF9EA367007232852E
C:\WINDOWS\system32\kbdest.dll InMem: 0 Det [G] MD5: BBB6C3346064C6AECEE6AD9F144B1AEA PX5: E116298600C4CE7C1838009D2C83880001C10E05
C:\WINDOWS\system32\kbdgkl.dll InMem: 0 Det [G] MD5: A93447C87DDB6B1945F1F5F87EAB68DC PX5: 1E510FC80051AF8118E600DCE1E1380042A79445
C:\WINDOWS\system32\kbdhe.dll InMem: 0 Det [G] MD5: 83C99B438B3D6DBE7B838DA783E173AC PX5: 38F9A1C8006E27EF16EB00188F1CF7000D9F3564
C:\WINDOWS\system32\kbdhe220.dll InMem: 0 Det [G] MD5: 1E81E1F3D5ACB3371CF73C1DE8F800BF PX5: 551994EC00551FCC162200A78039EF0034063AD4
C:\WINDOWS\system32\kbdhe319.dll InMem: 0 Det [G] MD5: AC81A176BA35D1D7A5CD53137F3160FE PX5: 45D2F5BD00FB0AB416E300CD07651A003913BACE
C:\WINDOWS\system32\kbdhela2.dll InMem: 0 Det [G] MD5: D26533FDF72381947F823882BBA4A196 PX5: 26CCBAC60094B58718C8000DF737D4007069556D
C:\WINDOWS\system32\kbdhela3.dll InMem: 0 Det [G] MD5: F2312B8A76FD584ACD1D956688BEB6F8 PX5: 97A7DD97003D3E721A6200E48EAD4F009D3F20AC
C:\WINDOWS\system32\kbdhept.dll InMem: 0 Det [G] MD5: 90CC52E8B52F0EC3A41D14FFBE789324 PX5: E93F35D10027B5DD2038004332ADF00068E58029
C:\WINDOWS\system32\kbdhu.dll InMem: 0 Det [G] MD5: CF92D95B5CB6649CB9D7E8D7616487A7 PX5: 5B53418900EAC0081AEA008A0D04B700DFB202B5
C:\WINDOWS\system32\kbdhu1.dll InMem: 0 Det [G] MD5: F3D1EEC756847C70E65335E8CA1AE64B PX5: C00A14A300D3BF6516C400206D4C0900C4797A49
C:\WINDOWS\system32\kbdkaz.dll InMem: 0 Det [G] MD5: 95D9106D39AB410A7F7EE513F181F84C PX5: 9C60E7270020E3381611009CFCA71800B367CE4F
C:\WINDOWS\system32\kbdkyr.dll InMem: 0 Det [G] MD5: A49B3F7CAA08EB8771F3D07A84890C26 PX5: 0FB75D67000B1AE21611002F983C48000D4B729B
C:\WINDOWS\system32\kbdlt.dll InMem: 0 Det [G] MD5: F5B3B152A1D2752BC88928EB1E031B7E PX5: 98DE2BC100DAF049162600040FAE1300DAAD8044
C:\WINDOWS\system32\kbdlt1.dll InMem: 0 Det [G] MD5: AF05A41DBD1B0424B5CB47092152C7F6 PX5: C364AEEA001388C0167F00F451F5EE00C776935E
C:\WINDOWS\system32\kbdlv.dll InMem: 0 Det [G] MD5: C047165ED75FF85DB5A89EFEE3DA1133 PX5: 40E0A1EE0045151318C800CABDBAE700BE898FE2
C:\WINDOWS\system32\kbdlv1.dll InMem: 0 Det [G] MD5: 27D72BCF2B495FCDA073DBA5F189D7A1 PX5: E11F1CEA009A124B187000A9A615FE00BEA1FC63
C:\WINDOWS\system32\kbdmon.dll InMem: 0 Det [G] MD5: 92295313792366652C4779C5612F3321 PX5: 590AFBD300F132321664000844395400B2DD7613
C:\WINDOWS\system32\kbdpl.dll InMem: 0 Det [G] MD5: D199B05901C2407FC0F87444A24A4F3C PX5: 33F32BA800D76CE91A6E0052F0753C00E01145C9
C:\WINDOWS\system32\kbdpl1.dll InMem: 0 Det [G] MD5: 897663C8606357A8E86E57CDEA8EE219 PX5: DC40C258003DC2F1162100591EEA55004279E313
C:\WINDOWS\system32\kbdro.dll InMem: 0 Det [G] MD5: C2E62748C875A310A6D5B10498238A68 PX5: 17D729040061F89916AB004D55CDD900B2ACDAF8
C:\WINDOWS\system32\kbdru.dll InMem: 0 Det [G] MD5: C6F23BC1411E91C179B0635893BB40A1 PX5: 7E9E7F6F00689AD216A800B9E05CFE007379647D
C:\WINDOWS\system32\kbdru1.dll InMem: 0 Det [G] MD5: B6E962B7AC1CB4A78876953D369BE6DD PX5: F78CD54300BE7A5716410073AD735B00BC18AAD7
C:\WINDOWS\system32\kbdsl.dll InMem: 0 Det [G] MD5: DCCE231E5BDF1401AC0F770EE16902AA PX5: 145ADDF700F6168C1A2B0081E8BCC300990D1E88
C:\WINDOWS\system32\kbdsl1.dll InMem: 0 Det [G] MD5: 93033C3EA80FB24B198B24DDECA07D4A PX5: 8C0E8540008FB0631A4A0094A8DA1900C0B62EAD
C:\WINDOWS\system32\kbdtat.dll InMem: 0 Det [G] MD5: F2D1EEF5ADCD5995C015AB3CB15C9415 PX5: 57244493000E4A0A166900B8D1F1A400CB7C2EEE
C:\WINDOWS\system32\kbdtuf.dll InMem: 0 Det [G] MD5: 188E56B70419D8353B8D4F3E381D9E52 PX5: 5E97C80A00BD3806181F0076B5392A004331B501
C:\WINDOWS\system32\kbdtuq.dll InMem: 0 Det [G] MD5: 5D569F2951F878EF01D7723DC08682E9 PX5: 24D02187006F9CFB187400D3B721FF00E36ED8DF
C:\WINDOWS\system32\kbdur.dll InMem: 0 Det [G] MD5: 3DDE3DC57C54452A313DC20F3019F8E3 PX5: F67486210059386D16530005D2674D0049AFC121
C:\WINDOWS\system32\kbduzb.dll InMem: 0 Det [G] MD5: 4F9CFFBF05831BB81833FC64A5329C36 PX5: 08CBFA1B009B5FC9162B00341E918C00437DEA64
C:\WINDOWS\system32\kbdycc.dll InMem: 0 Det [G] MD5: E5D4673C83271FEEE1ED73E1E281A42B PX5: D5D525F30029A795163300526880C200CEFEEB97
C:\WINDOWS\system32\kbdycl.dll InMem: 0 Det [G] MD5: 552221E92D6BF55F8358B927F00696C3 PX5: E82543E9001C48FB1AE100DB66B55C003CDC71CA
C:\WINDOWS\system32\ksproxy.ax InMem: 0 Det [G] MD5: 88F8C4283F5BD70779A4E0AAB2354407 PX5: 147F5932007B7997FC7901F75383A8002F61D38B
C:\WINDOWS\system32\ksuser.dll InMem: 0 Det [G] MD5: FBBB356A996903FFB831BF72FD2A3E85 PX5: AAD6D56F00EC2271104D0037883D3E00B79BCD14
C:\WINDOWS\system32\licwmi.dll InMem: 0 Det [G] MD5: EAA8DA8D7D77637C7EC0CF44D7100DF2 PX5: C7548F9500AE0C75E66B00875561E1003304637A
C:\WINDOWS\system32\logoff.exe InMem: 0 Det [G] MD5: 1499E41F6FBA9021B4C607FCC9579204 PX5: D5E2AD6300B725623EA700B65DAB6B009EBBE99D
C:\WINDOWS\system32\mmfutil.dll InMem: 0 Det [G] MD5: 4E5C17BCF0DE39D954A2C17F95F3BCD1 PX5: 80DB5BFE00A1F42846840032E77641006C79DA53
C:\WINDOWS\system32\mnmdd.dll InMem: 0 Det [G] MD5: E76EAD7A01147DF6C9FBC0750EC78333 PX5: F2691A1700C3BF5E87580044B9DDA90086722DDC
C:\WINDOWS\system32\mplay32.exe InMem: 0 Det [G] MD5: DCC8FAC23F93C8D42E88D75086CE098A PX5: 03A212CE00B98744E66F018FCC4A7F00AA85494C
C:\WINDOWS\system32\msconf.dll InMem: 0 Det [G] MD5: E16F0E4D91F939CDDA3D31215E45D257 PX5: D042821F0060F1A81089010BF9CCF4006521DB40
C:\WINDOWS\system32\msdtclog.dll InMem: 0 Det [G] MD5: 2C8FF72FCD66297E972A337AB35E5CA7 PX5: F6D3FAA500BEDEDEE669002C2365FE00C89AF901
C:\WINDOWS\system32\msdtcprx.dll InMem: 0 Det [G] MD5: 5260601972B62A5516A2386B6A2E9E00 PX5: FBB55363000358C37EE9067A68553D0041933916
C:\WINDOWS\system32\msdtctm.dll InMem: 0 Det [G] MD5: EF640C1F25730AC4DDDAA8A3DFA3373C PX5: 5152CF0A004FE05D7C760EA3FEEC5500F0F1EFA7
C:\WINDOWS\system32\msdtcuiu.dll InMem: 0 Det [G] MD5: A08F42D8DC287977DCC5B70CA6B78C51 PX5: 332C1B9000B5C6E87680028980C51400FA4E0604
C:\WINDOWS\system32\msg.exe InMem: 0 Det [G] MD5: 00E315FA754C178396EE4A38FC46A697 PX5: 4966872E005DCE2758ED007F7427F200FFE6D5D8
C:\WINDOWS\system32\mshearts.exe InMem: 0 Det [G] MD5: 4AC2263791B71C4FED2A94CF7E324AFA PX5: C2E9A42100435440F27E0185465A090009A111AF
C:\WINDOWS\system32\msoeacct.dll InMem: 0 Det [G] MD5: 021E5FD7D76944FA602020F5502A9707 PX5: 3ACF9F4500D7372BDCA4039309C81D00EC17AA21
C:\WINDOWS\system32\msoert2.dll InMem: 0 Det [G] MD5: CC1156C6C8D3D05460E83054207C4B3D PX5: 61C8D0CC002EB4989EDF01861BAC8800B0749E11
C:\WINDOWS\system32\mspaint.exe InMem: 0 Det [G] MD5: D8EE9E9D4A136F357BF0FE0B6384109A PX5: 54E6440A00AD5EE848D205207C533200AE1C47A1
C:\WINDOWS\system32\mstinit.exe InMem: 0 Det [G] MD5: 6702EFEFE5C026364D2AB1FEDC2657C2 PX5: 043AC1FA004D26F830BC00482B5DAB009EAE1F95
C:\WINDOWS\system32\mstsc.exe InMem: 0 Det [G] MD5: 18D96CCD878CBDA769858F929099EBA7 PX5: 17F7547C002B1C2C3EF2060FAD866E0088AF8139
C:\WINDOWS\system32\mstscax.dll InMem: 0 Det [G] MD5: B202B160C128CCB5265082A94EE01A6C PX5: 37B43E7F00927A9F008A0AD4DD10F5008424F843
C:\WINDOWS\system32\mtxdm.dll InMem: 0 Det [G] MD5: DC1972F31721F0C21530B994A357E911 PX5: C7F1D86D003B0CDF506A009A6910A80028C81911
C:\WINDOWS\system32\mtxex.dll InMem: 0 Det [G] MD5: A61EFD87335D2D0611314BEC39F12D1F PX5: 1B5DADD1000F1AD8100A00AA5E36EB00B79BCD14
C:\WINDOWS\system32\mtxlegih.dll InMem: 0 Det [G] MD5: E5036A7F5846BBB460BC171D51F85DFC PX5: 323AC06F00015B8E62AA0051F6ED0800B8BD9B6A
C:\WINDOWS\system32\mtxoci.dll InMem: 0 Det [G] MD5: 6D83605EFF78232598B5662EE49EC1DF PX5: 9E03EF55005E2DEE60B801678F02D5002E770977
C:\WINDOWS\system32\nmevtmsg.dll InMem: 0 Det [G] MD5: A2FA8315959EDCFF8D1F3EE195557CEE PX5: 8599B77B00E457FB30210034ECEDCA00DADE1A8C
C:\WINDOWS\system32\nmmkcert.dll InMem: 0 Det [G] MD5: 5F860FD74DCDE565135FE69ACA2F8778 PX5: 055BBBD6002DBF4570CC005237A2820036CCA7A7
C:\WINDOWS\system32\nvconrm.dll InMem: 0 Det [G] MD5: CEF4B02F13BA3111A6EB20FE9DE75C3E PX5: D024B037007C59F67E94009F97C68F00B4A91F9D
C:\WINDOWS\system32\nvudisp.exe InMem: 0 Det [G] MD5: 33B0F0BE4136AAA68D8C47C5FD587A67 PX5: 687A4FA000A3A536C0DE0286770B1F00A23E9173
C:\WINDOWS\system32\NVUNINST.EXE InMem: 0 Det [G] MD5: 33B0F0BE4136AAA68D8C47C5FD587A67 PX5: 687A4FA000A3A536C0DE0286770B1F00A23E9173
C:\WINDOWS\system32\nvunrm.exe InMem: 0 Det [G] MD5: 60F1D760EE822FB84D26620B0AE117C0 PX5: 7E73D275003BBEFFB0F6026DFCC63B00CB4470C9
C:\WINDOWS\system32\nvusmb.exe InMem: 0 Det [G] MD5: 709A49D73D3B3CB6039CCA1A308CE793 PX5: 7E73D275003BBEFFB0F6026DFCC63B00BD16D691
C:\WINDOWS\system32\qappsrv.exe InMem: 0 Det [G] MD5: EC3213B70AF1636AAA3DD51B5AA79CFC PX5: 85BD9A03001676DE44A400ACDCE3B0000F252E3C
C:\WINDOWS\system32\qmgr.dll InMem: 0 Det [G] MD5: 04E8321935AD5643FF59901F3EF5F4F3 PX5: A628078700D0FC00D60105464D1E6100132AFD53
C:\WINDOWS\system32\qmgrprxy.dll InMem: 0 Det [G] MD5: BE1D34BDD12D2EDBD8463F369CDF76AA PX5: 90A83EF100C957CF4A3700A432F0C300430C6CDE
C:\WINDOWS\system32\qprocess.exe InMem: 0 Det [G] MD5: 6874CB473E0A15E2339655CD6C168A0B PX5: 1FAD6E4F00E2234A504B0054C065B000337B251E
C:\WINDOWS\system32\qwinsta.exe InMem: 0 Det [G] MD5: A3996D1055C251669AACA16B92280B0E PX5: 513D5D2E0090F01E5A59008FFC02AF00F80B81F8
C:\WINDOWS\system32\racpldlg.dll InMem: 0 Det [G] MD5: 389A3D9705713EC6D61220375CB55B9D PX5: 252F4A3500656BD2AA4100012FF3FD003421C6A9
C:\WINDOWS\system32\rdchost.dll InMem: 0 Det [G] MD5: 8106D75BB2E6CF56213BDC8A22EA30AE PX5: EAA3433A0065E23042F702D1A512DF00367D1BBE
C:\WINDOWS\system32\rdsaddin.exe InMem: 0 Det [G] MD5: EA7C005922CBDC404B2D56B3A40720CC PX5: 05568789005ACB9E36B400893B596E0034D0CACE
C:\WINDOWS\system32\rdshost.exe InMem: 0 Det [G] MD5: 10CDA4F3596A64B2CCD585C32D29832B PX5: FE906FE3002C3A8106AA01996BC31F0089E29EFA
C:\WINDOWS\system32\regini.exe InMem: 0 Det [G] MD5: F77ECCBE8DE0B09E9D2D36D0D76C6FEE PX5: 69B3D97900504E9784330033792D6C0019007C65
C:\WINDOWS\system32\reset.exe InMem: 0 Det [G] MD5: 918DA23D348472D9A847858ECA2FEA5E PX5: 6B0EA7C80018D2A72657007CF67DD1001015FA99
C:\WINDOWS\system32\RTLCPAPI.dll InMem: 0 Det [G] MD5: 118775F60B07291B63652762B1009216 PX5: A862B732009BC558649B024429CB6100E3C0BFC6
C:\WINDOWS\system32\RTLCPL.EXE InMem: 0 Det [G] PX5: D2D72DFF008FE62236EB8E3130D27800886F1374
C:\WINDOWS\system32\rwinsta.exe InMem: 0 Det [G] MD5: 08834017CD0BA0AE2C4071E53C0C22E5 PX5: 406863D200196804409B000D1ECF3200D58AABB3
C:\WINDOWS\system32\safrcdlg.dll InMem: 0 Det [G] MD5: A204E9EBE6CFE90594846F270425B68C PX5: EF27C2370031D174AA84004C05CDDD002CB6E86A
C:\WINDOWS\system32\safrdm.dll InMem: 0 Det [G] MD5: CC354C956E685EC242C274068C11249F PX5: C7D9F655004D961C74AB002E9905AD005C9D301A
C:\WINDOWS\system32\safrslv.dll InMem: 0 Det [G] MD5: E7E3D50CD48B11539798B07AC1324DB2 PX5: E77C85900058DC7AB22E009E398E4800A11BCE2F
C:\WINDOWS\system32\servdeps.dll InMem: 0 Det [G] MD5: D0187DD7F05C076942A6356F4A17E9A7 PX5: 8E22BD5D000C0F06DCE000E4EBDD7800520EFB43
C:\WINDOWS\system32\shadow.exe InMem: 0 Det [G] MD5: F67F896BA60045FA0B5663A7F2003DCE PX5: 44E2E9FB00305E993C75009C1FBF8F00D582F681
C:\WINDOWS\system32\sndrec32.exe InMem: 0 Det [G] MD5: 54CB5FD41E1F44772CEA7F673BB0C43D PX5: 362E6E9200489F45065202C548845900E77BF947
C:\WINDOWS\system32\sndvol32.exe InMem: 0 Det [G] MD5: F919469DD85BD90AF9C609A27C82E0CA PX5: A0E7261E006E7A81202602D8A8714400CABE2BF0
C:\WINDOWS\system32\sol.exe InMem: 0 Det [G] MD5: 6F321C00408ECF29E7B3D855D99F5F6B PX5: EDABAE770079E79BE049002FD274C400542ED952
C:\WINDOWS\system32\spider.exe InMem: 0 Det [G] MD5: F9F0C08C4C0E343ACE85EDFF0D1CED3B PX5: AAD4725300841EF03A4508FFE3BEA9005F0ECDA8
C:\WINDOWS\system32\spxcoins.dll InMem: 0 Det [G] MD5: 386697AD5DE346002FAB156C2F0B5E6F PX5: 4669A27255B086B46043001B13F04A000DF21A71
C:\WINDOWS\system32\srclient.dll InMem: 0 Det [G] MD5: A8C25DE0A2227F3D426BD55C6CE7CBEC PX5: B81A1AC100CB8448087701697E088400D5013702
C:\WINDOWS\system32\srrstr.dll InMem: 0 Det [G] MD5: 2383004AEFEE273BEE6289C1A86918C5 PX5: 10A2CE6900730D98B2CA034CF9823200BDA4C368
C:\WINDOWS\system32\stclient.dll InMem: 0 Det [G] MD5: 99D7B791B71DA8B18F70C88A632BAA5F PX5: 8C9AB97E00B1A862D4830057F9E2B70090D5CECD
C:\WINDOWS\system32\storprop.dll InMem: 0 Det [G] MD5: F193514C0094671C927B07344AA3340A PX5: 4DBA767A00135B5B287F01345A8BE5002A2BACE2
C:\WINDOWS\system32\tscfgwmi.dll InMem: 0 Det [G] MD5: 9FC660419764F41776484D76F8164C9D PX5: CED8592F0097F900701E01BFAF3B44006C4361F3
C:\WINDOWS\system32\tscon.exe InMem: 0 Det [G] MD5: 0E7F4D3D4BE3ED00C85685CAE91F8494 PX5: F3930E260083DD023CB0001694D782006CAC8C04
C:\WINDOWS\system32\tscupgrd.exe InMem: 0 Det [G] MD5: E6B8C719DF47A4BB86F5AF15D32E54CD PX5: 96D9AEE500AC457BAE7E0047A234C30055FB12E0
C:\WINDOWS\system32\tsdiscon.exe InMem: 0 Det [G] MD5: CB0B07F2888FA508926DE75810982A5A PX5: 1940EE32005C98113C2300F1A0A55100AB2E5D1A
C:\WINDOWS\system32\tskill.exe InMem: 0 Det [G] MD5: 4450A1E461EF13FB38BAC12B108883B3 PX5: 5629966E0012BD82400600033E1702007FCC8785
C:\WINDOWS\system32\tsshutdn.exe InMem: 0 Det [G] MD5: 6944531D915C4D4E7CEB11117EDFF222 PX5: 5C6372AD003284B34499009B5757880070D36C6B
C:\WINDOWS\system32\usbui.dll InMem: 0 Det [G] MD5: 3316E50E452F908482C0EB62B17F9308 PX5: B6E1D2C200FEC61F2C3F015D24F0D600CD71A0B8
C:\WINDOWS\system32\watchdog.sys InMem: 0 Det [G] MD5: C9BF2F12C4E6C12F8A85FBA4B6BC6208 PX5: A5490EC7005C2AF84570001E79455E0011553B7B
C:\WINDOWS\system32\win32k.sys InMem: 0 Det [G] MD5: 152D48F5D41CB4AEBDF187755D315A4A PX5: B61A5CF40006DE0604901CFDDD44000019AAB650
C:\WINDOWS\system32\winchat.exe InMem: 0 Det [G] MD5: DE2C56AC2893E45AD1F817FACCDE2DD8 PX5: 7EC2AE57008824368C8C00C4E05C6200334376B7
C:\WINDOWS\system32\winmine.exe InMem: 0 Det [G] MD5: 2FFF0B77A2A569FB5909988A96AE38DB PX5: 57705E280031322CA60D0193E78B8A008DF85030
C:\WINDOWS\system32\write.exe InMem: 0 Det [G] MD5: E8E2019BECD419CCB5FFDE84BA54F9B2 PX5: A0F081B7004C5F23161B008D3B23F7008F717C49
C:\WINDOWS\system32\wuapi.dll InMem: 0 Det [G] MD5: 0C51BFCAEAD19B877B12072F0C6B3E99 PX5: 68B31CB100240BF09811068B5E210400B8FC9944
C:\WINDOWS\system32\wuauclt.exe InMem: 0 Det [s] MD5: 197FB5735293C1DE647B02BBD8121A9F PX5: 18A6034E00865111B41301195E4EF7007B9C1D6A
C:\WINDOWS\system32\wuauclt1.exe InMem: 0 Det [s] MD5: F99B8E3D6670A73844F3A4BF224D4FE6 PX5: 82FDB9BC0086E4499211026BA7A2680016D282B5
C:\WINDOWS\system32\wuaueng1.dll InMem: 0 Det [G] MD5: 208C2481FF027C83F8FE4C83DB1AAFBC PX5: CE63274C004FEAF6CE43025273FA4E0087A1472A
C:\WINDOWS\system32\wucltui.dll InMem: 0 Det [G] MD5: BC8D26CFAD97431CA79636B744D38536 PX5: 1B47EAAF00387F3DBE3001ED8C178A003EDD25B5
C:\WINDOWS\system32\wups.dll InMem: 0 Det [G] MD5: 211A2B28F6C0C63644FDC255F9C57D5C PX5: C312FD44008F45DA900300C2AB1EAB00871CCD9B
C:\WINDOWS\system32\wuweb.dll InMem: 0 Det [G] MD5: 5CFD9D2E5BB4484B0E20B386B239BC48 PX5: 7F5E3083007F6878D672018CE730A800972E422E
C:\WINDOWS\system32\xolehlp.dll InMem: 0 Det [G] MD5: A8EBD13BCB9903C7BD441B8DD562B27E PX5: 6B4040F200B6BF2C2E5D00323297E400258B81CD
C:\WINDOWS\Temp\alcupd.exe InMem: 0 Det [s] MD5: 83A5B21630DD5FC39A7AA7AD21F702FB PX5: 58ABC4360066C9DA306A039FC9EC45008EC101C9
C:\WINDOWS\Temp\alcxwdm.sys InMem: 0 Det [G] MD5: 933933288DF5ED26D1928215C97D05C7 PX5: 96CE996D4017673B0F2F2306CB2A3D00113F2087
C:\WINDOWS\Temp\alsndmgr.cpl InMem: 0 Det [G] PX5: 9D856BB600935D63A059F67874BD8F004B40A442
C:\WINDOWS\Temp\ChCfg.exe InMem: 0 Det [G] MD5: D08E5A736654EEADA712E12C0375751B PX5: 6BA9E7FA001BD8D8A09300B4BA94FF00BBAC4018
C:\WINDOWS\Temp\newdev.dll InMem: 0 Det [G] MD5: 53C19C98C14B6425F2E38113E613A98A PX5: 9F4321A500BA4342D09103CA9E57370046C2B8D2
C:\WINDOWS\Temp\RtlCPAPI.dll InMem: 0 Det [G] MD5: 118775F60B07291B63652762B1009216 PX5: A862B732009BC558649B024429CB6100E3C0BFC6
C:\WINDOWS\Temp\RTLCPL.exe InMem: 0 Det [G] PX5: D2D72DFF008FE62236EB8E3130D27800886F1374
C:\WINDOWS\Temp\soundman.exe InMem: 0 Det [G] MD5: FF86E640E4E0FD18CFB4696B38867222 PX5: 74AE809600E4CF0F3014015B9E71B600099F352F
C:\Documents and Settings\Pae\Impostazioni locali\Temp\50891.exe InMem: 0 Det [u] PX5: 5CF34E4DF857EBCECF0D76B0B62D49009A6A2C93
C:\Documents and Settings\Pae\Impostazioni locali\Temp\tmp.xpi InMem: 0 Det [G] MD5: C8307FD5B7257FD5B25B86CCAD69B28C PX5: 03EAE44990D63F02D5450579A4CB0D00966B4EFC
C:\Documents and Settings\Pae\Impostazioni locali\Temp\tmp1.tmp InMem: 0 Det [u] MD5: FA700CD2A58801B3937CD326EC30AC32 PX5: 0D7DBC3E00E65C12802800AE18790F00B7E64C05
C:\Documents and Settings\Pae\Impostazioni locali\Temporary Internet Files\Content.IE5\C5YZKHYJ\Firefox%20Setup%202.0.0.14[1].exe InMem: 0 Det [u] PX5: 6FAA5E5D805EFE32FC3358792DD14000805C054B
C:\Documents and Settings\Pae\Impostazioni locali\Temporary Internet Files\Content.IE5\WH6RKTUN\setupita[1].exe InMem: 0 Det [UP] PX5: F3484E4A00421D36AA0154BAD85E15013028728A
|
|
|
|
|
03-05-2008, 11:46
|
#4 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
devi aggiornare windows perchè sei affetto da troppe problematiche anche gravi!
fare la pulizia su questo pc è come metterti adosso un asciugamano e dirti: ora con le infradito e asciugamano sul giro vita puoi attraversare tranquillamente il bronx  vorrei capire le motivazioni per cui non è aggiornato, se è possibile saperle... ps: se vedi che non arrivano risposte dopo 24 ore, usa il pulsante "segnala" o scrivi un messaggio con semplicemente "up"; non andare in altre discussioni a dire "nessuno mi risponde" del resto nemmeno a te piacerebbe se nel tuo thread si venisse a parlare di tutt'altro 
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
Ultima modifica di xcdegasp : 03-05-2008 alle 11:48. |
|
|
|
|
03-05-2008, 12:36
|
#5 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
Ciao, grazie per avermi risposto.
come si fa ad aggiornare windows? lo si fa dal pannello di controllo dove c'è la voce aggiornamenti automatici? il fatto è che l'ho appena installato e subito mi sono usciti questi problemi quindi non c'è un motivo per il quale non l'abbia aggiornato ti ringrazio per il consiglio ma ho visto che il pulsante segnala è solo per segnalare spam, mess offensivi o altro e quindi nn l'ho usato per quello, la prox volta scriverò "up"...! |
|
|
|
|
03-05-2008, 15:42
|
#6 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
basta che apri InternetExplorer poi vai in opzioni e clicki su "windows update" poi segui le indicazioni a video
se vai da pannello di controllo -> aggiornamenti automatici potrai impostarli al fine che faccia le cose in automatico i problemi che sono usciti sono la conseguenza dell'aver un pc non aggiornato e non protetto... purtroppo appena lo installi ti mancano più di 95 correzioni ed è stimato che un pc in questa situazione collegato a internet resista immune al massimo 30min  vero, del tasto segnala non bisogna abusarne ma piuttosto che scrivere mes in altre discussioni ne avrei dato acconsenso
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
Ultima modifica di xcdegasp : 03-05-2008 alle 15:48. |
|
|
|
|
03-05-2008, 16:40
|
#7 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
ok, ho appena scaricato e installato tutti gli aggiornamenti, ora cosa faccio?
rifaccio le varie scansioni? |
|
|
|
|
03-05-2008, 16:48
|
#8 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
si procedi con le varie scansioni rispettandone l'ordine
sostituisci virIT con Kaspersky Virus Removal Tool 7.0.0.180 -> download diretto: http://downloads1.kaspersky-labs.com...2008_18-29.exe se non ti costa troppo ti chiederei anche di fare la scansione con questo: ESET SysInspector for Microsoft Windows 2000/XP/2003/Vista (32-bit) -> Download oppio click su SysInspector per lanciare il tool - scorri in basso SysInspector - EULA e clicca su I Agree ed attendi pazientemente che SysInspector esegua l'analisi al termine si aprirà l'interfaccia del programma, a questo punto non devi fare altro che cliccare su File - Save Log (per praticità salvalo sul DeskTop) clicca su Yes - Nome file: lascia quello che propone in automatico - Salva come: nel menu a tendina seleziona la prima opzione ovvero Eset SysInspector log (.xml) ti sarei grato se puoi i vari log che hai salvato in formato txt li potessi uploadare su uno di quei server indicati dalle Regole di Sezione, così poi pubblichi solamente il rispettivo link al download
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
03-05-2008, 21:44
|
#9 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
ok, ho fatto tutto, ecco i log file:
Prevx: http://www.fileqube.com/shared/IvPTx21020 Hijack: http://www.fileqube.com/shared/SWMsNw21021 GMER: http://www.fileqube.com/shared/zZYYbiL21022 p.s: Ho seguito l'ordine della guida |
|
|
|
|
04-05-2008, 10:21
|
#10 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
|
|
|
|
|
04-05-2008, 10:56
|
#11 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
immagino che con a-squared dopo aver salvato il log tu abbia spostato tutti gli oggetti in quarantena, aveva trovato:
Codice:
C:\WINDOWS\system32\dosxi.exe rilevati: Trojan-Downloader.Win32.Mutant.nl prevx invece vede i seguenti oggetti: Codice:
C:\Documents and Settings\Pae\Impostazioni locali\Temp\50891.exe InMem: 0 Det [u] PX5: 5CF34E4DF857EBCECF0D76B0B62D49009A6A2C93 C:\Documents and Settings\Pae\Impostazioni locali\Temp\tmp1.tmp InMem: 0 Det [u] MD5: FA700CD2A58801B3937CD326EC30AC32 PX5: 0D7DBC3E00E65C12802800AE18790F00B7E64C05 C:\Documents and Settings\Pae\Impostazioni locali\Temporary Internet Files\Content.IE5\C5YZKHYJ\Firefox%20Setup%202.0.0.14[1].exe InMem: 0 Det [u] PX5: 6FAA5E5D805EFE32FC3358792DD14000805C054B C:\Documents and Settings\Pae\Impostazioni locali\Temporary Internet Files\Content.IE5\WH6RKTUN\setupita[1].exe InMem: 0 Det [UP] PX5: F3484E4A00421D36AA0154BAD85E15013028728A C:\WINDOWS\system32\deskadpv.dll InMem: 0 Det [BP] MD5: 47C50BE99D77165470B7C06A61BD4FD7 PX5: 71FEB19F00AC251358FC012F9C42BB00DD882AB4 Malware Group: Malware Downloader Summary: C:\WINDOWS\system32\deskadpv.dll - [b] >> Malware Downloader quindi prima ripuliamo un po' di roba attraverso hijackthis in modo da disabilitare servizi e avvii automatici del malware e poi lo rimuoviamo dall' harddisk scaricare ed eseguire CCleaner seguendo queste brevi indicazioni (non richiede installazione): scompattare lo zip (possibilmente in una cartella creata solo per lui) e lanciare il file eseguibile ccleaner.exe, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su: Impostazioni, e spunta la voce Cancellazione sicura (lenta) poi su: Avanzate e togli la spunta alla voce Cancella solo file più vecchi di 48 ore alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui; rifai la scansione con HiJackThis optando per "Scan Only", al termine il pulsante in basso a sinistra si chiamerà "Fix Checked", quindi seleziona le voci sugerite e premi tale tasto. Fixa: Codice:
O2 - BHO: (no name) - {FEA5132B-2173-480F-A5BD-1BCB5507A276} - C:\WINDOWS\system32\deskadpv.dll
O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\system32\\dosxi.exe"/r
fatto questo, devi scaricare Avenger ( download ) e scompattarlo in una directory per lui escusiva. apri avenger, ti chiederà di usare uno di quei 3 sistemi per caricare lo script, lo script è il seguente: Codice:
Files to delete: C:\WINDOWS\system32\deskadpv.dll C:\WINDOWS\system32\\dosxi.exe
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
Ultima modifica di xcdegasp : 04-05-2008 alle 11:14. |
|
|
|
|
04-05-2008, 14:50
|
#12 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
ok, fatto!
Ciao, ho fatto come mi hai detto, spero di non aver sbagliato nulla...cmq ho avuto degli imprevisti con Avenger, ovvero all'apertura ho visualizzato questa finestra: http://www.fileqube.com/shared/SmQed21293
ho cliccato su ok e poi nello spazio bianco ho incollato lo script che mi hai scritto tu, anche se dosxi.exe era in quarantena e quindi non me l'ha rilevato. Non mi ha chiesto di scegliere tra 3 diversi sistemi. Infine ho riavviato e fatto le scansioni che ti riporto: a-squared: http://www.fileqube.com/shared/LpteFpEWU21295 Prevx: http://www.fileqube.com/shared/GzZxXFk21296 HiJackThis: http://www.fileqube.com/shared/OGvITmE21297 A questo punto che mi dici?
|
|
|
|
|
05-05-2008, 01:16
|
#13 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
perfetto, non è rimasta nessuna traccia
ora devi constatare se il pc è tornato in perfetta salute e sopratutto c'è da innalzare le difese.. del resto queste hanno fatto acqua quindi bisogna migliorare il migliorabile: _ antivirus: consiglio Avira Antivir -> c'è il free che è la Classic o la PremiumEdition al costo di 20€ per un anno _ firewall: il più semplice in assoluto ed efficace è Online Armor, la versione free è anche tradotta in italiano _ antispyware: io lascierei a-squared per le scansioni a comando, potresti associarlo ad un altro magari per le scansikoni a tempo reale tipo SpywareTerminato (non abilitare il modulo hips) _ client email: thunderbird _ browser: Firefox con i moduli NoScript e AdBlockPlus o Opera per uno studio più approfondito in fondo alla Guida alla Disinfezione per Infetti ci sono i link utilissimi per ampliare e dissetare la sete di conoscenza
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
05-05-2008, 14:58
|
#14 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
Per ora ti ringrazio...fino a giovedì nn potrò fare nuove verifiche ne aggiornamenti. Sei stato molto gentile, giovedì ti farò sapere le novità...cia
ooo
|
|
|
|
|
05-05-2008, 15:11
|
#15 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
atenderò le tue novità
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
08-05-2008, 17:48
|
#16 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
ciao, ho iniziato a installare i programmi che mi hai suggerito, però non ho capito perchè pur avendo disinstallato kaspersky all'avvio del pc mi compare sempre la finesta che mi chiede di fare la scansione? come lo tolgo definitivamente?
 poi ho indivuduato due problemi: il primo è che spesso le pagine web non vengono caricate correttamente, ti incollo l'immagine: http://www.fileqube.com/shared/hOwRfsIWg23848 poi molto spesso quando scarico un file.exe e ci clicco per installarlo mi esce una finestra con scritto che i file di installazione sono danneggiati, e quindi mi consiglia di riscaricare il file, ma è un problema che mi ha fatto con openoffice, adobe reader, anche se scaricavo diverse versioni mi divceva la stessa cosa, quindi penso che il probl sia un'altro... che mi dici? Ultima modifica di dider0t : 09-05-2008 alle 13:59. Motivo: ultimo aggiornamento: |
|
|
|
|
10-05-2008, 13:40
|
#17 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
up
|
|
|
|
|
10-05-2008, 13:49
|
#18 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
x kaspersky guarda qui al punto 13
dall'immagine non ho capito il problema...
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
10-05-2008, 16:07
|
#19 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
per kaspersky ho risolto cancellando un po' di chiavi, nell'immagine invece c'è un esempio di pagina web che mi riconosce come apreta ma che in realtà non lo è, mi capita spesso durante la navigazione che il bowser nn le carichi correttamente, anche prima usavo firefox ma nn ho mai avuto questo problema... c'è una soluzione? e per i file .exe?
|
|
|
|
|
11-05-2008, 11:26
|
#20 |
|
Member
Iscritto dal: Aug 2007
Città: Casteddu
Messaggi: 38
|
Ragazzi, vi prego, aiutatemi che mi è successo un caos.., praticamente stavo cambiando un po' di impostazioni del router ma avevo già notato qualcos'altro che non andava...in pratica d'improvviso il compariva una schermata blu con scritto qualcosa che non son riuscito a leggere xchèe subito dopo si riavviava il comp, all'ultimo riavvio non avevo più la connessione e quindi aprivo il browser e inserivo http:/192... per comunicare col router ma subito mi si riavviava, allora mi son deciso a riformattare, ora ho reinstallato tutti i driver, ma non riesco cmq a comunicare col router, inserendo l'indirizzo mi scrive: impossibile visualizzare la pagina. Però se vado in connessione di rete risulto connesso alla rete lan, il modem è acceso e connesso a internet....che facciooooooooooooooooo????
aiutatemiiiiii p.s: ho cercato pure di forzare l'ingresso al router modificando le proprietà TCP/IPinserendo questi dati: ind IP: 192.168.1.1 sub masr: 255.255.0.0 getway: 192.168.1.1 ma non succede nulla....! il router è 3com ADSL Wireless 108Mbps 11g Firewall Router 3crwdr200a-75 Ultima modifica di dider0t : 11-05-2008 alle 12:41. |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 13:51.
