|
|||||||
|
|
|
 |
|
|
Strumenti |
16-03-2008, 16:39
|
#1 |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
[risolto][win XP] Downloader.Delf.12.AE che torna sempre
Salve
Una quindicina di giorni fa AVG mi avvisò che ero infetto da questo trojan Downloader.Delf.12.AE, feci scansione ed eliminai... ma da allora ogni tanto riappare questo trojan nonostante io lo elimini ogni volta Praticamente nella cartella C:\Documents and Settings\utente\Impostazioni locali\Temp spunta questo file, o simile, jar_cache58304.tmp infetto appunto da Downloader.Delf.12.AE a sua volta crea nella cartella C:\Documents and Settings\utente file infetti dai nomi più improbabili tipo oxprdrx.exe, tutti dal nome diverso. Anche se elimino il jar e gli exe poi dopo un pò mi ricompaiono sotto nomi leggermente diversi. Ho eseguito tutto quello che dice la GUIDA per infetti Mi date una mano? grazie tante Ecco il log di Hthis Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.26.40, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\Motive\AsstCommon\MotiveDirectory.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\HThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.alice.it/search/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: TipicIM.lnk = C:\Programmi\TipicIM\TipicIM.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: *.rossoalice.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C459B8-BFF2-4BF5-9003-A7370A1B9C05}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9716 bytes
Codice:
GMER 1.0.14.14205 - http://www.gmer.net Rootkit scan 2008-03-17 02:00:42 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xBAE15EB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xBAE12870] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xBAE1D700] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xBAE16270] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xBAE1C500] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xBAE1C730] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xBAE20090] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xBAE16350] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xBAE12EF0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xBAE1E720] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xBAE1E360] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xBAE1C270] SSDT sptd.sys ZwEnumerateKey [0xF777084E] SSDT sptd.sys ZwEnumerateValueKey [0xF7770BEE] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xBAE1EA60] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xBAE12D40] SSDT sptd.sys ZwOpenKey [0xF776B090] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xBAE1BFC0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xBAE1BDE0] SSDT sptd.sys ZwQueryKey [0xF7770CC6] SSDT sptd.sys ZwQueryValueKey [0xF7770B46] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xBAE1F1D0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xBAE1ED50] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xBAE15B50] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xBAE1F000] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xBAE16060] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xBAE13060] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xBAE1DED7] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xBAE1C960] ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [ 70, 62, E1, BA, 00, C5, E1, ... ] ? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo. ? srescan.sys Impossibile trovare il file specificato. ! .text USBPORT.SYS!DllUnload F6AA662C 5 Bytes JMP 863EE1B8 ? System32\Drivers\aln86eqk.SYS Impossibile trovare il file specificato. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, B0, CC, CC ] .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28003F90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 280037C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 28005880 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 28006240 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 28006050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28005A50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 28005740 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 28005C40 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 28004870 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WS2_32.dll!send 71A3428A 5 Bytes JMP 2800A360 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 2800A140 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WS2_32.dll!recv 71A3615A 5 Bytes JMP 28009FA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 2800A540 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 2800A780 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] SHELL32.dll!Shell_NotifyIconW 7CA361F5 5 Bytes JMP 28002FE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 28002100 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 28002200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WININET.dll!InternetCloseHandle 4330DAC1 5 Bytes JMP 280091A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WININET.dll!HttpOpenRequestA 43314399 5 Bytes JMP 28008E60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WININET.dll!InternetReadFile 4331ABF4 5 Bytes JMP 28008FF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[2280] WININET.dll!HttpSendRequestA 4331CD78 5 Bytes JMP 280090D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F777F480] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F777F42C] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7799AB8] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F777F480] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F776BABA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F776BC00] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F776BB82] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F776C72E] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F776C604] sptd.sys IAT \SystemRoot\system32\DRIVERS\intelppm.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\fdc.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\parport.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F777EA9A] sptd.sys IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\serial.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\serenum.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\imapi.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\redbook.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\ks.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\audstub.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\RootMdm.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Modem.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] 864A2D70 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] 864A2960 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 864A2F40 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 864A2770 IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BAE1A9D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BAE1AEF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BAE1B050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BAE1AB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BAE1AB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BAE1A9D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BAE1AEF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BAE1B050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\msgpc.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\rdpdr.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\swenum.sys[NTOSKRNL.EXE!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\update.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BAE1A9D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BAE1B050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BAE1AEF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BAE1AB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\flpydisk.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Fs_Rec.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Msfs.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BAE1B050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAE1AEF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAE1A9D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 8642D660 IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 8642D660 IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAE1AB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAE1A9D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAE1AEF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BAE1B050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [BAE28360] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\STREAM.SYS[NTOSKRNL.EXE!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAE1A9D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAE1AB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BAE1B050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAE1AEF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [BAE135C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [BAE13510] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [BAE136C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [BAE13220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] 8642D5E0 ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019673CC] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programmi\Mozilla Firefox\firefox.exe[3000] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01967376] C:\PROGRA~1\MOZILLA FIREFOX\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8675C1D8 AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \FileSystem\Fastfat \FatCdrom 85DE33B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3C2105BC-2616-42DC-9DAE-5F7B30A152A1} 8645B1D8 Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\NetBT \Device\NetBT_Tcpip_{7634DEC4-97C2-4EB8-9138-0CD1D60CEB98} 8645B1D8 Device \Driver\usbuhci \Device\USBPDO-0 863ED1D8 Device \Driver\usbuhci \Device\USBPDO-1 863ED1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8675E1D8 Device \Driver\dmio \Device\DmControl\DmConfig 8675E1D8 Device \Driver\dmio \Device\DmControl\DmPnP 8675E1D8 Device \Driver\dmio \Device\DmControl\DmInfo 8675E1D8 Device \Driver\usbuhci \Device\USBPDO-2 863ED1D8 Device \Driver\usbuhci \Device\USBPDO-3 863ED1D8 Device \Driver\usbehci \Device\USBPDO-4 863B11D8 Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Ftdisk \Device\HarddiskVolume1 867D01D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 867D01D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 867CF1D8 Device \Driver\atapi \Device\Ide\IdePort0 867CF1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867CF1D8 Device \Driver\atapi \Device\Ide\IdePort1 867CF1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 867CF1D8 Device \Driver\00000063 \Device\00000069 sptd.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8645B1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{C4C459B8-BFF2-4BF5-9003-A7370A1B9C05} 8645B1D8 Device \Driver\NetBT \Device\NetbiosSmb 8645B1D8 Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbuhci \Device\USBFDO-0 863ED1D8 Device \Driver\usbuhci \Device\USBFDO-1 863ED1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85E071D8 Device \Driver\usbuhci \Device\USBFDO-2 863ED1D8 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \FileSystem\MRxSmb \Device\LanmanRedirector 85E071D8 Device \Driver\usbuhci \Device\USBFDO-3 863ED1D8 Device \Driver\Ftdisk \Device\FtControl 867D01D8 Device \Driver\usbehci \Device\USBFDO-4 863B11D8 Device \Driver\aln86eqk \Device\Scsi\aln86eqk1Port3Path0Target0Lun0 863191D8 Device \Driver\aln86eqk \Device\Scsi\aln86eqk1 863191D8 Device \Driver\aln86eqk \Device\Scsi\aln86eqk1Port3Path0Target1Lun0 863191D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 8675D1D8 Device \FileSystem\Fastfat \Fat 85DE33B8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \FileSystem\Cdfs \Cdfs 85D7F1D8 ---- Threads - GMER 1.0.14 ---- Thread 4:216 864A88E0 Thread 4:220 864A88E0 Thread 4:224 864378D0 Thread 4:228 864378D0 Thread 4:232 864378D0 Thread 4:552 864A88E0 Thread 4:620 864A88E0 Thread 4:692 864A88E0 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1175352149 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -907309850 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x38 0xC6 0x4B 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x32 0xED 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xC8 0x9F 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x03 0x41 0x11 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD5 0xD1 0x1C 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x92 0xBF 0x7D 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x38 0xC6 0x4B 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x32 0xED 0x73 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xC8 0x9F 0x4B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x03 0x41 0x11 0x2C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD5 0xD1 0x1C 0xDB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x92 0xBF 0x7D 0xB7 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\Ø•€|ÿÿÿÿ•€|ù•9~ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\Ø•€|ÿÿÿÿ•€|ù•9~@0140710900063D11C8EF10054038389C C?\WINDOWS\system32\FM20ENU.DLL Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\Ø•€|ÿÿÿÿ•€|ù•9~@0140110900063D11C8EF10054038389C C?\WINDOWS\system32\FM20ENU.DLL Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@Abaddon\x2122 (TrueType) abaddon.TTF ---- EOF - GMER 1.0.14 ---- Codice:
Prevx CSI Log - Version v1.6.104.130
Some non-malicious files are not included in this log.
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] MD5: 036FC522AC5784EBF03C1F85E93415E7 PX5: EAEF384300B86E2BC60900AD18ED0300B6B454BF
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] MD5: 75A0AECC55A3F0B9E2D54119FA4AAB6D PX5: 98EF83350066C70122B20B444BEBEA00D217A1B2
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] MD5: 2B511A5438308A1AC8D48482279810E6 PX5: 457E08CD00DE83E3183600665DD0AE001F0FA82A
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] MD5: 4BA2DBAC6357B3B9D89C53823AFE15C5 PX5: 672F934100D50DA280D100335AB03A0006C3D206
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] MD5: 7B37B598B55BF80415C15BFFE7A992A2 PX5: CDE7154D0060E2E4CE1D00F8B4D58500AEAC4112
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] MD5: A372E3E086A11A01CFCA3B8DCCBFCB50 PX5: EA125ACC0017E3527A0804FB6E773E00D0D2275E
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] MD5: 82D7DE4DF9B7FF8D8B9AEFC48F2F3BE5 PX5: E0AE989400FE60C04EE004B2BF0AC40001B8B70F
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] MD5: EB1428078E1D10FDEC060857AA526A9F PX5: 0AD652AA00FC1D0CB2930F5593CD84005E517D9A
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] MD5: 9DAA2190A18739B657B58F794ACF2E47 PX5: D423C40D007DC87CD48F089CF302B800036F5CB9
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] MD5: 1F0124663855AF228233F43021400F72 PX5: F6867B260073AE3BE8420A9D4CB88200ED96EA53
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] MD5: 09BB0A2C325F7085E24FAE6134DE2D16 PX5: DA31EA390036C3916C5C0A395DA4E3007CA4EABA
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] MD5: 22413A53995E0A23915A6433BFB90563 PX5: D30BFA4500E11CC3EA0408EA8337540073B46F29
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] MD5: 8285B8B146B42FF18ED08C558435011E PX5: 2226211D005B7868DA45009E23898E00149E78C6
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] MD5: 086DA77C3C612759D4EF437F67532E2D PX5: 2E534C590076A85BF05D01EC9E4FFB0089A4554F
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] MD5: 9B5A59851D9A237C86210E07E2195A12 PX5: 17E09890009DDCC84AAD00E153CBBA0071FD3882
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] MD5: 4166454E2BCFCC20D1B8A5AC9FEAB243 PX5: D0D54E6C00E89575B4CC07CFE43BE400C1F31A26
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] MD5: AC3257B2E441866289D7EB8377490765 PX5: 869C1EE500523D0FDE60003D7F38BD0038C5A93D
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] MD5: 9E6CB81BE111B9935F6A97C367CABD4E PX5: EAD3CF360087D2AD3C120509FE506F008FB88290
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] MD5: 5588D8AFD51D060F82315C50D7590323 PX5: DD3ED9060033BBFB2E83098709F8D4001E524429
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] MD5: 0A75AC7D90BD8E6BC942DBA004579D5B PX5: 09F301D4001F77D2E0150027945354004927323C
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] MD5: 11BE44F0C0978927AED7D69B75C24937 PX5: 8E19EB1100E774A0488300C192BED30080B1D3E4
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] MD5: 0328058695D324D26528077F5B136636 PX5: 90AEB4A600D0EF596C4F00D134ACAA00BDFD0752
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] MD5: 9003E9374EA7C1A81DB51CEE64C427F6 PX5: 0919F94300F3C16412B605F0CC86050045AA2AE7
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] MD5: AC31CA2B251FE8057528FA937335B164 PX5: 02BF46CD00DC848D207F0BA7D391AB00DCDEB32E
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] MD5: 2BAF81B8504D9C1600C51A498E5453B3 PX5: 5DB1DF3A00AE978A5A1800B9B5A8C30041FF3076
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] MD5: BB756F78728C2D953574E8652B7E86A8 PX5: BDCF1CB600ACB6D2C2EE007361942C0007606048
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] MD5: 6F83A7ED3217D0E612445612D1991767 PX5: 085443D800EAF0FA42960F6622B8E300CB4CB91D
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] MD5: DE24EBECF7833A4DE925D0832956F21A PX5: 1789B2A5005E39C8D2660086022E8500C3B9450D
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] MD5: 48BD2908FE77ABB5EF42DD4A108600B5 PX5: 0D34C3E0002C3B32B2670226273B8500327F7603
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] MD5: F309C34E0F66DAC995053E91EFFC9002 PX5: 92D4CA5F00EA8A5C340F02F2506EE800E1319CFF
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] MD5: 12EAD983C875ED9BCC8B90E3F77F2E4A PX5: 42D0077300700B1344D7019D11CF0E00A225E294
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] MD5: 0C1F495C1761C126BC820F4DE4C8B967 PX5: 097C6291004A18B14EEC00B4A6264D00B84611B9
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] MD5: CA38A6091ECAC2668EC99AFD4B6C0615 PX5: CDBF4DDD001A7574AE3A01510D252400AF18CE5E
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] MD5: 4BA6464CF0D5FE0CD0B43AE4B3B32D26 PX5: 0590994000D0A8B53A390FFB32187D003143117B
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: C74DB9F400A749A98AD181C3816D18006A78E9E8
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 - {AEB6717E-7E19-11d0-97EE-00C04FD91972} [shell32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 - PostBootReminder [%SystemRoot%\system32\SHELL32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - CDBurn [%SystemRoot%\system32\SHELL32.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32 - {0E5CBF21-D15F-11D0-8301-00AA005B4383} [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F01-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F02-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 - [shell32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\InprocServer32 - BarSize [%SystemRoot%\system32\SHELL32.dll]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] MD5: A6ACB5F641E0D1D5B54447635D86556B PX5: EA1654A3005ABB1E3E0D071F26F89E00F4769D3A
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] MD5: EFA21A3FE23BBCFDB6F61A3AF723E05A PX5: 58711F2E00E7D4E26C3A0946506D1B008DF24393
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] MD5: 485B2381CF003DAD79F1371FBEAACD5A PX5: A52E0F9B00E1697FD015036BACB9C10078B33C67
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] MD5: C99FD691ACAFAEEEFD03F1E4E6D3DD60 PX5: D1079ADC002DFDB3487D042258AF1F00F0FB72E4
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll InMem: 1 Det [G] MD5: 837B282813808C17E9C94E56300AA29E PX5: 6C2DA8F700C891F6167D107D5B6FFD004BDE3FD7
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] MD5: EA88A16DA0D06069C0C06AB5A4669E26 PX5: 17030F830012904980B601AEBBE29A00B94ABB0D
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] MD5: FAD73705BED0910E910DE852B0F8AEBC PX5: 593617FD0028BAC30E8502553039DB005AE5DAA4
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] MD5: E6F026DBC75B6EED7331EBF581AFD4D8 PX5: 16BA5AAF006AA18914FD002B882F7D0027109E10
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] MD5: 8FBF27AB56DE71E2BDD5A2CCB7FB9023 PX5: 53B4176200566C3D2844029CE35AC3003149753E
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] MD5: D5622B6D4CD43F2223718820C0A178AD PX5: 85434D2700A77E169AF713D8C3B0DC00CF7A5885
C:\WINDOWS\system32\msctfime.ime InMem: 1 Det [G] MD5: 29DE0B3FB6DEC623E2DC5E9C7C89CAB8 PX5: A0883E0F00146873B4BB0255156E8700B1387578
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] MD5: 840535254EDD74E79D059229C5A2F800 PX5: 49E7BE4C00EA6409841F01CF112B5500E75D0DD5
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] MD5: E2703BB7BEAC36269482A8D32400AD38 PX5: 1CDB8610004CDD7F48CB007245065C0097B2DD61
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] MD5: 1DC87F8C450E295FB8CC5039D27292E5 PX5: 8B514EB5005BE141BAA3022C5AD8F400CAAEB534
C:\WINDOWS\system32\serwvdrv.dll InMem: 1 Det [G] MD5: 033E9A8E8C0327805E5DBCF4F4AECF6B PX5: 333C393F004074D63A01009289D1B9001CF63C09
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave2 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave3 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave4 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave5 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave2 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave3 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave4 [serwvdrv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave5 [serwvdrv.dll]
C:\WINDOWS\system32\umdmxfrm.dll InMem: 1 Det [G] MD5: 802598E8371557B447C9C2859A503BCF PX5: 6B37195800BBCADC34F3008CAF26D3000A7FB4E2
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] MD5: D5193D474D7BB9CE917B4CF5F3ADA9D4 PX5: D88EDDB7006796175ABD03E85DCCE30039E51CA1
C:\WINDOWS\system32\Ati2evxx.dll InMem: 1 Det [G] MD5: 0DC29A1FA52D445DB14DDF16E272E6D1 PX5: 711470C700FA06DFF0EA00DFBCEA9C00ADD728B6
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent - DLLName [Ati2evxx.dll]
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] MD5: 26ACBD865F8CFF730F1791C4D0854352 PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] MD5: 38C69B2BC3182A85F0B323C9D1EB7E26 PX5: 36CC0D8B0009157E909D017F19231E0041E0A92E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] MD5: 72E4CAD810A967449CAAB723E99C74B1 PX5: 3C08F14B008AD1456C990109A197100002605D8A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] MD5: A357128EEA84698DCF3ED33E521292CC PX5: A35B6D1900D11F1D3E5102B97EFC0500E974203D
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] MD5: 7013FC08075EEF2D881D55F898F2D402 PX5: 4E92FBCC002BB291EAE5000F10C15F00A1E7AD21
C:\WINDOWS\system32\WgaLogon.dll InMem: 1 Det [G] MD5: 8E062904E0108B6E8AD44686697BB8CC PX5: 89BDBABD808784849D2F03E53DB2B60038D1784F
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon - DllName [WgaLogon.dll]
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] MD5: B8D7F1638A52EA67FE5FEB22D3B725D1 PX5: D947C0320023C1EC686E08689A597900A28F94EE
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] MD5: 3C1B1065C5BFCA5190E7FA7EFCB11B59 PX5: 1D452FC300F103CCD4AF019C0B4A1000D0C05759
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] MD5: A340DEC6229F08D8B9644F2BE00100FC PX5: 9E81915C002CE532A4010226E6EC3100C992DBA0
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] MD5: F16C9CDB4A47969B1CF48E0620F6E217 PX5: 6D3509C200E203F6FAF00078D7EA35003D8429D0
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] MD5: 092813B8F60F1E12E8AF5DB98037B770 PX5: DDDD061C00DDD1C99CCC07876975D5003DF223DA
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] MD5: B979BBBA74F4F5DB69C3A5DFDC52828C PX5: D3FD3AB2006F991AE8A30C7CE8FD780095D6A640
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] MD5: 53E5AB61DDCC0F057182BC1B5513B744 PX5: 8E7CD5F4006500C1188E05B6248B9200BAF8CA73
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InprocServer32 - {750fdf0e-2a26-11d1-a3ea-080036587f03} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{10CFC467-4392-11d2-8DB4-00C04FA31A66}\InprocServer32 - {10CFC467-4392-11d2-8DB4-00C04FA31A66} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}\InprocServer32 - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] MD5: 0E8E6901C637095EC3B483475E39731E PX5: DD9EAB9A00D5F12036192D6118710400ADB6810C
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] MD5: AFFA7A2ECB1476F29641C90524F63E2E PX5: 7DDBB66E00F27A20FA0D01B81C65BB005752F1B9
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] MD5: 6150872A38D85C8CDDB1B2FBFF1BB07F PX5: 352A2D920078A26F766401FF71F80300DA785AEF
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] MD5: 6DEB9059000C34770192B78D85F6D387 PX5: E19B13CB00CFB9ED5C250033B033BB00A27F216F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave6 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave6 [wdmaud.drv]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] MD5: 05E84EEAD6B27C958621A4E6D33859D1 PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] MD5: B088085D01B3E80E2BE0E9CD1838BA9B PX5: CD32AC5300D4DB3A183401A597817D009B477A6B
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] MD5: EAAA11BE5C162266E698F7658BD8A1DA PX5: 8C299C3E002D88084A0000F598A51000C8C9681D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] MD5: E77F6FA2A15390F1727F4C1C55B69DA6 PX5: 55CFB3920083E585A8B8011373392400747D1070
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] MD5: E84A4BFD34F64AF3A9B2E4FF45C02DCA PX5: 42090831009A7DEDFC25041A41C0A6009F850DB8
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] MD5: D717635E8C6D91644AEDA4B37A49762A PX5: A0722C41001DFC8BE8A7011B43DD8300C52FA704
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] MD5: 1FC06B22BA62AB448613461D06C328C9 PX5: 7EA0BF3D001A18F58E38007796CD8000CD7F3FCC
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] MD5: B30C42DFA52A70037AB31A85057A5657 PX5: 2D7DD02900BE71EC5085060A796CD8005BF97344
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] MD5: DC7D49E0DEC335B8E14C734AB1BADE66 PX5: 279F162200D45347000001BBAACC850063724C8D
C:\WINDOWS\AppPatch\AcAdProc.dll InMem: 1 Det [G] MD5: 744EA281298317E91C3BEA70BF3843D4 PX5: 4481FDAC006BDDB69ABC00D7D79D140035AF8893
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] MD5: D1CAA255F33C06C8302769A86FFB905E PX5: D2B7D57A001E9CD9DA5600E2BE4F3C00079E4466
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] MD5: 0815E8DA286775FA432C7C9EE5E10BA1 PX5: CC1BA69F00AF6D2D3445003B3C2E0700B638080D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] MD5: CCA9A75FC163ED610CF3945069BF4A3A PX5: 4A2D1F9A00EE2E841A4F0B1A2FFB0900A3181BF3
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] MD5: 6AE3588C5FEA68CDFCD743AF5FC95398 PX5: B049763B0042836806A701AA022FCD00F10A90B1
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] MD5: B4936FB637C2E2EC03F2589CBCD077EF PX5: 74EB5FA400ECF6FA447C02F4107A1600E5E5C273
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] MD5: 12B717E63F23BDF3FD43B295542154D9 PX5: E92EC68300CE21C68E4E06BCC0EDF6004268C49A
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] MD5: 4AC54687B901091378C512A6C56F6214 PX5: 81B30DAB0078862F82C6000202049600DB968CD1
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] MD5: 26CAAEE19627A49509A5FAAF49E418A0 PX5: 5F6310EE002D3DBC446C1C5A826CF10048881669
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] MD5: D7D64FF974B96816E1AE2C5B86DE35BA PX5: 0CA48DC3002C50B3BC750065E2B27800000C62EB
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] MD5: A3103D196CE0DB4C8B5C6A365628E9EF PX5: 6F259D99008DE085843504BA6E05F400BD1351EF
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] MD5: 926BB51BB6DE79DEDB93E9C2B0811CCF PX5: 7826BE4E00B0693C362206A7BBB246000E968C98
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] MD5: 8B97D00E5C6A593EBB605CE4B8A5CAA5 PX5: B0DB78E90001F969B24A022F16FE9C007D6DCCBC
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] MD5: E9836D1ACE460B4B96FBCB03861D0323 PX5: 978AEDC000D16F92363B021213F745004B5CD31C
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] MD5: BBE58056910CF76B84C3E3D6349DC801 PX5: A77EB4BD0001DCA2C0B500785ACD4E00DCC55D5B
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] MD5: 1446EB71ADF0F54980CDD7E5A812E102 PX5: C91F3DA800B1BEBADA0C02480448D00054984981
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] MD5: 24E00A2782F1FBDDA55173F6A92793B4 PX5: B05D914900808F8FCED102E7A46D080020A33905
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] MD5: F450886F41773A5FAEB25E87B758D6A8 PX5: A4E8D0C400046CE116C204B93C6D3F0003672778
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] MD5: 30E14D74BCD1BEEA96A279F78A723346 PX5: 5E3F044E00E5E84280510004471F8A00BD7E5854
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] MD5: 24B2F25A42BA3CAD1D238F2ADAE63F7C PX5: DCF79E3E001DA16F86F70051A83A8600579ADC98
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] MD5: 337CB52AF1F7CF6C0F57EC8BD14DC6D1 PX5: 644C52BE00A05754C6240337B7759700C1FF12E3
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] MD5: 250D4F4E1E27543C121378268FE07208 PX5: 2CFD58C600B6F9414A810565679BD6001F42D5DE
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] MD5: 08B3A60A4DD7FAE800B552F8F8D5DEB0 PX5: 522AC66D001B6D5A4E8E00D8A0AEF000528059BA
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] MD5: 7FE963BD4BDE86B5EAF5C07C6D0118C3 PX5: E242805400420CE08090017E79023900E657FC90
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] MD5: CACD2C63A79268D131EA37E85524CC44 PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\system32\Ati2evxx.exe InMem: 1 Det [G] MD5: A2EAEB497CA29ECAEAF0DF66AD85C57D PX5: EDFA4ACA00C5564C505106158A430F00BD4BE39E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ati HotKey Poller - ImagePath [C:\WINDOWS\system32\Ati2evxx.exe]
C:\WINDOWS\system32\Ati2edxx.dll InMem: 1 Det [G] MD5: 3B5286E4AE1B4A17F5FCCEC23C240F02 PX5: C0E9A16A00A2D142A48800E3E949AB00916586DE
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] MD5: 73955B04F209D8A1C633867841267A96 PX5: 41467A9700616549387D0095555BE300B7CBF228
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] MD5: CC41F9D29EDD55037A4C26E70C175528 PX5: 27F0519E00F08DE512070643B0627F006598C78A
c:\windows\system32\termsrv.dll InMem: 1 Det [G] MD5: C06CD1890279603E15020757E02DE56B PX5: 15A4D5880058E23888C304BFF814830042F0D520
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] MD5: 66DA850192B87548374FE13F38A2A265 PX5: BB3E4FC6005CCAE92CC10044E2AB07008B832EBD
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] MD5: 9E54D8528F9B4324ED20CFCDF3BE6A76 PX5: F3CF001500470019C4F901369ADAFD00DF876B1F
c:\windows\system32\ACTIVEDS.dll InMem: 1 Det [G] MD5: 25E4E36CED6B15DF8D8C10460BE834A2 PX5: EFB02947002647C8F6250205FD9612006E9558F5
c:\windows\system32\adsldpc.dll InMem: 1 Det [G] MD5: 15CE221ACE929705BA7E4346D74E8A06 PX5: 6D8B11FE00EF99F53026027F152EC40097EA0ACA
c:\windows\system32\ATL.DLL InMem: 1 Det [G] MD5: 32BD4CC64449EA2549BE4A8EFC54F4DE PX5: 90FBA32A008A4DC9E6A3004879775D009B9241D5
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] MD5: BB78454C44A5B0F97295A6D66B217D65 PX5: DD7C6D7B00A7C2A842AB003098E8920063CE769A
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] MD5: 266D8FA8F97CBBBA8BADE273F47215D9 PX5: 44992DD300BD805F2027003B3C2E0700008DD7C4
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] MD5: 4F56AD1B19373851392BFF248C8CE1CB PX5: 6B31A5B6003DEA2AB413012609A16300F9086E97
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] MD5: 312913174D070ED81E9D78DA7B648774 PX5: 3DF4750600996C8B7E470562CED514005814EDBA
c:\windows\system32\rtutils.dll InMem: 1 Det [G] MD5: 204A7D354683A49C37505BE1646C5D43 PX5: BF0F14BA00130FA5ACFA00D907EAE70083958E2B
c:\windows\system32\WMI.dll InMem: 1 Det [G] MD5: 7F9FD6E98CF1898F94D4A6246D4D639E PX5: 781B3D7300C600C41695006A26ACBD006AA9CB45
c:\windows\system32\ESENT.dll InMem: 1 Det [G] MD5: 26E0AC18AC6DC3F7F17AEE22C9E0A01F PX5: 44A1D0F1009656EFAA4210CE1D5F1E00AAA3CF3A
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] MD5: F90A2F77CB88F8201A3AD783D7EDB19C PX5: F64AC68A00F37A69B87E01DB8E696800CC9225D9
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] MD5: 502A30E1A880124D7F71667E75BE9688 PX5: 5142AFD100A220AEFE57076D08D9310067F36935
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] MD5: ED2A73AB0EBA3C4CB6794077CD09EC95 PX5: 901A5D8C00AFE3F096BE0C4E5B483F007278B9A1
C:\WINDOWS\system32\Normaliz.dll InMem: 1 Det [G] MD5: 10753A3ADC3E39A3B10CC3F08E98E6B4 PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC
C:\WINDOWS\system32\iertutil.dll InMem: 1 Det [G] MD5: 8FA04BF8EA65DD496B3A597F970DB668 PX5: 87AF6D520085ACC816E604E15B551B0072C4F83C
C:\WINDOWS\System32\MPRAPI.dll InMem: 1 Det [G] MD5: B61978022A65FAC95B8E3817D5029870 PX5: F40536E000846CE4547B017CD7ABC100D153D57A
C:\WINDOWS\System32\RASAPI32.dll InMem: 1 Det [G] MD5: 7ECE54A6785E6A07ED02018A32B246E6 PX5: 7E18516500FFE5CC9C5B03564D831C0011FCFEEB
C:\WINDOWS\System32\rasman.dll InMem: 1 Det [G] MD5: 79D87679F6F13F7F18062C39A3C5B38A PX5: 7F1D9BFF002D89D3F04E005C98AFF900ECE9EEA3
C:\WINDOWS\System32\TAPI32.dll InMem: 1 Det [G] MD5: 9B53CE123C15E95DE40592CFECEC5A09 PX5: ECB3A62200F5E5E3C61D0271F9934A0018AE4A00
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] MD5: D7DE6CD7A5F84909B12B7DBD7D93811D PX5: 6CBEE3D600A4FEB310F101DE8C083F003D6F721F
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] MD5: 546254D4769E165CDC3388D74B201FCB PX5: 5DDC4A3800A53317F204023D51875A00711FF5B5
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] MD5: 3DC13080F28F80ED5D31E20E226536A5 PX5: 892E25230047BFE41A2700448F955F00DB3FDA3D
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] MD5: 15EE9EFF206DAA73B9642FCD51A69BB1 PX5: 97A7792B000122A1A6A80092373D18006EB85382
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] MD5: 6953DE298C888ABE268FF59BAC64CF4E PX5: F785B0520050629F0457028102F0DA00CD162C70
c:\windows\system32\qmgr.dll InMem: 1 Det [G] MD5: 04E8321935AD5643FF59901F3EF5F4F3 PX5: A628078700D0FC00D60105464D1E6100132AFD53
c:\windows\system32\SHFOLDER.dll InMem: 1 Det [G] MD5: 8B205EB92B49D10055427365065357E8 PX5: 209DE55C009ABDE8627700E93AF07200F7058D40
c:\windows\system32\WINHTTP.dll InMem: 1 Det [G] MD5: 5B4EC6C0FBACC85430CE3D6AE8563A0D PX5: 8A8FE9C3008B23F25C3905D494C02C00D181B661
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] MD5: E0CC838265401128097D182FB583889A PX5: 4924777000FF363CECB300E8D69F7300112A6AF8
c:\windows\system32\certcli.dll InMem: 1 Det [G] MD5: 5F24A58D40870F8FE6CF7E15E73DE146 PX5: 925C7DF9003B9C1200C5031520AB850028BB5515
c:\windows\system32\ersvc.dll InMem: 1 Det [G] MD5: FF547B3876B6E652431412345FB8EE11 PX5: 1075AE7B006257925A3B00E01F4D2400B15FB39E
c:\windows\system32\es.dll InMem: 1 Det [G] MD5: 659C04BB6086E480966FFD0D44F1CC4D PX5: 79EA0C1C007DD384B6CC033ACA71FA00F62D9D5F
c:\windows\system32\dmserver.dll InMem: 1 Det [G] MD5: 499FFF7BCA07009A23447776286F0510 PX5: FABFF932000B9F155E610037E22ABC006B953D35
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] MD5: 03A7A19834E2A63C445B3AC5E73AAB50 PX5: 5BE772A20028818F98B300E973AA5500998EE021
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] MD5: 974831AA16AEE016D902F8582CCB30FE PX5: 0BFF5A6200F821CA7A0401E40DD655008D70866B
c:\windows\system32\netman.dll InMem: 1 Det [G] MD5: 1231D4353698E19495DC8A929B8B74EB PX5: 65612A5600E1886F042503516394BA0003C1C8BE
c:\windows\system32\netshell.dll InMem: 1 Det [G] MD5: 4CC28DE5620ACE4F613B42A4F836DEDE PX5: F7F9A56A007CF701368C1AE01A3E1600E0C02A68
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InprocServer32 - {7007ACC7-3202-11D1-AAD2-00805FC1270E} [C:\WINDOWS\system32\NETSHELL.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{992CFFA0-F557-101A-88EC-00DD010CCC48}\InprocServer32 - {992CFFA0-F557-101A-88EC-00DD010CCC48} [C:\WINDOWS\system32\NETSHELL.dll]
c:\windows\system32\credui.dll InMem: 1 Det [G] MD5: 2D68AF44B169D033545FA501B9FF4F30 PX5: E886FD9F0056D4F18254029213832F003DEFF647
c:\windows\system32\WZCSAPI.DLL InMem: 1 Det [G] MD5: 28CDDFDF8C30D886284F3549C4A8E284 PX5: EBF8733200CD9B7CCA4C0051E7642A0024707F2E
c:\windows\system32\seclogon.dll InMem: 1 Det [G] MD5: 241D074DAB2A67D2D7616CE7C8B05650 PX5: 5B80E36F00AA396B4A8300B7E7951D00D7AA4B2D
c:\windows\system32\srsvc.dll InMem: 1 Det [G] MD5: BA4E8AC9A60C4527C969D08F3ABE9D36 PX5: F652BD0100BA7CC29C6202A16DDB5500C590261B
c:\windows\system32\POWRPROF.dll InMem: 1 Det [G] MD5: 41FF9D663219A1DD0397FE2C5B09436C PX5: 31AB7E9C00B2127E4485007208C03300950D28C1
c:\windows\system32\trkwks.dll InMem: 1 Det [G] MD5: 6C7F265BD43A1D85103EC5CB1251D2B6 PX5: 906F8E37007C9B5A621D011F493B83005C29CC43
c:\windows\system32\wuauserv.dll InMem: 1 Det [G] MD5: 4CBB7CC975E5B67022A7F95DFC6EF9EC PX5: 0799809A00702BD41AB400068A66AC0043C84727
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] MD5: 3EEC20E41F5F331B94002970CEAEC92F PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] MD5: 4D7708FD334C23E17400CA8327CE3D11 PX5: 60605FEC005AB19AEA050033F1225300422702FD
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] MD5: A434E5666A953F6A0406CC99B8B8C6A0 PX5: 192CF4F3003C31E4769D0029DA080500F7D037E4
c:\windows\system32\browser.dll InMem: 1 Det [G] MD5: 72FBF0322BE8A0F25AE722FDE36AB1E6 PX5: 9CDD0A4F005D0D9D2E6201C807EC76000E0D1CE8
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - [Browser Customizations]
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] MD5: A91ACDD987DC3E0E1FCEDDA6F1FFEF2A PX5: CEF9F3BC00C6E32738BF0260919AD800E787713F
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] MD5: B590F13F17409970A6994473EB98EF74 PX5: FAEC6BFB002AF8059230067AACCA280087EB5B02
c:\windows\system32\sens.dll InMem: 1 Det [G] MD5: 688BE760C858E347A4E23186B725C86B PX5: 00AF89660086F69E989700E590F03600F597A8F5
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] MD5: 1DA364FA673E18BC1DE8F5CDF3657DBD PX5: 89882A6E0030CF0B12CE052A40AAE5009F9198F9
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] MD5: 17F70F4E37452A30C35565052AB68BE9 PX5: B11BC224000C550D3E4B01F1618F6300676DF706
c:\windows\system32\msi.dll InMem: 1 Det [G] MD5: 34A737E1344985BC5A636A4ED286DE61 PX5: B09678EF00F05CBD8EB12B2266AE240024089B64
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] MD5: 7DB0054945C1C937553F97FA1F1EAFFB PX5: 30B285D60040901346F3037FF72C08005C58C30E
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] MD5: 2E9B41FDD71FDDD9D596CF3FDF0A1FDD PX5: D34E2BC3004DE1451AED08DF0B2B620026599912
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] MD5: 20938C6D287B27AB3F1FDE53FF3507DE PX5: DE687FC600BAAC77C8B4030B6F14AB0094AE7226
C:\WINDOWS\System32\Wbem\FastProx.dll InMem: 1 Det [G] MD5: FC9F0B7216D087F9502ECE38439AE144 PX5: AEBA61B800E4BC9A34F5075F66FDAB005D1447F9
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] MD5: DD3E1E96EA769C31936D9B09F9137954 PX5: 25397BDF00757EBFAAF700E3ED2B7800B9284F1B
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] MD5: BC664C7546EF5C1A5712E7B48AF24741 PX5: 0BDBA5A5000A6748803F0102F9279500D2C1C9B2
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] MD5: 41B4ED9F8D444CE09B6A1FE76AE22040 PX5: DAAC922100087395B4C8026D60ACD300B870E129
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] MD5: 9C38B58FDD3FFBE7ED90B5936CCE3784 PX5: ED0A598E00540BAB56A9139D5AFF60002DA225EE
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] MD5: A9126ECB8BCA406D6DF60BEC11AF594A PX5: A0B0F9B500ACD436ECA70034F32E2C001398A8B7
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] MD5: 7C5986B94EEE98CF0A0F5EAE44912E5E PX5: 66978F8E0092BC0304EB01E29B925900A2E75CFB
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] MD5: 3BD93201E3AFA5A0660C793A4BDAE773 PX5: 2C097C2B007169C960BA0014DCE7CC0038229E38
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] MD5: C3B4CFBA8936D0AF25D5391F53F2DA91 PX5: F4F4A6AD001EC8C1E2C500B4FE61840054C0DDE3
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] MD5: CAD4191048F595A794E14CEE31DB06FD PX5: 6DFA47A500DAF26FE68800D61F5B31009BB0B65D
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] MD5: D110A8CDE08CC1D346814C814D32F2ED PX5: DCBBBE7700F574BEAC5B06A359C30800D52199FA
C:\WINDOWS\system32\wbem\wbemess.dll InMem: 1 Det [G] MD5: 1C4C78B5943AE143513DD1522E14926A PX5: 57BC20470030CEBC2E7C0420B5413100E2A61178
C:\WINDOWS\system32\wbem\ncprov.dll InMem: 1 Det [G] MD5: 1B8923492B022438764DCF6BD8B0EFA9 PX5: 28C2B58B00AC779DB8320092176FE400CB94678D
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] MD5: 3A4C429F316C510C3E4C5F2FC7372C26 PX5: 77B7DE3500985E80CE7503E2DF55BE00B03FFDDD
c:\windows\system32\rasmans.dll InMem: 1 Det [G] MD5: 6686C0C8B47618414215FC184972C69E PX5: 6AC5343500463BCBC43C0233B0575500AE7EBADF
c:\windows\system32\netcfgx.dll InMem: 1 Det [G] MD5: AB06350510C1F68C7202703480F6FF17 PX5: 4F8DF8B4009990EE9C82091CBF6CD600CD59067D
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] MD5: F4DE764732E8F6028BB18AADD4912317 PX5: 699D459D008C3BC6E634009735DEBF004B936485
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] MD5: 12C9C630FD867446D8B846C28454A45F PX5: BFCEE8FF0036A1F42CB803103A63E10078271DF9
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] MD5: 8BC01CBCDC4345A7367F2EDCBAA4A07F PX5: D4A3FA58003A460436E500FC8F082200CAF4CCCF
C:\WINDOWS\System32\unimdmat.dll InMem: 1 Det [G] MD5: 03486F64E165822E2E017F1169239304 PX5: 8F8CA7B700081F963ABA0102BB6592004A8170FD
C:\WINDOWS\system32\modemui.dll InMem: 1 Det [G] MD5: 8021A4459D596D037E6AC166B4EB8A9A PX5: D11A71A3005679E15E1F02728B16990070468BB5
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] MD5: 516447BBB1A13F72E98989580EEAEB36 PX5: C200FF390086F832824F0082C924C70039E73BB5
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] MD5: FF5CBCADD5833B484C773F7DF16F13BF PX5: 9787C23000D76D69E07F0030C6CACA005BA7ED34
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] MD5: 4E2F02E1BA55160806AD42FEE296F8B2 PX5: BB9887B4006414FA44B900C28BC43200412916D4
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] MD5: EA96018804FEB47C384EFDB3D07E7EB9 PX5: 72FD790F00B8268510FF046EA54C6E0080B1B5D1
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] MD5: EA5C2C1F5F74A5660FB0F72E63861030 PX5: 578102E800C1441976DD00BD8619300083827C0B
C:\WINDOWS\System32\HID.DLL InMem: 1 Det [G] MD5: 3B4E115A33A2BFF0D74792D572F448DD PX5: 551CD37300F70F6C527C0010EC920400B756D4FA
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] MD5: 4A48EDCAB3B97997055AC533CAFDB501 PX5: 69B8011C006A35C426B80310309570000552A536
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] MD5: 8ED1589D9A626027E4FAF24C149860E6 PX5: 182944C0006C52E520B8003B3C2E0700820D2E78
C:\WINDOWS\system32\upnp.dll InMem: 1 Det [G] MD5: 7E7491C2CF7A0781C0004D2C5BE71BC4 PX5: 5CC09E6000F77B62063F026310FD670014E0CF2C
C:\WINDOWS\system32\SSDPAPI.dll InMem: 1 Det [G] MD5: 4EA31D2858780DDB446A9DC9B2D23C3D PX5: B458C80C0094BE55886700FEA91CE300F0D01D10
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] MD5: D52A1298D47FA8652B30451855265F94 PX5: 289AD96400BB9C934C7F0AD56A0D5500E683D618
C:\WINDOWS\system32\Msxml3.dll InMem: 1 Det [G] MD5: F95E644F65D439D2F9122D52F0321327 PX5: 60B20BB200F84299DCAB10FF374BBC00797C1A91
C:\WINDOWS\system32\wbem\wbemcons.dll InMem: 1 Det [G] MD5: 89A935A5CB3FE6D25BB87DE3370E6B5E PX5: FEC4B3B500CE633918000143FDB47200CD210469
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] MD5: 1A4CCB390093D1A6F0EEC063F44AFF31 PX5: 3AB739DC00686EC6B26F00A3B54A4300F767B865
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] MD5: 6E008B7EB9B67D555B5EE1C1091F3A7E PX5: 050B19680015AAE33629000A173BF5000631D061
c:\windows\system32\webclnt.dll InMem: 1 Det [G] MD5: 83ED24C34250AFAB1E55DEB3D8D7EC1A PX5: F49C6F7000D3BB7B0AFE01B9E6A55A009E654432
c:\windows\system32\alrsvc.dll InMem: 1 Det [G] MD5: AD78B916B3CB2B7BCA9503B929E534B9 PX5: 811BE0600048486C442300065BDCFA002D3B3F47
c:\windows\system32\regsvc.dll InMem: 1 Det [G] MD5: 78FBE7DA29307EDE7ED0E33F1C4969BC PX5: 0038ECD50092146CEAE600DC41696F006EFFA138
c:\windows\system32\ssdpsrv.dll InMem: 1 Det [G] MD5: 1FBF38A525EEDD7402BFA7E27236A64F PX5: EFEEB4A70072CCE218E201A90823060000AE77FB
C:\WINDOWS\system32\ZoneLabs\vsmon.exe InMem: 1 Det [G] MD5: 7DE2CBEAD1E815C689441E572529160D PX5: 3E3CF923289F4ACE26F801A58B4D4E007718AF03
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\vsmon - ImagePath [C:\WINDOWS\system32\ZoneLabs\vsmon.exe]
C:\WINDOWS\system32\VSUTIL.dll InMem: 1 Det [G] MD5: D30B3D784458FB0062CFA398796E2B39 PX5: A5A0732CE8E18E6B355B07E22B5EFB005055BE67
C:\WINDOWS\system32\VSINIT.dll InMem: 1 Det [G] MD5: 58D56CD7B57BFF9DAC154CCE57566665 PX5: F6FEE001E8E1727465BA021A8C851F0098685C33
C:\WINDOWS\system32\zpeng24.dll InMem: 1 Det [G] MD5: 71FF7CEDC165E70959595104F3D50905 PX5: B67E8380E81590309592105A87B072004AEFAE27
C:\WINDOWS\system32\ZoneLabs\dbghelp.dll InMem: 1 Det [G] MD5: 3B5F0BF4125688A531FA21C823EA6193 PX5: 5FC301BE009EEE4A6A570CE0E76CBD0082490BEB
C:\WINDOWS\system32\VSUTIL_Loc0410.dll InMem: 1 Det [G] MD5: C71D54014A6DBB300D98CE8C64EAFFF1 PX5: 968E281B90EA797CD52600BC982BD300F3276EEA
C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd InMem: 1 Det [G] MD5: 212AC4C31E7091ED5D1BCA6892BD6870 PX5: C5C47B0FF0358DC865D0002DDDE82A0014447A13
C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd InMem: 1 Det [G] MD5: 95403B4E8D0A475FA41B3EC04EE6C661 PX5: 65CE43E7F09A95DA6598002DDDE82A003A761ABF
C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd InMem: 1 Det [G] MD5: 5AB07CBAC9E11A95F5338EA80A0E705D PX5: B94BD7EEF0BCA23A3579027B72E59300006B94DB
C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd InMem: 1 Det [G] MD5: 346362923D75EB3F5713AADA15035710 PX5: F010D9CAF0815A6EB5F400B42592D7000FF138B4
C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll InMem: 1 Det [G] MD5: EDB14C992864BAB337B6601157C117A2 PX5: D946DDCB08E40239763F002DDDE82A00FD8FB7BA
C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll InMem: 1 Det [G] MD5: 123B10B55BECC0E9190F09D47C79D9EC PX5: 80EBE424E84ECD3C756C00E2E0474B000B9B2D04
C:\WINDOWS\system32\ZoneLabs\vsmondll.dll InMem: 1 Det [G] MD5: 063F46107B4BAF237AC89A7E4A5A244F PX5: D81CA49CE80B92F1E5B21EC843AC000051C245BF
C:\WINDOWS\system32\VSDATA.dll InMem: 1 Det [G] MD5: 70E0705D4E7AB752AF72D820BA0EB48B PX5: FAB1913CE815021E45C1018595E7C9007742AC26
C:\WINDOWS\system32\ZoneLabs\ssleay32.dll InMem: 1 Det [G] MD5: C0499F531FC25CECA77950557B3257BD PX5: C0A3463AE82F775FF51D06DB0B88B00033EF8757
C:\WINDOWS\system32\vsxml.dll InMem: 1 Det [G] MD5: 61AF0E67298480EFC98F4C5E22629444 PX5: EF5D1033E80F8ED285BC0137B5823500C945B4FC
C:\WINDOWS\system32\ZoneLabs\fbl.dll InMem: 1 Det [G] MD5: D610A47BD6C3CC46639FE3728C866FE8 PX5: 32DDE8D2E06919B2F5FA01E245A5ED00DCDCE6E8
C:\WINDOWS\system32\zlcomm.dll InMem: 1 Det [G] MD5: C6B8098A9AC5BBC19F018A612B1F2F79 PX5: 9E440C2BE8B14CA145C90161F1023F00A7F6BE72
C:\WINDOWS\system32\ZLCommDB.dll InMem: 1 Det [G] MD5: 1BD6685CB1171D7828C52EC54B58BFB6 PX5: 8E71129AE8FA03BD15C1015F4B6BDB000690AAF4
C:\WINDOWS\system32\ZoneLabs\vsdb.dll InMem: 1 Det [G] MD5: B244BF4ACE737E662F06E412C3C0BAD1 PX5: CACD79B2E870995A355A0170705F6F0014247D8F
C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL InMem: 1 Det [G] MD5: 8252A50422E40BDBBA15A7F240F39151 PX5: D39D0FC0E89DBBFF851614EECC302A0061E0E1B2
C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc0410.dll InMem: 1 Det [u] MD5: 904F3540926E7C2834D11F39CFD2777E PX5: 3585318290F16E4D054C031CDCD8A300CE61F685
C:\WINDOWS\system32\ZoneLabs\vsvault.dll InMem: 1 Det [G] MD5: 5D8A43436AD98588A7A4F79A3433BC7F PX5: 0F3C62EEE875AD4CB5CD039F4F17D700C02B6381
C:\WINDOWS\system32\vswmi.dll InMem: 1 Det [G] MD5: DF0C1AF9CBA3E17998FB4220C6BC9CDB PX5: 11627E90E894C8E7B5540021D0BFA7006E8BA216
C:\WINDOWS\system32\wbem\wbemprox.dll InMem: 1 Det [G] MD5: CECE259D273771497D2C96C8121D9C58 PX5: 118AA1B200D76A754A3B0017C7664600A1463C19
C:\WINDOWS\system32\ZoneLabs\av.dll InMem: 1 Det [G] MD5: EC77BA0C8E601368C0344507F893BEB5 PX5: B787DDF420940985964B059B6F4D760093765CC7
C:\WINDOWS\system32\ZoneLabs\av_Loc0410.dll InMem: 1 Det [u] MD5: 87FB64228C094918237A1FD95DBCA7A8 PX5: EC11113D90F3BB3D550700A7493F3A002308B388
C:\WINDOWS\system32\ZoneLabs\imsecure.dll InMem: 1 Det [G] MD5: 71C3995D10C60447C371DAB7E38069CF PX5: 75DB4B27F885DBCAE51C0485B5AC13008E65B548
C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll InMem: 1 Det [G] MD5: 68EF1DD3C3ABCDB31BB800FC55F5937B PX5: B4A9CE7FF0089D3C35E101184D693C00D887B8E7
C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc0410.dll InMem: 1 Det [u] MD5: 1ACD6464968E0E0F7CA3AE2E55716244 PX5: 98737F1B90300D8745DA007C57AD39007CCEF85B
C:\WINDOWS\system32\ZoneLabs\qrbase.dll InMem: 1 Det [G] MD5: 8033C00708E62C37CB5693325BEE5E34 PX5: FE470EBFE89AF3AEE6E30AFAFC370C00A99BCF11
C:\WINDOWS\system32\ZoneLabs\scheduler.dll InMem: 1 Det [G] MD5: EEE7E094000976D2DC2EB43B6E94F8C0 PX5: 88F0626AE8B76607A51D023AA65AF9005E504A3C
C:\WINDOWS\system32\ZoneLabs\zlsre.dll InMem: 1 Det [G] MD5: 2BB8F7F9CC527D383FF6FDCB9563A81C PX5: 83C5FFF4E8BC48DBC5ED05F23E7B1200473D06A2
C:\WINDOWS\system32\ZoneLabs\zlsre_Loc0410.dll InMem: 1 Det [u] MD5: F50C008CE71522B575F5E94467DA35E2 PX5: BC26320B901193E855D700D1E7110A0012C12E79
C:\WINDOWS\system32\ZoneLabs\srescan.dll InMem: 1 Det [G] MD5: 1C66022F01AEE4B699A891D1FBD903D1 PX5: C213DEEDE8FAE4E4D67A16B073E56B003AA6DCCC
C:\WINDOWS\system32\ZoneLabs\zlupdate.dll InMem: 1 Det [G] MD5: 565FDBC7FB666D057DBEA3884D219110 PX5: 7EE9147EE8E778A4D581017426D11F003A0E42BC
C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll InMem: 1 Det [G] MD5: 5AA8A072470C28070B2A3DED0DB64FB5 PX5: F15A41FD008CA4D536040363DF38FE0083FDB89D
C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll InMem: 1 Det [G] MD5: 237DA013653DE8CEC807B47EA9FFC34C PX5: F808164890332B4325580CEBDF88D800B245BE21
C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll InMem: 1 Det [G] PX5: BC771807F864723845DE31A21870460004357D0D
C:\WINDOWS\system32\ZoneLabs\camupd.dll InMem: 1 Det [G] MD5: DA7A2D5408014191870CA41228424DDB PX5: 4E23724EE82944E385F7016BB3CED5007F4FACEB
C:\WINDOWS\system32\sensapi.dll InMem: 1 Det [G] MD5: 344E594BB748D4F828211A7C9CEA0829 PX5: 945479A500423FB71A9A004C020A3B0024ABF6B3
C:\WINDOWS\system32\MSCTF.dll InMem: 1 Det [G] MD5: 5D2F1BEEA828B4951F550BADE794C1EF PX5: 64563C73008EB95E7EDD046B94EDCE00A3D588EB
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] MD5: 7E2817A623E16F830B660F81C0FD63DA PX5: 5F224AD100F73BC6CEBA0FDC56B8E400769BB8AE
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] MD5: 2FB8598AF9E9E299AE131E99E8B55139 PX5: 9210550000A9C0D09E6B0F64C95B5900FC9756FE
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InprocServer32 - {5E6AB780-7743-11CF-A12B-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\InprocServer32 - {22BF0C20-6DA7-11D0-B373-00A0C9034938} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\InprocServer32 - {91EA3F8B-C99B-11d0-9815-00C04FD91972} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6413BA2C-B461-11d1-A18A-080036B11A03}\InprocServer32 - {6413BA2C-B461-11d1-A18A-080036B11A03} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\InprocServer32 - {F61FFEC1-754F-11d0-80CA-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\InprocServer32 - {7BA4C742-9E81-11CF-99D3-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\InprocServer32 - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{07798131-AF23-11d1-9111-00A0C98BA67D}\InprocServer32 - {07798131-AF23-11d1-9111-00A0C98BA67D} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\InprocServer32 - {AF4F6510-F982-11d0-8595-00AA004CD6D8} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11d0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A08C11D2-A228-11d0-825B-00AA005B4383}\InprocServer32 - {A08C11D2-A228-11d0-825B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2763-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7376D660-C583-11d0-A3A5-00C04FD706EC}\InprocServer32 - {7376D660-C583-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6756A641-DE71-11d0-831B-00AA005B4383}\InprocServer32 - {6756A641-DE71-11d0-831B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\InprocServer32 - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7e653215-fa25-46bd-a339-34a2790f3cb7}\InprocServer32 - {7e653215-fa25-46bd-a339-34a2790f3cb7} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{acf35015-526e-4230-9596-becbe19f0ac9}\InprocServer32 - {acf35015-526e-4230-9596-becbe19f0ac9} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2764-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 - {03C036F1-A186-11D0-824A-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2765-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\InprocServer32 - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\InprocServer32 - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\InprocServer32 - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{21569614-B795-46b1-85F4-E737A8DC09AD}\InprocServer32 - {21569614-B795-46b1-85F4-E737A8DC09AD} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 - {8C7461EF-2B13-11d2-BE35-3078302C2030} [%SystemRoot%\system32\browseui.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11D0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
C:\WINDOWS\system32\SHDOCVW.dll InMem: 1 Det [G] MD5: 5D4716444DC5CE707B3D44682B08421A PX5: D9FE865200B172D0D0E41687C211E6006DE70AF6
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524152} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524153} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E61-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0A89A860-D7B1-11CE-8350-444553540000}\InprocServer32 - {0A89A860-D7B1-11CE-8350-444553540000} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocServer32 - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}\InprocServer32 - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{67EA19A0-CCEF-11d0-8024-00C04FD75D13}\InprocServer32 - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{131A6951-7F78-11D0-A979-00C04FD705A2}\InprocServer32 - {131A6951-7F78-11D0-A979-00C04FD705A2} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}\InprocServer32 - {9461b922-3c5a-11d2-bf8b-00c04fb93661} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}\InprocServer32 - BarSize [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\InprocServer32 - CLSID [%SystemRoot%\system32\shdocvw.dll]
C:\WINDOWS\system32\themeui.dll InMem: 1 Det [G] MD5: 0F7BFE3EF3FC33FD598427C015BB8B5D PX5: BAC50787005D6D22F49E05A57642CD002A91E075
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{41E300E0-78B6-11ce-849B-444553540000}\InprocServer32 - {41E300E0-78B6-11ce-849B-444553540000} [%SystemRoot%\system32\themeui.dll]
C:\WINDOWS\system32\MSIMG32.dll InMem: 1 Det [G] MD5: 51F309AA675B5B77D19C573B7E0BB253 PX5: CB413D4600B070AF127100D0C427CA00FD59EFF9
C:\WINDOWS\system32\msutb.dll InMem: 1 Det [G] MD5: FC6C38A1249D86FC62F72C8A5E3379DB PX5: 7A3AA486004261ECFC5902E8FBAFDA00B6B25BB1
C:\WINDOWS\system32\LINKINFO.dll InMem: 1 Det [G] MD5: B737A3DA2C0A605CE2C7E118C59F38C7 PX5: 87EB2C9D005DD1A14E450046E4D6CC0014CFCDB6
C:\WINDOWS\system32\ntshrui.dll InMem: 1 Det [G] MD5: 64E0C77FAF1A30547739580EB5F3AACF PX5: 5EB8DF8A0005A80F3870025CC8B2C100D6ECC82F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InprocServer32 - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [ntshrui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InprocServer32 - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [ntshrui.dll]
C:\WINDOWS\system32\ieframe.dll InMem: 1 Det [G] PX5: 799135F90060C73090EF5CD495872F001FA4CB01
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\InprocServer32 - {30D02401-6A81-11d0-8274-00C04FD5AE38} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 - {FBF23B40-E3F0-101B-8488-00AA003E56F8} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 - {FF393560-C2A7-11CF-BFF4-444553540000} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InprocServer32 - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 - {871C5380-42A0-1069-A2EA-08002B30309D} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InprocServer32 - {07C45BB1-4A8C-4642-A1F5-237E7215FF66} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InprocServer32 - {1C1EDB47-CE22-4bbb-B608-77B48F83C823} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InprocServer32 - {205D7A97-F16D-4691-86EF-F3075DCCA57D} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InprocServer32 - {3028902F-6374-48b2-8DC6-9725E775B926} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InprocServer32 - {43886CD5-6529-41c4-A707-7B3C92C05E68} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InprocServer32 - {44C76ECD-F7FA-411c-9929-1B77BA77F524} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InprocServer32 - {4B78D326-D922-44f9-AF2A-07805C2A3560} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InprocServer32 - {6038EF75-ABFC-4e59-AB6F-12D397F6568D} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InprocServer32 - {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InprocServer32 - {6CF48EF8-44CD-45d2-8832-A16EA016311B} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InprocServer32 - {73CFD649-CD48-4fd8-A272-2070EA56526B} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InprocServer32 - {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}\InprocServer32 - {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InprocServer32 - {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InprocServer32 - {B31C5FAE-961F-415b-BAF0-E697A5178B94} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InprocServer32 - {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InprocServer32 - {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InprocServer32 - {E6EE9AAC-F76B-4947-8260-A9F136138E11} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InprocServer32 - {F2CF5485-4E02-4f68-819C-B92DE9277049} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InprocServer32 - {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InprocServer32 - {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} [C:\WINDOWS\system32\ieframe.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InprocServer32 - {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} [C:\WINDOWS\system32\ieframe.dll]
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] MD5: D846CE1DF96C6D16C02EF955EB55B164 PX5: E263BA0C0001F63EB2B311F04DA6ED0028905CC4
C:\WINDOWS\system32\webcheck.dll InMem: 1 Det [G] MD5: 601E6EC54DBA40DB2DE235ED48394F0D PX5: 21AB4DA700F0FD24909203757543BF003E081A50
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [C:\WINDOWS\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}\InprocServer32 - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [C:\WINDOWS\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F5175861-2688-11d0-9C5E-00AA00A45957}\InprocServer32 - {F5175861-2688-11d0-9C5E-00AA00A45957} [C:\WINDOWS\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InprocServer32 - {08165EA0-E946-11CF-9C87-00AA005127ED} [C:\WINDOWS\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}\InprocServer32 - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}\InprocServer32 - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7D559C10-9FE9-11d0-93F7-00AA0059CE02}\InprocServer32 - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} [C:\WINDOWS\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}\InprocServer32 - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D8BD2030-6FC9-11D0-864F-00AA006809D9}\InprocServer32 - {D8BD2030-6FC9-11D0-864F-00AA006809D9} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}\InprocServer32 - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [C:\WINDOWS\system32\webcheck.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 - WebCheck [C:\WINDOWS\system32\webcheck.dll]
C:\WINDOWS\system32\stobject.dll InMem: 1 Det [G] MD5: 6474C3D1C136C60291B8A5EE9ED1735B PX5: 54D80CDC00F43E2DDE26016C15CB850052548DBB
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 - SysTray [C:\WINDOWS\system32\stobject.dll]
C:\WINDOWS\system32\BatMeter.dll InMem: 1 Det [G] MD5: 66DB9D9CA443D7C8C9222BFF72F61ACF PX5: 73074F1200F9F02570C400FC5F48D3002E4325D8
C:\WINDOWS\system32\WPDShServiceObj.dll InMem: 1 Det [G] MD5: 045E228F71C31901084B64BE59093499 PX5: 7176B495005E12B50A520234E7E1AF00FB8DD268
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 - WPDShServiceObj [C:\WINDOWS\system32\WPDShServiceObj.dll]
C:\WINDOWS\system32\mydocs.dll InMem: 1 Det [G] MD5: 0E34AD97F42004E23DA845FF4F822090 PX5: 57E2829600BA664D643501A4D8468A0095362A02
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECF03A33-103D-11d2-854D-006008059367}\InprocServer32 - {ECF03A33-103D-11d2-854D-006008059367} [%SystemRoot%\system32\mydocs.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECF03A32-103D-11d2-854D-006008059367}\InprocServer32 - {ECF03A32-103D-11d2-854D-006008059367} [%SystemRoot%\system32\mydocs.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{4a7ded0a-ad25-11d0-98a8-0800361b1103}\InprocServer32 - {4a7ded0a-ad25-11d0-98a8-0800361b1103} [%SystemRoot%\system32\mydocs.dll]
C:\WINDOWS\system32\PortableDeviceTypes.dll InMem: 1 Det [G] MD5: 22358578CB321F3325496A3723029409 PX5: 79585FF4007031758CF802904E46EE00DF2F75D4
C:\WINDOWS\system32\PortableDeviceApi.dll InMem: 1 Det [G] MD5: 9D45B2201D0ECF9F42136C7B99DEB8B2 PX5: 413BE4C6002C530256CD0467F46CFA0079ACDAE6
C:\WINDOWS\system32\MLANG.dll InMem: 1 Det [G] MD5: F036BC2525F8701628ABB0A550C1C692 PX5: A0FB8BA50045A9FEF20208062C04B3005F96B032
C:\Programmi\Alice ti aiuta\SmartBridge\SBHook.dll InMem: 1 Det [G] MD5: 1DA7138C079175E2D1A4A29326050672 PX5: A97CA7070034F190E01301B54A4896005EF269BE
C:\WINDOWS\System32\drprov.dll InMem: 1 Det [G] MD5: 4F32C69E05AE35FC609218E94B0DF5D9 PX5: BB8EDCE2008403A638800074FD083400905C26EC
C:\WINDOWS\System32\ntlanman.dll InMem: 1 Det [G] MD5: D72C81E7F4986BEB202813FC743AF8D7 PX5: FCEBCD7A009905FEAA4200960455950080D2A1BD
C:\WINDOWS\System32\NETUI0.dll InMem: 1 Det [G] MD5: 9FE57C0551C88667B8FBDE49BD399144 PX5: 074187360063FEE5400A014D6C2C430053ABE349
C:\WINDOWS\System32\NETUI1.dll InMem: 1 Det [G] MD5: A5CA0066DF5A68D4A7403F2E32D620D8 PX5: A4DAD8A200850E09C097034C744E770099F86FBA
C:\WINDOWS\System32\NETRAP.dll InMem: 1 Det [G] MD5: E7FC69C00BEBC04DAEF86071822B2B89 PX5: B3940B1900334CEB30F300847BE9340024D302E6
C:\WINDOWS\System32\davclnt.dll InMem: 1 Det [G] MD5: FA5791230A59DCC0F1BB0B0A193375A7 PX5: 5E0DDE0C0099E131624800B42D603500DF9BC5AA
C:\WINDOWS\system32\browselc.dll InMem: 1 Det [G] MD5: 03163D2CD97C11514F29987971F50A13 PX5: EA63F88500B471270C9A01309A4A800054BE305C
C:\WINDOWS\system32\DUSER.dll InMem: 1 Det [G] MD5: 0E316FF410E9A5BCA1BD1794DECE800F PX5: 576588D800DB533AA46504C81FA1F900F6700574
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA InMem: 1 Det [G] MD5: 25FAF84103DB2F272835337A4391173C PX5: D581665A000C981EC0E1044D188D40005CCA75A7
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe InMem: 1 Det [GP] MD5: 0629361FAC4576BA48AB39F4903DCE9E PX5: BC5F9CE5587AA4CEF5D0088B27A70000E04EEAA4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aawservice - ImagePath [C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe]
C:\Programmi\Lavasoft\Ad-Aware 2007\CEAPI.dll InMem: 1 Det [G] MD5: 759C45CA544A92DE4B88618894A15587 PX5: A61CB37168A920F8457E0B5A08E1F00084E8F100
C:\Programmi\Lavasoft\Ad-Aware 2007\PKArchive85u.dll InMem: 1 Det [GP] MD5: 46374252AFA0A37F4F7AF528F6F16B96 PX5: A6A83F635884CF1AD7B40D2026D13D0066B1F9FB
C:\Programmi\Lavasoft\Ad-Aware 2007\Update.dll InMem: 1 Det [G] MD5: 72CCE73551D24D7863369F3BFD6548C9 PX5: 257E4CA860FA884205950831D883550042BDA968
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PX5: 1DCDB07A00179F65E28700A02CD4BA00B29C7A8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler - ImagePath [C:\WINDOWS\system32\spoolsv.exe]
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] MD5: DD90C59EF82D6CDE5886B595CA8D8D8A PX5: EEC4C153008FC3AA248101F4B2E71800601A2E7A
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] MD5: D5882ABF5F3652ACBF36C882EA4DC9A8 PX5: 4416D740002AA3683E4E05C1EF102900643A9BD8
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] MD5: A2660003F73982579EBFEF1F6C2F6234 PX5: ADFEA2D500C13C76C238009F710B75002AA8B844
C:\WINDOWS\system32\EBPMON24.DLL InMem: 1 Det [G] MD5: 2F615DBB76AB23885FCFBF0BD261B63D PX5: 8AA4641A16593579299301ACB65BE10047ADF0E2
C:\WINDOWS\system32\mdimon.dll InMem: 1 Det [G] MD5: CF0376023360AADD55C89BA50564AFDC PX5: 4A580D5700F10E5846F3006043C178003D6E741C
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] MD5: BBD335EEABDA429E2A4A401AE977ACCC PX5: 84CFC62400E584133C01005DDEFEF70074DE7C99
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] MD5: 1417745D9156EED7C8B871A3F8A8F56D PX5: 4DB1307F00B38383B4DE0091A261F900D73B20B9
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] MD5: 1AE1CDA7F68B0A8603A3117AE5F00B03 PX5: 355B55CF00434C1C429F0037D7A64900612AB6C2
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll InMem: 1 Det [G] MD5: 58E13A2292839321D3CDC918D5A4F5AE PX5: 90B16E50005219F14AEA007FE239C5004092D249
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] MD5: 660E56BC8C253B5B47DCC6560CCD62DA PX5: 3EE5A7330005B84D903F019D6D465800D7DE2821
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] MD5: BE4FF5FBBC55DC3C2445377C50497F1F PX5: 84746D7B00F17DE826600104529E590058DFB441
C:\Programmi\Grisoft\AVG7\avgamsvr.exe InMem: 1 Det [G] MD5: 3C7B93F947355E374A49564D0D017B7B PX5: 21DE92A5001AF2AB64A906625DE519006365E2D7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7Alrt - ImagePath [C:\Programmi\Grisoft\AVG7\avgamsvr.exe]
C:\Programmi\Grisoft\AVG7\avgklib.dll InMem: 1 Det [G] MD5: D756DC41EFFAAD294C858E94B4A11BD2 PX5: 0905B47E00DB8F4AF0C200D2E1793900305E89E0
C:\WINDOWS\system32\MSVCP71.dll InMem: 1 Det [G] MD5: 561FA2ABB31DFA8FAB762145F81667C2 PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\WINDOWS\system32\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\Programmi\Grisoft\AVG7\avglog.dll InMem: 1 Det [G] MD5: C935B33CB471DB79A42B81276A8D0934 PX5: D7A89D52008854C89AC801A4B599270028FCA248
C:\Programmi\Grisoft\AVG7\avgcfg.dll InMem: 1 Det [G] MD5: EE3201BF942FB000B8C98A6CEB9C4105 PX5: 9E42292C0097D465BE5108AD760F6200DA2B1CA8
C:\Programmi\Grisoft\AVG7\avglng.dll InMem: 1 Det [G] MD5: 1C8526EDBCE5499EB5722BED0A14B97C PX5: 4ECED89B00CF9794E450009CD16D5500FFF988A8
C:\Programmi\Grisoft\AVG7\avgupsvc.exe InMem: 1 Det [G] MD5: 30A14F65DB477DC00A64A5A24E96919C PX5: FB2D0C8C0030CE48C28B00B9473117008F2553BE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7UpdSvc - ImagePath [C:\Programmi\Grisoft\AVG7\avgupsvc.exe]
C:\Programmi\Grisoft\AVG7\avgemc.exe InMem: 1 Det [G] MD5: FC0B2AE890BB0DC8C2306DABEDC8A4BA PX5: 4A5FE9A4007E299F34A8065593279900431C83BC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AVGEMS - ImagePath [C:\Programmi\Grisoft\AVG7\avgemc.exe]
C:\Programmi\Grisoft\AVG7\libsasl.dll InMem: 1 Det [G] MD5: 694A11E643C8D3D27BFA8FC770990750 PX5: 56A03C6100B1FC62B41D00F6BE532A00B5BC37DD
C:\Programmi\Grisoft\AVG7\avgscan.dll InMem: 1 Det [G] MD5: 3A68865B43C361A227B9BD8DA49E71E4 PX5: 9F98A5910034E47FFE310562123AEF009D040066
C:\Programmi\Grisoft\AVG7\avgunarc.dll InMem: 1 Det [G] MD5: E5D4EDFBE5C6EC8B5FFE2CFCDC6DA880 PX5: 94CC112C000ECAA6EC0102379DE66800C3E8D4CB
C:\Programmi\Grisoft\AVG7\saslcrammd5.dll InMem: 1 Det [G] MD5: 093FD00E5CB80FE7E8DECC67758CE341 PX5: 2C96C31E00B5E01E287D004D2BD0C00035A197BB
C:\Programmi\Grisoft\AVG7\sasldigestmd5.dll InMem: 1 Det [G] MD5: F23D9F906D761F2E3332A4119F5AEECA PX5: 3EB7F743003CE1316CB600F23AA81000625F6143
C:\Programmi\Grisoft\AVG7\sasllogin.dll InMem: 1 Det [G] MD5: 01FF0DCDB9568CC16FA2751B904A9C19 PX5: AEF045C8000B3B71248500311400D200C8CABD07
C:\Programmi\Grisoft\AVG7\saslplain.dll InMem: 1 Det [G] MD5: 7C6632FF007383428033EF5D21074CCE PX5: 7701885500D5F013240C00DCBB2227008E609439
C:\Programmi\Grisoft\AVG7\avgmail.dll InMem: 1 Det [G] MD5: 3418CB457423454BA22EE56872932D18 PX5: 810EAF1A00F9191334950279EB43610032372599
C:\Programmi\Grisoft\AVG7\avgemcps.dll InMem: 1 Det [G] MD5: B6D988D898573CCD1A2BA20422B8C8F1 PX5: C4B6B553003904352A5E00E8C63AE8000F712130
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe InMem: 1 Det [G] MD5: D7B7EF32336BE73F43CE22B8D803E09B PX5: 64085EFF00A80A64A00401E533AF7A00EC8C4F5C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BlueSoleil Hid Service - ImagePath [C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe]
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE InMem: 1 Det [G] MD5: 11F714F85530A2BD134074DC30E99FCA PX5: 2E5BA9D3480CBAE9EA2A04C9F6D7FB00F945EC88
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MDM - ImagePath [C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE]
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\mdmui.dll InMem: 1 Det [G] MD5: 9F8DA8A1FB99658F283329208289B5D6 PX5: 2998F71B0054707760E1002DBABFEB007BD15900
c:\windows\system32\wiaservc.dll InMem: 1 Det [G] MD5: 385CF0E9C4679D23E1E8715AF2116D03 PX5: B69A81C6002918EE1A4705E2549FBB00ED5C7BBD
c:\windows\system32\CFGMGR32.dll InMem: 1 Det [G] MD5: 15797C5AA673590064348A025A5F17D9 PX5: 74C69D7C00EDC85142F6003C4DC9A1006D7B8195
c:\windows\system32\mscms.dll InMem: 1 Det [G] MD5: CD669D359DAD2AB7EE5F6E09010A6167 PX5: DF52A2B9002BAEF722FE01B4E2E8B900D4427BF9
C:\WINDOWS\system32\SBSMiniDrv.DLL InMem: 1 Det [G] MD5: 7702AE599F09583DEE69897186608B1C PX5: 081DB3C00044104560620352FE226200A1495C17
C:\WINDOWS\TWAIN_32\S6U16\SBSspi.dll InMem: 1 Det [G] MD5: 66E3ABFE35FF84E8CF9ECCDEA67426A5 PX5: 2932D1B1007E04EEF0C6022F99EC39004DA884E5
C:\WINDOWS\system32\dsnpstd.dll InMem: 1 Det [G] MD5: 48B96D1F15FA45EB044474E5612F6DE2 PX5: 622AC65E00A3A88ED05100F16D7F190039145DD3
C:\WINDOWS\system32\actxprxy.dll InMem: 1 Det [G] MD5: CAC8CE72845461A8C6818071D923FC89 PX5: 007947C1003133828EF901D865E09C00F6A66BF3
C:\WINDOWS\System32\alg.exe InMem: 1 Det [G] MD5: D4A42BF3C11302AA3CCD857034EF1E54 PX5: A1E5D90F00A84BB2AEC200E087F3A200AB0BF90E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG - ImagePath [C:\WINDOWS\System32\alg.exe]
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe InMem: 1 Det [G] MD5: 8FB740D758B14B1BC950CC347C21E461 PX5: 6523F0B300EF1CAE804800397CFC290058DDE1DC
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - RemoteControl [C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe]
C:\Programmi\CyberLink\PowerDVD\CLRCEngine2.dll InMem: 1 Det [G] MD5: 535203DEA5820F3B5F3FAACE0D51252C PX5: BB1152C800EECD5290330040411AF3003FAA4FF9
C:\WINDOWS\vsnpstd.exe InMem: 1 Det [G] MD5: F14BD811617D3485EF3A8B6BFF880024 PX5: FBC9431800299548A0D400E52ECACD00FA1DCEEF
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - snpstd [C:\WINDOWS\vsnpstd.exe]
C:\WINDOWS\system32\MFC42.DLL InMem: 1 Det [G] MD5: 0DDD564836A87EA1C3232B48FF0E221C PX5: FD5A337B00529124B0D80F421E82790041341A00
C:\WINDOWS\system32\MFC42LOC.DLL InMem: 1 Det [G] MD5: 4E03135C6B43689649293D6CA6C73DD0 PX5: 50EC1EAC0042F609E0B8000596D265006CAB3F5E
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe InMem: 1 Det [G] MD5: 64C4C17BF6A40FF1CD21205E6FD415B8 PX5: CF09D5D800702E04B04C00E9733D4600A2D58E89
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - ATICCC ["C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay]
C:\WINDOWS\system32\mscoree.dll InMem: 1 Det [G] MD5: CA7B804518DD3E76B81042E25B17A23B PX5: 39B7B37D00CEFADE247704DFB3C8DE002536B07E
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll InMem: 1 Det [G] MD5: E4FECE18310E23B1D8FEE993E35E7A6F PX5: 9A45456900EE9D7990C909755A3A5C00A6DAF154
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Implementation.dll InMem: 1 Det [G] MD5: 02232CE70996A59A8A74EDEDCE5DDAC4 PX5: CF455CCA00BB90FF80DE00F2B4D6D7000FE86E48
C:\Programmi\ATI Technologies\ATI.ACE\LOG.Foundation.dll InMem: 1 Det [G] MD5: 963158EBB0701EC0E93E09CBB4B75C9E PX5: 3B663EA70045C2A6907600516B3A070027E708A1
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Foundation.dll InMem: 1 Det [G] MD5: C198EBF19B85F182F2515F4C926EF30E PX5: 73BCFC3D00AFA02210BB01D4CC84A500A1F43F39
C:\Programmi\ATI Technologies\ATI.ACE\LOG.Foundation.Service.dll InMem: 1 Det [G] MD5: 3385E2B11DD61D6065CF58035CCA20B8 PX5: 84FC70890028B5A2A06900034D66AB0021B19C8F
C:\Programmi\ATI Technologies\ATI.ACE\LOG.Foundation.Shared.dll InMem: 1 Det [G] MD5: E7BAA541793F289F71AB1E32D7BF9360 PX5: 7EA99FE900D028EA5051002DDDE82A008057B954
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Foundation.XManifestation.dll InMem: 1 Det [G] MD5: 05F5623B1286B86761D0A7040E7AD3A8 PX5: 3929C4A9006A4E0060C100C1168488008F684734
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Component.Runtime.dll InMem: 1 Det [G] MD5: B4B711AF21A7844FF626031EF3E38FAF PX5: A41A5DEF00C88E30509F0123B06A76004E45F7C2
C:\Programmi\ATI Technologies\ATI.ACE\ATICCCom.dll InMem: 1 Det [G] MD5: FC94D575B91692432A1400F569A0F98B PX5: 5931D1D700D0D4E25068002DDDE82A00B396BBAC
C:\Programmi\ATI Technologies\ATI.ACE\AEM.Foundation.dll InMem: 1 Det [G] MD5: 71652EC3797708BC7D86674E4F26EC15 PX5: BD22B3A80057DA95603E0038A6540C00E30E7C0E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Shared.dll InMem: 1 Det [G] MD5: FFDF18891FBEDC0920300FEB2FB3FBBD PX5: F9F86B6300E9C441C05000FDAD26900058F7C141
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 7A6BCFC7E1C0EA19514D4A6EACBA36C2 PX5: D0FFDAC600916FB4900204A7C4995400C9FDC7F3
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Component.Runtime.Shared.dll InMem: 1 Det [G] MD5: 5F0B7C746935E585BB9ABD0DF20DF600 PX5: BCFFE48C00B6199180F100B4E7AB2800FC952A91
C:\Programmi\ATI Technologies\ATI.ACE\DEM.Foundation.dll InMem: 1 Det [G] MD5: 32CE7014A0E11A2D04DF69CA3BA8D6C8 PX5: 99195ECE008AD9DB409F0066A38B1600BE1E9700
C:\Programmi\ATI Technologies\ATI.ACE\DEM.Graphics.I0601.dll InMem: 1 Det [G] MD5: 734D79161E3E0F9DE81582D1249C6989 PX5: 5137EDB2007730EEA0A7006CD20DB5004531CC68
C:\Programmi\ATI Technologies\ATI.ACE\ACE.Graphics.DisplaysManager.Shared.dll InMem: 1 Det [G] MD5: B51D29A14B4EDEB4ED0AD864A3FF9556 PX5: 900AFBDA00BBCC8E60B70057FB14B500C172559A
C:\WINDOWS\system32\ATIDEMGR.dll InMem: 1 Det [G] MD5: B1A5CC969574DAC8FBD49B1164823D5F PX5: B3745AA700EFE7216017047130046D00654216D7
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: B3AD3F5190A1D12A6BF5CBEF4F5C8C39 PX5: 8FBAF0EA002C1605908800B6FCF8090070514FB8
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Shared.dll InMem: 1 Det [G] MD5: D3D9693161A8EEF2102B032D5669EA23 PX5: D0600FA20075763F60D600C19C4986000422454B
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 4E9F72A66641BAB10EE86AECE5384616 PX5: 3EC5C4D400CDD7C3905B0004E2DE5000577664A5
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Shared.dll InMem: 1 Det [G] MD5: 1649E7247D5644CC058ED101C917DC62 PX5: F407A2630045E86E6028008BC08BAE004FB15175
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 1EACE5D1A04200882B4A8BA11259B2A3 PX5: 6D35BE2D00F81FC1804000CCC8BBFA0008669297
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll InMem: 1 Det [G] MD5: CED3DE6514D23ACA10A70111150C3D4E PX5: 7FCDFA040059084A60EA00F5F56306005697641D
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Runtime.dll InMem: 1 Det [G] MD5: AF91DBE7F99339A8979B1C35D1E19496 PX5: 9B57750C00868577D05900CEAAC2390025121A9E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 0F014D9D66E7D1B74591A92373995AAE PX5: BA885EB2006A30C2A09B00274F2D98000E5EEFF3
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: B5FCF44501BE11B819000EB7654B74A9 PX5: 978CB93F00DFD4F1B022003C9960A7006C68E6A4
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll InMem: 1 Det [G] MD5: DC664EF28F755A383B46F2005CC46BBA PX5: 6818220B00B0D87C60D700AE45B56100C0DCB5C7
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 7EC34D9C9EC55B184F83325C1EB111B3 PX5: A35A5EC500D1B444A0AB00FD32B464000C6C6AFB
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Shared.dll InMem: 1 Det [G] MD5: C326B58A26A6E8E564B66762AF14D7A5 PX5: AEF3BC2B00E7092960D500DB3349320007F5DBCE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 9179A07F62B6ABEAF28669768CE2DE77 PX5: 50B8304F0039D96BA0E300C72892800074370FB4
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Shared.dll InMem: 1 Det [G] MD5: 65D39D2F8205F901DC8B1A43735CFD49 PX5: D0AF139E0026C99F80BA003FD2B0B00022C5ECEB
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 1714AC80DB95F809E839A4ECA225E280 PX5: 002D1E6800605783905C008672EDAD00856C4C3A
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Shared.dll InMem: 1 Det [G] MD5: 8F64F1DBF00F1921A5D346BCE4842CBE PX5: B547FC200068103270BE00F9DA219600A79C273F
C:\Programmi\ATI Technologies\ATI.ACE\ACE.Graphics.VideoOverlay.Shared.dll InMem: 1 Det [G] MD5: 535625AE679F3A34FB5C52EA25D409FA PX5: 34D7D21300FE2A7340FB002DDDE82A00CAF5E532
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 5C2C3E5E19FA0D223E5C5529A05F2923 PX5: 84B61AC400012EF5709A0068FE53E10000561EB5
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 55D36852C4F14009EE957AFB2763021D PX5: 7FDEAB4A00C50DF160D000A608F79300A7A88FFA
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Shared.dll InMem: 1 Det [G] MD5: BDF109A414DA6BC415F8B13B88E5A18F PX5: B860E7D50081433C60AB00724AC53A0078881F36
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 18C0F0333602B762986EFFECBC3F9DC0 PX5: 6E95D45F0086640380280093B36397009452954E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll InMem: 1 Det [G] MD5: D9816BEEBDAD867ACCCA33B71266BE4C PX5: 5F28EED200D31D0890B500CA32033B000FE80254
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Shared.dll InMem: 1 Det [G] MD5: 7604C29D87E6623A75A442BA20E8465B PX5: 56A0024E00E5F5E2E05C00C00E0F6F0065B9F97D
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 014F929DB421E20F00EF72B5BDF106B0 PX5: D2C0FEB700EDA04390A200D247D9F600D9759AD1
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Shared.dll InMem: 1 Det [G] MD5: 16D3373FE82561C16B7C119686E66A3B PX5: B3C8EF9400015012E02D00567AA42E0085817B91
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll InMem: 1 Det [G] MD5: F97AFAF98B949A5D5C2F48532414EB11 PX5: 1F6EC447003E1AF2707C0047CD122A0086042D31
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Shared.dll InMem: 1 Det [G] MD5: 0267397F18A15C5952C2797C1DFF6D09 PX5: EDAF2139008D504A70EA004FAFE3E90024CF810E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 108331740AB22382C9F563F48E7E6E31 PX5: 8C7B7BCD00B80D4770BB00020FC6DD00D474F1B7
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll InMem: 1 Det [G] MD5: 2E1E7DAFA74D129551C8A1B6CF445428 PX5: 7D65DC4F00CFDEB87060000535B2E100B5E95ADB
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Runtime.dll InMem: 1 Det [G] MD5: A2D4BFDD0FF18A833A39ACB080033946 PX5: 06F501B300B54F9DD074003A1C1A1C00FB8D72A4
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Shared.dll InMem: 1 Det [G] MD5: 8F3BFD57A5436636264441928CEA0B7C PX5: A642403B00623C1A902C003EB71B7C00AFA5A430
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.CustomFormats.Graphics.Shared.dll InMem: 1 Det [G] MD5: 7DFAF6FB2EF80E3C6760547E1AD4D8C5 PX5: A6833ECC007D792D60C400C02E776A00C5EBEA56
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 143D63AA20B5741A11F0D90C878E27D7 PX5: 3DBE58D100615EA3D03300DA2FD0290069B96766
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Shared.dll InMem: 1 Det [G] MD5: 6FAAD8A1E61B00071BE9D8C192D3085B PX5: 0123155E008017AC90A7001D3E5F21008CCCC724
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: AD0C0D98CCD60B639AE1D0AC91EF2D60 PX5: 2DE3D0FC0029E72CF00E002C6057830038341B4F
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 33C05A3827A8863063763BC60BE1FBEC PX5: B7BD16A400C359DDE0EA00B868E34600A96913E5
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll InMem: 1 Det [G] MD5: EEDD03445836EB7261D329D98B80C396 PX5: 3429ED9C00C10C22A0F100F11B0DF50022727EF2
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Shared.dll InMem: 1 Det [G] MD5: 638C3D76E6EB86A5C4444459241154E6 PX5: AFD7D21700967371A01D0038DEA20D0033FCC048
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 6CDC12F94F64FFE78EA14E99C9244CE8 PX5: FBE109F000045405B082001F4E4EF9009CF77A3C
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Shared.dll InMem: 1 Det [G] MD5: 25BD09EA63673F2DF45FD05CF5A028CF PX5: 6C580350005BF141A0F000F5BDCCA400D91ACE05
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Runtime.dll InMem: 1 Det [G] MD5: C25CCB77B377D7A0B5AAB11ABABA4656 PX5: 7016D17D00AEB8D3305B019023E8E6007C4A7E21
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Shared.dll InMem: 1 Det [G] MD5: 7A0AEF7903C829B2CB15D2859425660D PX5: CB6B720600C3F2B460FB00E03B70DD002A901441
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 84526FB4076FA93DC18249D62193C6F3 PX5: E100FF0900654A01706E0087C34F000032BB5651
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll InMem: 1 Det [G] MD5: E4F3020B0BC9FBC3AB504E4246566D21 PX5: 6B3B552C00DD6DA5C08700802522AE002D2C3F5A
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Shared.dll InMem: 1 Det [G] MD5: 3C33B6903EC9749E20875BF87A2AB46C PX5: B087513D00468902705F0088BAB30B00D55C0AD7
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll InMem: 1 Det [G] MD5: E4868C0243860745E82D1871ABAD1FC4 PX5: ECF6491F006A3EBD807300C39C2C130033716780
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 7E83DA4E75E3CD90EABB3530EC05AC6C PX5: 40CF849300C4DA76502600C0ED71B300BC366D5E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 0A250CD7C03F900B5ACC1ADD6A2AA4A9 PX5: 8ACF05E900F8BDF5802900D3FB9B3200BC0F03D9
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Shared.dll InMem: 1 Det [G] MD5: F53D7142A810C8B4CCECE284F0A4ABF5 PX5: C2D532B8000B0D43708200509127F2000DBAD49C
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll InMem: 1 Det [G] MD5: 6EECB091CE0FDDF36E76A60CABE00382 PX5: D928CD250044DBB550F1002DDDE82A00A779E9A7
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll InMem: 1 Det [G] MD5: 33B9257FBD96E6CA1DDD5921335A9680 PX5: C7FF7D97009AA34E5076002DDDE82A008EDD396C
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Shared.dll InMem: 1 Det [G] MD5: B1E405D0706B464CD3E064FA770FE4C7 PX5: 70D822FB0013E45AE08A00A33E3CF100A21DEF67
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll InMem: 1 Det [G] MD5: 601C6ECF58491E1190E9C2777421A733 PX5: 83D3BE61005C8050C0F400B689F3CC00702B722C
C:\Programmi\ATI Technologies\ATI.ACE\DEM.Graphics.I0600.dll InMem: 1 Det [G] MD5: B679AA0E8454A5076064140F33BE11F6 PX5: 3FFB5A26002F2BC5402600CCEC772C00675FE52A
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Shared.dll InMem: 1 Det [G] MD5: CCE066EA2F7DB17B6DFF7855ADBAF3EC PX5: ACABF5EF00413C8370910073C5C6FC001D8E74F9
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Shared.dll InMem: 1 Det [G] MD5: 209CF6282C9966B2C0519898679614F6 PX5: 365B4767008A7979708A008E3FF72D00140A38C2
C:\Programmi\ATI Technologies\ATI.ACE\DEM.Graphics.I0602.dll InMem: 1 Det [G] MD5: A6FEB6CB256EC4FFEEE749938C99C30F PX5: 11B0B50900188D8840C000E6A7402C001076305C
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty.Graphics.Shared.dll InMem: 1 Det [G] MD5: A87E956BC090F889920C521845A58A05 PX5: 1BA8F0D900DF9681403800E1D9E5760037E7303F
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll InMem: 1 Det [G] MD5: BEEADC2EFDF152B8A519ED501D51721B PX5: D7400A8400DF197B508B00F844C0F600F1D0E621
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Shared.dll InMem: 1 Det [G] MD5: E5255E7FEE8D74DBA67F7A8AED07C56E PX5: 5D4D3B7300FDCB36E0AF006A72C4B000C68760B3
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Shared.dll InMem: 1 Det [G] MD5: A240CCFF967AD3915E05B9D7195C5BCB PX5: B2F292CC005E1076E03A00402720900076CDBC4A
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Shared.dll InMem: 1 Det [G] MD5: 48C66D75C4073322B335F5080575711C PX5: F8B5EE77006883AD50820028E23DEA00D7633C1B
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll InMem: 1 Det [G] MD5: 6596C86F80CBD2CF831383CA7210876D PX5: 56F082BD0061286D60F90026B5965B008CE6E5B8
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll InMem: 1 Det [G] MD5: D95D875405BA657A6C21BE65ABA589D1 PX5: 815BF8C5007AEF8D504D002DDDE82A004155852D
C:\Programmi\ATI Technologies\ATI.ACE\APM.Foundation.dll InMem: 1 Det [G] MD5: C6F64AE6F9F7DE23EE538D5C80A5C362 PX5: DE5BB896009EB0FD60BE00FFFB70D100004CF928
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe InMem: 1 Det [G] MD5: 7462B3864DA32E6B3D1EF0524E663A23 PX5: 7C51028FE863FDC305D50E7E64185F00D8F0229B
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - ZoneAlarm Client ["C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"]
C:\WINDOWS\system32\VSPUBAPI.dll InMem: 1 Det [G] MD5: 766A095B92A153BB2B52517D2FDC1F1F PX5: 910245B4E8113F793531047F369A2E00D069B734
C:\Programmi\Zone Labs\ZoneAlarm\framewrk.dll InMem: 1 Det [G] MD5: 06FC7974A473B218C9CC48CED1832E2E PX5: D3BB4E8EE8BCCB2D75B712B02E36E800D090D933
C:\Programmi\Zone Labs\ZoneAlarm\framewrk_Loc0410.dll InMem: 1 Det [G] MD5: 4EE7F4E425331E516174C4304C318FD7 PX5: D3D16EA690AA7CD37529080372041300D7F5D224
C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd InMem: 1 Det [G] MD5: A0669547EE19CF48EFC0E3C00C416507 PX5: 9214517CF031FE6CF50102D9A394D000C41E7EA3
C:\Programmi\Zone Labs\ZoneAlarm\zlclient_Loc0410.dll InMem: 1 Det [u] MD5: 0D21B4C9FB8B548A2A67397A90C7D427 PX5: 98E9DD1890700D88A52D0AF28733C000B25B2A7F
C:\WINDOWS\system32\vsmonapi.dll InMem: 1 Det [G] MD5: B6BD6267EC7C60705B061C3F23BBD278 PX5: E1099F55E86FB40C958701ED61E6FA002410616C
C:\Programmi\Zone Labs\ZoneAlarm\alert.zap InMem: 1 Det [G] MD5: 2D131CE6B7987487626977FE829A6504 PX5: A7F8DAAEE89E915A65F50345EC77A300CD889798
C:\Programmi\Zone Labs\ZoneAlarm\alert_Loc0410.zap InMem: 1 Det [u] MD5: 5618B04C448F41EDB1E16F7B3989103B PX5: D035E0FE907CE59E1546015762E90C00C749833F
C:\Programmi\Zone Labs\ZoneAlarm\cam.zap InMem: 1 Det [G] MD5: 02CE356A872F448188FED75524E4377D PX5: 64D65291E0A03D2D357701707E0B030086F782BE
C:\Programmi\Zone Labs\ZoneAlarm\cam_Loc0410.zap InMem: 1 Det [u] MD5: 076133A818F453D2CF45FD82C622F67B PX5: 47DA66399070CA9C750F0017832DF000A4B3B788
C:\Programmi\Zone Labs\ZoneAlarm\email.zap InMem: 1 Det [G] MD5: 144F1DAFA14C70CBC9B3581B6D01C59E PX5: 9E1CEE64E839D9DF95F001AED10F7400628E07FE
C:\Programmi\Zone Labs\ZoneAlarm\email_Loc0410.zap InMem: 1 Det [u] MD5: 2A4A9D10B2A1227ABE30FDAA66682FC8 PX5: 021907D390A1FF74956100998983AA0039E31DCE
C:\Programmi\Zone Labs\ZoneAlarm\filter.zap InMem: 1 Det [G] MD5: FE2678C0BAF0BD2525C4E5599C775682 PX5: A8257E5AE8230D45051F011ADFADF2001B0C7E51
C:\Programmi\Zone Labs\ZoneAlarm\filter_Loc0410.zap InMem: 1 Det [G] MD5: 8ABE1C35326DA4795058AC49DDAAF3E5 PX5: FC03442A906F3FD985370037D894BE00AA6A3194
C:\Programmi\Zone Labs\ZoneAlarm\firewall.zap InMem: 1 Det [G] MD5: CCF4C549BCAA2880C4D9B12721418C16 PX5: 3452DB41E87D419C25AF0208021DB100BF28C1D1
C:\Programmi\Zone Labs\ZoneAlarm\firewall_Loc0410.zap InMem: 1 Det [u] MD5: DEA82D89844B8BCF60EFE9DEA38F54F9 PX5: 9F17FC77903DFA44D5A500078F5927009FEF1F1D
C:\Programmi\Zone Labs\ZoneAlarm\idlock.zap InMem: 1 Det [G] MD5: 7BE49D4772FB3691FC3B971729AD1E95 PX5: 2BF3EBF5E89D4B4BF5B303B77E91FC001F749FA4
C:\Programmi\Zone Labs\ZoneAlarm\idlock_Loc0410.zap InMem: 1 Det [u] MD5: A6A03665F56DE29964E18CC7386E5FEF PX5: BC906F8C904A2343453901A43C33B70025D350F6
C:\Programmi\Zone Labs\ZoneAlarm\imsecure.zap InMem: 1 Det [G] MD5: E998CE73BDA826DE3B2FE7C99355E0F0 PX5: B430F144E81458AF95940D0888D890005BEA4B27
C:\Programmi\Zone Labs\ZoneAlarm\imsecure_Loc0410.zap InMem: 1 Det [u] MD5: D7762A2B36C5D915B997CF912B4F346E PX5: 0FF221EF900EF08DC55B00D2306EBE00F99068F7
C:\Programmi\Zone Labs\ZoneAlarm\privacy.zap InMem: 1 Det [G] MD5: 65C906AD7264E632DFBB6867F7AC6984 PX5: 21D17797E830B2843537021C6B885900D3D7EB7A
C:\Programmi\Zone Labs\ZoneAlarm\privacy_Loc0410.zap InMem: 1 Det [u] MD5: 544EBDEEA415C30E4784E1CB04ECAEDE PX5: 154BB334905E256ED5F6003255D671003B9F9092
C:\Programmi\Zone Labs\ZoneAlarm\programs.zap InMem: 1 Det [G] MD5: 2B78A4F9BE2390E6D8B1F775F2FD66FD PX5: 205C4F7CE8CE4ED2B56104CC1BA75F003044E484
C:\Programmi\Zone Labs\ZoneAlarm\programs_Loc0410.zap InMem: 1 Det [G] MD5: 9E5C67C30C6EA598F3C422B456FF0681 PX5: 2D0ACBB0908EAB0B752702045A6D98000A93D867
C:\Programmi\Zone Labs\ZoneAlarm\security.zap InMem: 1 Det [G] MD5: F7A04AEAEB1F2A90665F9A4CD6CE664E PX5: 40E7B347E81D195E151006BDD68E42000988F817
C:\Programmi\Zone Labs\ZoneAlarm\security_Loc0410.zap InMem: 1 Det [u] MD5: 7216BDF5638EA926CA99C983981747B3 PX5: 54037F4D908A34F8358004C5C7E0FE00FAE84706
C:\Programmi\Grisoft\AVG7\avgcc.exe InMem: 1 Det [G] MD5: 76CD8B6DBB4B8A984193AD07ADC1BD3A PX5: B2AE899700F57D38D69508B44FC71F0069D2607D
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - AVG7_CC [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP]
C:\Programmi\Grisoft\AVG7\avgtmgr.dll InMem: 1 Det [G] MD5: 5BD5BD73E02C3D8B2ECBF204E3A67345 PX5: D6DA4E6300CB354548B9066D9731FC002544E9AA
C:\Programmi\Grisoft\AVG7\avgctrl.dll InMem: 1 Det [G] MD5: 129BCCA44DD86F63532D59F4377918DC PX5: 6C1F1FBA002BCCA6D2800DBD0E993100868D3AD9
C:\Programmi\Grisoft\AVG7\mfc71.dll InMem: 1 Det [G] MD5: F35A584E947A5B401FEB0FE01DB4A0D7 PX5: 6CC9C2640078308D309410C7EE8D9E0004FCAA75
C:\WINDOWS\system32\MSVFW32.dll InMem: 1 Det [G] MD5: 35DE518C32E4D878A250301A8F2EEE08 PX5: 4870710600DDCA90DC7001F6C351A000C502322F
C:\Programmi\Grisoft\AVG7\avgabout.dll InMem: 1 Det [G] MD5: CF0A46677A4F9365CD4C7AE5C50C8121 PX5: 1EF5CEB100229AC9A8AB067950056100AC79FF50
C:\Programmi\Grisoft\AVG7\avgtest.dll InMem: 1 Det [G] MD5: C7F153B54C1DF8C8E03828C7EE3A74E4 PX5: EB8A58F50085CD0538CC094F9178D9007B42498B
C:\Programmi\Grisoft\AVG7\avgtres.dll InMem: 1 Det [G] MD5: A8E8CE4A172FD204F745D8C570D23549 PX5: D9465DA7000B3E55BE48031BC2C8C600A3BF6D08
C:\Programmi\Grisoft\AVG7\avgset.dll InMem: 1 Det [G] MD5: 940BE885A17CBD5D6AD82C3FA0BB1BF3 PX5: EF8C449100C5923622A9078868FB0A008E2415C2
C:\Programmi\Grisoft\AVG7\avgresf.dll InMem: 1 Det [G] MD5: 680884C89BDE1FDB907B8AB2F6D15EB5 PX5: 85B4354E00E3DC8380BC0F5A7A39760082FF2236
C:\Programmi\Grisoft\AVG7\avgf.dll InMem: 1 Det [G] MD5: F1A871F63BAE2B0CBA9F8649FF4FB539 PX5: EEF491AE008EA020BC4B0050A4621600816EE6D0
C:\Programmi\Grisoft\AVG7\AVGRES.DLL InMem: 1 Det [G] MD5: 8222ADB1A3068E7CC457D72E57339436 PX5: 23E816BB007D3F24922513DDDD54080019D56CB3
C:\Programmi\Grisoft\AVG7\avgcckrn.dll InMem: 1 Det [G] MD5: E7588025E17A4C60231A96B4021EF3F2 PX5: A0E95FBA00D5DC8EE4A80879C65ABC006B005312
C:\Programmi\Grisoft\AVG7\avgvault.dll InMem: 1 Det [G] MD5: BB59C88CBF24F6D136E12CBB7D1F2B64 PX5: 9730B38800BDBCA9448E01B6BAEF3900B9CAF783
C:\Programmi\Grisoft\AVG7\avgrep.dll InMem: 1 Det [G] MD5: D1F3D118ADF63B29BE4F40871514E341 PX5: 570F223B00266A721067016EC8DFC50070955DEA
C:\Programmi\Grisoft\AVG7\avgemsui.dll InMem: 1 Det [G] MD5: 50DC3099980F7073EB891306DE67AC43 PX5: 178BA3BA00E716695C1906F7CFDE18006A960BEE
C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe InMem: 1 Det [G] MD5: 3BFBB567891B8ED454F5454513ECCFB1 PX5: 5D0EA1105761149AB089062773E5500022D8D7CF
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - Motive SmartBridge [C:\PROGRA~1\Alice ti aiuta\SmartBridge\MotiveSB.exe]
C:\Programmi\Alice ti aiuta\SmartBridge\httpclient52.dll InMem: 1 Det [G] MD5: 10B70BD78A5EB97F30ABBED323513CE9 PX5: A6A20F3C00C4C6B97020023ED1E727000F81DCA2
C:\Programmi\Alice ti aiuta\SmartBridge\clientutil52.dll InMem: 1 Det [G] MD5: 107AC86366D0CE25545F9CE3E5CA3355 PX5: 5B89F65D004912EE50EE04738AA6E3007DE0B69F
C:\Programmi\Alice ti aiuta\SmartBridge\SBRes.dll InMem: 1 Det [G] MD5: A4FAF8F300711CCB8A08EF1037EEF9DB PX5: D4F0F69500D4B91FE045001AA0172C00C80E4EBE
C:\WINDOWS\system32\mshtml.dll InMem: 1 Det [G] PX5: 626B0E2200B3CEB6D05A368B002793003596FA5F
C:\WINDOWS\system32\msls31.dll InMem: 1 Det [G] MD5: 87B27E19DC5B4F8F3FEF061A155977B9 PX5: D440CACF00BE0A1C62E30254EFAD02005496CA69
C:\Programmi\Alice ti aiuta\SmartBridge\alertfilter.dll InMem: 1 Det [G] MD5: 9ECF5DB4BAD28777BA1B1B84424D1501 PX5: 53C3525A00709321501E0334EABD3C007DE218A4
C:\WINDOWS\system32\msimtf.dll InMem: 1 Det [G] MD5: E41D5BBED01EDD653DFBE699C8B77FBF PX5: 84310A0800BF02296E1202C6BE073C009D305F2B
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\syncer\McciTrayApp.exe InMem: 1 Det [G] MD5: 731BE35A5E9BD8AA44B15CD3FA927E9F PX5: 772ED8F8006DED3A4CD70E6DFD8A9900B154250E
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - AliceRE_McciTrayApp [C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\dri]
C:\Program Files\D-Link\DSL-200\dslstat.exe InMem: 1 Det [G] MD5: 103777DC976625BBCE3814D6BBAF7648 PX5: 8663FA5D000D33FA40D705BB942DD5001B91606B
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - DSLSTATEXE [C:\Program Files\D-Link\DSL-200\dslstat.exe icon]
C:\Program Files\D-Link\DSL-200\DbgMode.dll InMem: 1 Det [G] MD5: FF9B3006B09C516F0B7E810F5EEF9B9A PX5: 53E25DF3007A3EEA306D04806D43A00028FF7252
C:\Program Files\D-Link\DSL-200\CplItaln.dll InMem: 1 Det [G] MD5: 7A792DFE0B70AE03084F00BA61322D5B PX5: A5833CF2001C680E3057007617C8140087FC74D4
C:\Program Files\D-Link\DSL-200\dslagent.exe InMem: 1 Det [G] MD5: 78AE0C854B855CBE31E48C974814D146 PX5: C8A5F41800A9C38A006701C7F35CFB00D8BFF55B
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - DSLAGENTEXE [C:\Program Files\D-Link\DSL-200\dslagent.exe]
C:\Programmi\DAEMON Tools\daemon.exe InMem: 1 Det [G] MD5: 4323A5EE3EBC7F5681CD41B69360D2D4 PX5: 08178DDB980CA0036739025B0E8F2400BCED8ED9
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - DAEMON Tools ["C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033]
C:\WINDOWS\system32\ctfmon.exe InMem: 1 Det [G] MD5: 5B33B4265966EE063C7FBEA28958D9C2 PX5: 7BE460C100E5509F3C0D00F14B5A510097B91217
REGRUNKEY - \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
REGRUNKEY - \REGISTRY\User\S-1-5-21-117609710-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\ctfmon.exe]
REGRUNKEY - \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - CTFMON.EXE [C:\WINDOWS\system32\CTFMON.EXE]
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe InMem: 1 Det [G] MD5: 4B8059A551661534AB633D82ECCB62E6 PX5: C77F52770018273FF0B7021B18C5E800DF6E53D5
C:\Programmi\Alice ti aiuta\bin\clientutil52.dll InMem: 1 Det [G] MD5: 883AA671B547A7688DC02AB06735DF19 PX5: 5B89F65D004912EE50EE04738AA6E300A96455E4
C:\Programmi\Alice ti aiuta\bin\AsstCatalog.dll InMem: 1 Det [G] MD5: 80C7295CB23D33FE27F92ADC6C337D65 PX5: 312A8D3500CBCF48A081017A50E93500EB5AD34B
C:\Programmi\Alice ti aiuta\bin\resource.dll InMem: 1 Det [G] MD5: 15316D1D5F0B45FEF16B5F2ECE1CE3AA PX5: 55C54A6D00EC3159A0C201A96B47C4008580E6F6
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Component.Systemtray.dll InMem: 1 Det [G] MD5: 8B096963C4970DE85E85F92FA3556654 PX5: F9BD56B600C6EFEF803006A6692FA000BFF3607E
C:\Programmi\ATI Technologies\ATI.ACE\it\CLI.Component.Systemtray.resources.dll InMem: 1 Det [G] MD5: 325CEA912DD798889D2140DA6C0A6505 PX5: 5A086CB50018DC89F0E9002FB63F8D0080740B45
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll InMem: 1 Det [G] MD5: 100136F3C317B3FBFFD33B9409AED1C3 PX5: EEECA2A200AE193420E61AFE5130B8009DDBAA0F
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Component.Dashboard.dll InMem: 1 Det [G] MD5: 9703B5CCE9353B39B4303EB83139104E PX5: F469E95700DAD21620D1123B03F18400FFEEFCB9
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Foundation.Clients.dll InMem: 1 Det [G] MD5: 64B6786CE471A956ED85560A70089F46 PX5: BA69947B00C43846A0CB005A296074009ABABAB9
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Component.Dashboard.Shared.dll InMem: 1 Det [G] MD5: A521968F2B77DC1474641BCEE884D40E PX5: D44D7BB80097A39460780059F4D1800079193884
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Caste.Local.Dashboard.dll InMem: 1 Det [G] MD5: C60B72D267A0AF7D60AF6491934FD360 PX5: C1E49709008226BD40F8007B918A3300EA23CAE3
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: B65F7567938D774481F7DA575608A77D PX5: 7932D7F20084335EF0ED00C9CEED2200246115E0
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Dashboard.Shared.dll InMem: 1 Det [G] MD5: 913ECA453286598EA9EB1B55695F8BF1 PX5: 0DF70B6000BBCAA8401900833CB34F0085CA5858
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Welcome.Local.Dashboard.dll InMem: 1 Det [G] MD5: 14494096491AFC3310B4064CAC6927CD PX5: 6951A30E00F5A0CBA085017CEEC4F100B89786B8
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 2C3C7B0FED67C22DADB1F824A5375391 PX5: C91B35FC007EB4B75016059B7A7551003F032E63
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 3310A5BED5423EA3808B2CE137A531BB PX5: CA22AE2E00A0B886B0600A6221BA910049AF43B3
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 122E82D1905A3ED7B7F9F00EFE401CAE PX5: FFD6A43300FE87B4906004B19BA19E00ED9D544B
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 8177A8A5E5D68DA768ABF9BD0E536522 PX5: 4925FB1A003AF335D0A902B099DFD000273DADF3
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: F8359ED5B0F81E738AB59AE6C4C5AC1A PX5: 5FD3612A002D642DA09E08635A6F5F004DA9F196
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 9E6E53D6B3DEA6871D641431AFE02CB0 PX5: 433A85F3008F0EA2C0FA089DEF86FC008BB27A67
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: C7FA870E8263D469CE14A0C890DF37DE PX5: B96D4B67008EC657B09C06D7966EF400DCE8967B
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: EEB94E5089FEA9BEE3707E938B8DAB68 PX5: 50105A45002BEE94C06506960488F10007BC1212
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 3EC50AED55D5F699E0AE9F8A0165CD14 PX5: 10013E8D00D9B0AC30CC0C001DBF62001E473343
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: E64E9ABA969704C6893812304038F6A1 PX5: E2D1837600128025C08E0A7FA51D6500160D4644
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 58364B8B130E95E561B5662880CFC82F PX5: 52F88C3E0071A86020B5134C32DB0800E7F1E688
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 6AAEBEF11E62EF111A08E558D5787B13 PX5: 754E9365008F5194F040121D06988600B4FB93FA
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 6BD1BE7FEF335E311EC8537C78C60111 PX5: A86CE7B600C599949048063584AF8200B71F0A6B
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 244D1B2E274BAF0529EB48667672B2EB PX5: 5A1BBAF900DD5114804C07A42629A2005D96E33D
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: AD372B549BA3163466607463DEB31E7E PX5: D987E734005222B4C0040EFB79B1970048D367C9
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 63B9A7CD5B00988EAC47FF862F46DBE9 PX5: A13323DB00265368D0C206DA2B5838003201488F
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 21091E64FCFDCA83020D15C9215D8806 PX5: FAA75DBC00BF8585609F0C57BA06E300FE95E5DE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 910CD502794A4EFB4A3FE8498259A382 PX5: D7CB2C29005271BC40A10DE94614D10042802B9E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 5BF693C39B6319E1BAA01945F61255AA PX5: 2EB9C534004C8175E01B1178D8DD0D002AE8B88E
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 03873187B07EC722E061B8DA7B04DDDF PX5: DFE4C268004CCAC580C92A7BF57A31008B25A17F
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 0EC45F3F0696A6C3D56320F591999C8D PX5: 78F517F600FA88E2302A04F7AF7EFC0003EFED42
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 70A60434FBA2FBC30632A178BEE5C5A0 PX5: 8355662A00821C2F707705D82AA47A00804268CE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 61F15E095662E8D097A0FAC32A57BED3 PX5: 61FC377F00CC844F307F02FCB2B8B70096CA51AC
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 343BD116C5135FEF50CA258336660878 PX5: 87703D61002BB820103702E01A7EF000152D8A74
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 8E1D65605002E8AF53ADAFBF2F652028 PX5: 72977D4800DE309BA0DD0DA660C55400EB2621EE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 1018B1E9F52B5F1870078543829AFA33 PX5: 404F7974008A009BB08D0A0797731000C3D3C6CE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll InMem: 1 Det [GP] MD5: B13AA4C7430AB750BBBB65E0E61611A2 PX5: 207E11AD00BDDB78B0FE04EA7AE65200A8F16E03
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: 76840D3F986BD1549F6B1C51F9DDF1B8 PX5: DA705613006C0E02A04107BCED0896002DD7D866
C:\Programmi\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll InMem: 1 Det [G] MD5: A4DEB622A2B72DEE2527595077819B36 PX5: 8A6B781400E499B1A0D4077ACEFC6900E036E235
C:\Programmi\Windows Live\Messenger\msnmsgr.exe InMem: 1 Det [G] PX5: 9F7BD34318B93D125835572E81D4C6007F71C9FD
C:\Programmi\Windows Live\Messenger\MSIMG32.dll InMem: 1 Det [G] MD5: 5F7A347E9D601E767EC69097C1EECDB2 PX5: 8FB13EB950F97D92E9D6004EE531ED00AEB5BB3B
C:\Programmi\Windows Live\Messenger\MSNCore.dll InMem: 1 Det [G] MD5: D1A1A6ADFA88B10C13B72D8AAF00C336 PX5: BCFC33DC18F989AC7CD20F79AE7D8D00207CF646
C:\WINDOWS\system32\OLEACC.dll InMem: 1 Det [G] MD5: 15A45DCA16F54AC02443B4E5CC5B1088 PX5: 81D38A4800E8D21B7EF202F4F2585B00DE902D48
C:\Programmi\Windows Live\Messenger\msidcrl40.dll InMem: 1 Det [G] MD5: EF66829B99BBFC465B05DC7411B0DCFA PX5: 0ECDAEE050AF36AA5DE00C7444C5B0003F134AC1
C:\Programmi\Windows Live\Messenger\ContactsUX.dll InMem: 1 Det [G] MD5: 8EA60B30723D070D75EB45B8263A8ED5 PX5: 1D4C8662186207412EE205319C8DA600BFFB188D
C:\WINDOWS\system32\CRYPTNET.dll InMem: 1 Det [G] MD5: F8DD2E38ECC275AE94EDC7C0492416EF PX5: 7068F9AD00A507EDF8EF0072A0BBE3005197631B
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet - DllName [cryptnet.dll]
C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll InMem: 1 Det [G] PX5: E61D32F6508A0301399F32B487737A00E078CD5D
C:\Programmi\Messenger Plus! Live\Detoured.dll InMem: 1 Det [G] MD5: 6256684495C499B22DCDBA266E4F2494 PX5: F65954AE00470335105B003B3C2E0700B79BCD14
C:\Programmi\Windows Live\Messenger\msgslang.8.5.1302.1018.dll InMem: 1 Det [GP] MD5: 20DDB993DF742BA5422A40BC5D62AE9E PX5: E4555CB218B711801ED31C63FB4CEB00387E3776
C:\Programmi\Windows Live\Messenger\msgsres.dll InMem: 1 Det [GP] MD5: C443C9DCCD0C6144B6A534971E349E1E PX5: 3EDBF16F18988E19041F2660FE30FC0001503FE5
C:\WINDOWS\system32\Riched20.dll InMem: 1 Det [G] MD5: 97ACC2236EE8B32A237241B8A4CE6644 PX5: 1FB1E2430062B8B09C6E067F0FC9B300005A3398
C:\WINDOWS\system32\Msftedit.dll InMem: 1 Det [G] MD5: A0AF66505F74A0BD26EBA73FE95DC734 PX5: 2E215EEB003B4ED33AFD082E3D0D4700E2A6273B
C:\Programmi\Messenger Plus! Live\MsgPlusLiveRes.dll InMem: 1 Det [G] MD5: 364A6C6EF147168AB20E7354DAD01041 PX5: F0C0109F501A0103B3C21B1B65B04C00C3D4563C
C:\WINDOWS\system32\inetcomm.dll InMem: 1 Det [G] MD5: 97AC76C6279ECF7A8069C29594FF1FDD PX5: C91A5B8A009030716E6D0AECFFCAB500B624B0F8
C:\WINDOWS\system32\MSOERT2.dll InMem: 1 Det [G] MD5: CC1156C6C8D3D05460E83054207C4B3D PX5: 61C8D0CC002EB4989EDF01861BAC8800B0749E11
C:\WINDOWS\system32\inetres.dll InMem: 1 Det [G] MD5: 73E230AD83B0D29CEA963A3AB8D7B040 PX5: 01240F3500388EF8C82C000530AB80006440F2E7
C:\Programmi\Windows Live\Messenger\lcapi.dll InMem: 1 Det [G] MD5: ED66972F5DEFF926F34D542D40C03545 PX5: 93ED0E5E08FE1ECA9D471902BAFC7D00E145E124
C:\WINDOWS\system32\DSOUND.dll InMem: 1 Det [G] MD5: E99A5DF2A937580361D6C698E4620DBA PX5: E5087FD800F9DAEF9CF20543474A2400CFECBDBE
C:\WINDOWS\system32\msdmo.dll InMem: 1 Det [G] MD5: 99A0107BACB5242F42060A06E3D796DE PX5: E066A32000D3A76538FB009324A8C000E1C6DEBF
C:\Programmi\Windows Live\Messenger\lcres.dll InMem: 1 Det [GP] MD5: 05CCE24491FD03C5D25EEF65451E689B PX5: 43E320821871BDC3F1A90571358C560035F5AC95
C:\Programmi\Windows Live\Messenger\RTMPLTFM.dll InMem: 1 Det [G] PX5: C33CBE9110837464C38F3A6C968C48009727C43D
C:\WINDOWS\system32\devenum.dll InMem: 1 Det [G] MD5: C388DAF6A91BE8E8615DD067BC0F3928 PX5: 3F29E6CB00309A3EEA63004DF7AE9F0064C7387B
C:\WINDOWS\system32\quartz.dll InMem: 1 Det [G] MD5: 31F8C0579B3DA42660CC3CE86E750425 PX5: 8BFB13FE00484DF3BADB13CB62CDCE00CE2E372E
C:\WINDOWS\system32\DDRAW.dll InMem: 1 Det [G] MD5: 613E66ACE3FAE6523E6F1A0183AF7F2D PX5: 4E606A3E004BFD1E107104ECA94E4700B2873B8F
C:\WINDOWS\system32\DCIMAN32.dll InMem: 1 Det [G] MD5: B4135161FBDF6BF676BBFA8EB79CADE8 PX5: 256E9CF3007B0060223C00722D6B1100E50006BD
C:\WINDOWS\system32\D3DIM700.DLL InMem: 1 Det [G] MD5: 72950E68EF37326B57BE25F0F6BB4B62 PX5: 79FBA49800AC119098850C1D3F038D00BC563F74
C:\WINDOWS\system32\dpnhupnp.dll InMem: 1 Det [G] MD5: C130EAFB99C408775BA903FD9584754C PX5: D492D17100C41715EE95002FAC684100B3D61EB6
C:\Programmi\Windows Live\Messenger\MSGSWCAM.dll InMem: 1 Det [G] MD5: 0DBC5B80E64C3A5CC9313301D3D1A755 PX5: 2164750D185D613B38430AB7FBD91F0066E5DD55
C:\WINDOWS\system32\sirenacm.dll InMem: 1 Det [G] MD5: 69D044C73A1BA2485A017DBBB037C1A0 PX5: D01DBF2E18E92E5EC8BB00E30F80AB0018A4C148
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.siren [sirenacm.dll]
C:\WINDOWS\system32\ksproxy.ax InMem: 1 Det [G] MD5: 88F8C4283F5BD70779A4E0AAB2354407 PX5: 147F5932007B7997FC7901F75383A8002F61D38B
C:\WINDOWS\system32\ksuser.dll InMem: 1 Det [G] MD5: FBBB356A996903FFB831BF72FD2A3E85 PX5: AAD6D56F00EC2271104D0037883D3E00B79BCD14
C:\WINDOWS\system32\kswdmcap.ax InMem: 1 Det [G] MD5: 20249FAB6E667647072DAAE3FED3D459 PX5: B3C771E000CFF110644001770C26F30015B04AC1
C:\WINDOWS\system32\dsnpstd.ax InMem: 1 Det [G] MD5: 684B741E505D0E163AC269512D676975 PX5: 7DAFA03900A25CBD90510055641D270004A7CE30
C:\WINDOWS\system32\jscript.dll InMem: 1 Det [G] MD5: C564A59C29B2386465B681CDDB086DC1 PX5: FA885F76001EB64C801707547A61D800FC7A7C56
C:\Programmi\Messenger Plus! Live\MPScripts.dll InMem: 1 Det [G] MD5: E572B5FFE2AFA861782095E5527B5238 PX5: CA63DE69505A5B93219600571F699B0074A583FA
C:\WINDOWS\system32\wshom.ocx InMem: 1 Det [G] MD5: AB23681C2FA65C460B1E5D5DB034FDD0 PX5: 289C6292008DD2F5801401D970D3C90063D8F429
C:\WINDOWS\system32\ScrRun.dll InMem: 1 Det [G] MD5: A73BEC00E9C23DCD34CA8C2055E950E7 PX5: 24042F06004B2A23501402F788B2F4004B88ED27
C:\WINDOWS\system32\wshIT.DLL InMem: 1 Det [G] MD5: FC9301F9DEA229455A4BEBCECF8B2F3D PX5: 6A4664120032A89AE05D00CC61C8CA006C176B1E
C:\Programmi\Windows Live\Messenger\lmcdata.dll InMem: 1 Det [G] MD5: 5543002FF0D135CDE721C6DEE20D145E PX5: 0ECCD8BF1899DD596057072C2C7B7E00358CA35A
C:\Programmi\Windows Live\Messenger\contact.dll InMem: 1 Det [G] MD5: 8B764F045C3840F42387EF779494B6D4 PX5: 93A3130E18771212E4D10275200C040056E5D83A
C:\Programmi\Windows Live\Messenger\dfsr.dll InMem: 1 Det [G] MD5: 6C213E61D64B87A3B70019A395449065 PX5: D12BB5FD18684B627C3F1A6811F0DF00B1EA8D93
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll InMem: 1 Det [G] MD5: 4C8A880EABC0B4D462CC4B2472116EA1 PX5: 1CD79A6B00ACCCBD60660869F17C0900CE4B6B7D
C:\Programmi\Windows Live\Messenger\abssm.dll InMem: 1 Det [G] MD5: CAA04D56A2EF364FA0323908567B7A70 PX5: BC97EA0318A01EB67C7F0630398BD500BC2E2DD4
C:\Programmi\Windows Live\Messenger\usnsvcps.dll InMem: 1 Det [G] MD5: 30812F36A8E0205CF4699652AAC9EC95 PX5: 4CBDE8291836B5FED853003B3C2E0700C2F01FC8
C:\WINDOWS\system32\USP10.dll InMem: 1 Det [G] MD5: D80FEA125DC5860E4BC786AE07DE6DB8 PX5: 6CE757A3000138D5346106B2255A2400746F4EDC
C:\Programmi\Windows Live\Messenger\custsat.dll InMem: 1 Det [G] MD5: DD2CFBC82A67F1B6946FAD915B37F56E PX5: A1B21AF7786A38449FB2008F45A7D0000EEE7EBB
C:\Programmi\Messenger Plus! Live\libsndfile.dll InMem: 1 Det [G] MD5: 00742B11F1492D15A0A8FF25E36AB9BE PX5: DBDF650D008D23BFA8F40534815E6B0082C80022
C:\Programmi\Messenger Plus! Live\lame_enc.dll InMem: 1 Det [G] MD5: 75430D2F8B2E204814247D62D9445CE4 PX5: F6C295ED00242577F6D905963D3BCF00E243259C
C:\WINDOWS\system32\vbscript.dll InMem: 1 Det [G] MD5: ED0297985167A42761B01B1A3025424F PX5: 701EA9640073B40750A306157C06F000C097F3A3
C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx InMem: 1 Det [G] MD5: D3C50535C26190FEAD7785A03499C0AC PX5: AA50605E8053E5C995BF2DADCB08AB00B373231F
C:\WINDOWS\system32\ddrawex.dll InMem: 1 Det [G] MD5: 3102494F18E3F531461E915E988BDF2E PX5: 21C24AAB00CCE7946A9500C9FC9A0600C816EBD1
C:\WINDOWS\system32\wmvcore.dll InMem: 1 Det [G] MD5: 711CE861C22E64AB180BA9887EF8DDA9 PX5: 21E5EED200E4BAA9664525EF6856730017F9BD30
C:\WINDOWS\system32\WMASF.DLL InMem: 1 Det [G] MD5: 7365B5CA9747C84178D42CCA72486277 PX5: 3D36799C0034542F6690031EC75D2100FDEBB35E
C:\WINDOWS\system32\wmadmod.dll InMem: 1 Det [G] MD5: 8255FCEEF3566C44E6F2BCFE15EB198F PX5: BB8D717C00E4F5868E730B495132020057624EA5
C:\WINDOWS\system32\mfplat.dll InMem: 1 Det [G] MD5: 55C30168142479C602BD456AC4E230B0 PX5: 3C7773B20007744A4087030B2B3FCB00031D5056
C:\Programmi\Windows Live\Messenger\usnsvc.exe InMem: 1 Det [GP] MD5: 9D19B042A4FD5C02195071EA2FE0C821 PX5: 7170895518C60F1580F401FC8E681B0060998565
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usnjsvc - ImagePath [C:\Programmi\Windows Live\Messenger\usnsvc.exe]
C:\Programmi\Mozilla Firefox\firefox.exe InMem: 1 Det [G] PX5: 311CE5D17037FA84CEE2748FBC826D00A5720D40
C:\Programmi\Mozilla Firefox\js3250.dll InMem: 1 Det [G] MD5: 80233E7A57AC5827BDA37FF6ACDC8130 PX5: E477DEDE68CCAD24F8B70643C207780051137F32
C:\Programmi\Mozilla Firefox\nspr4.dll InMem: 1 Det [G] MD5: CBA8C40CADEF783DEF6207FD69B3AF40 PX5: 5263A09E70E6B3FA76F402F4E50AA8006CCDC829
C:\Programmi\Mozilla Firefox\xpcom_core.dll InMem: 1 Det [G] MD5: 95659CFD8339E4D5CB03CFF8D632EA62 PX5: 56A0AA4970779FF870220668872C2300B290F122
C:\Programmi\Mozilla Firefox\plc4.dll InMem: 1 Det [G] MD5: C78B192903059AC9A9FB2A8313786784 PX5: 805ED1397829B78F86F6002DDDE82A00174BE8B2
C:\Programmi\Mozilla Firefox\plds4.dll InMem: 1 Det [G] MD5: 067EC7AFE87471B1B2DBAFF90C21FC54 PX5: D89FD48170A74E7D768A00A323AA3300F65336CC
C:\Programmi\Mozilla Firefox\smime3.dll InMem: 1 Det [G] MD5: 90A5566097210101AA9032BCFF5D8C7F PX5: 89F2D56768AD0AA4B61B014C7B609900FEDA7786
C:\Programmi\Mozilla Firefox\nss3.dll InMem: 1 Det [G] MD5: D539B83F693A32D015EA1E91B0317E7D PX5: AA1EDE4568A6A7CAC6F105427FB01100C67CC43B
C:\Programmi\Mozilla Firefox\softokn3.dll InMem: 1 Det [G] MD5: 3EDD37B198E0D5A6477BF07E6E605AF7 PX5: 8542B9B86C54271FE0A2030F4DD1D900471EA04F
C:\Programmi\Mozilla Firefox\ssl3.dll InMem: 1 Det [G] MD5: D3FBE3B8C8A0BA53D0BEC148B3B656C8 PX5: CD745CC168357AF9062E021B815ED00013892A17
C:\Programmi\Mozilla Firefox\xpcom_compat.dll InMem: 1 Det [G] MD5: 4288CBED681F925A8B1D315792895370 PX5: 5CA5D7C57880F7BB20DF01B3C46778007A5E04E4
C:\Programmi\Mozilla Firefox\components\myspell.dll InMem: 1 Det [G] MD5: 41523945948464D0F4336E3DB658DBA9 PX5: 17BCE6718838929888B7000AF9F43C00384324B6
C:\Programmi\Mozilla Firefox\components\jar50.dll InMem: 1 Det [G] MD5: 6B1CAB00A011A04A5C45A3F2D5C2EE55 PX5: DE12F24070F77D0B0878018368F55C00690709BF
C:\Programmi\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll InMem: 1 Det [G] MD5: BAF059DA538F4D33361B03C03A1D10F2 PX5: C5773AB178A9E80E382B0069B9484F0036473828
C:\Programmi\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL InMem: 1 Det [G] MD5: D6B79CDDC99BA69B30A547DC87253E8D PX5: FFC387D180252DA263B0026E692A2900E4E45ADD
C:\Programmi\Mozilla Firefox\freebl3.dll InMem: 1 Det [G] MD5: 2EE9A139FD7803DCEE9641AA69A68F96 PX5: 656849DF7D6F8DBF10880339B81361000E6226A7
C:\Programmi\Mozilla Firefox\nssckbi.dll InMem: 1 Det [G] MD5: 781453272D9830726B25A51147252E0F PX5: 48E2FA29701572B72617045B50510700A4AD3F9C
C:\Programmi\Mozilla Firefox\components\spellchk.dll InMem: 1 Det [G] MD5: AB05AA6145CFF82557E412007E16D6B8 PX5: E1CB440280C540A3B6F600BB5161FA00EB5D4CE0
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll InMem: 1 Det [G] MD5: 40D0B608BBF9A19F681CCF976D4CA5B9 PX5: BA60131F8085157205FF2C6ED88F6E00BF24496C
C:\Programmi\a-squared Free\a2service.exe InMem: 1 Det [GP] MD5: D8ADF0518C336ABC6FA49412DC9DE141 PX5: 6FABDEC178A154A7987B0561167144007EACC66A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a2free - ImagePath [C:\Programmi\a-squared Free\a2service.exe]
C:\Programmi\a-squared Free\a2free.exe InMem: 1 Det [GP] MD5: 823BCA2213A36236141DDF823A9E3FB1 PX5: 2F8230E17874CBCBECA10CD66D344200C8565DB3
C:\WINDOWS\system32\RICHED32.DLL InMem: 1 Det [G] MD5: 0134D2722EC5C822A17BF66963B37231 PX5: DC22E964004006F30EC300044BCB3C00B79BCD14
C:\WINDOWS\system32\DRIVERS\ACPI.sys InMem: 0 Det [G] MD5: AD825CB3397C837D1FB91D566D78DE04 PX5: 6EB7D724001F4D96E0A8029EF0BB700070C5BA93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI - ImagePath [C:\WINDOWS\system32\DRIVERS\ACPI.sys]
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe InMem: 0 Det [G] MD5: 6DCBE41762CFF1A00AAAB4F5C07B5F28 PX5: B40B5B27001158621CAC01740744FC008277A805
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Adobe LM Service - ImagePath [C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc]
C:\WINDOWS\system32\drivers\aec.sys InMem: 0 Det [G] MD5: 1EE7B434BA961EF845DE136224C30FEC PX5: E884BE24808C5EEB2C92028B464629005484ED65
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec - ImagePath [C:\WINDOWS\system32\drivers\aec.sys]
C:\WINDOWS\System32\drivers\afd.sys InMem: 0 Det [G] MD5: 5AC495F4CB807B2B98AD2AD591E6D92E PX5: EE224F5C0089E9241DEF0273688B740025971F4C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD - ImagePath [C:\WINDOWS\System32\drivers\afd.sys]
C:\WINDOWS\system32\DRIVERS\agp440.sys InMem: 0 Det [G] MD5: 2C428FA0C3E3A01ED93C9B2A27D8D4BB PX5: 92796BB0806349F8A56F00F55D76CD00994ACF2C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\agp440 - ImagePath [C:\WINDOWS\system32\DRIVERS\agp440.sys]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe InMem: 0 Det [G] MD5: E1633440859F9A1B3CEAF73BA85225CA PX5: B459BB6960A3FB1D836F009875179A005CB18458
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aspnet_state - ImagePath [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe]
C:\WINDOWS\system32\DRIVERS\asyncmac.sys InMem: 0 Det [G] MD5: 02000ABF34AF4C218C35D257024807D6 PX5: 8BD45D2B002F3B40389D007E91CC59004B62F8E9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac - ImagePath [C:\WINDOWS\system32\DRIVERS\asyncmac.sys]
C:\WINDOWS\system32\DRIVERS\atapi.sys InMem: 0 Det [G] MD5: CDFE4411A69C224BD1D11B2DA92DAC51 PX5: 9D6081B280209DE174C2011395153C00E47C5A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi - ImagePath [C:\WINDOWS\system32\DRIVERS\atapi.sys]
C:\WINDOWS\system32\ati2sgag.exe InMem: 0 Det [G] MD5: 312A17DFF710A0F4E6D4DD1D52EAD1A8 PX5: 62F413EC0088D610F0F3071F6D12ED00FD797B00
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ATI Smart - ImagePath [C:\WINDOWS\system32\ati2sgag.exe]
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys InMem: 0 Det [G] MD5: 492BD2A5F65F218D4EDE5764A3BB67E9 PX5: 8C24631000D4CF4C82BE176BE3ED7C008A51BBD8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ati2mtag - ImagePath [C:\WINDOWS\system32\DRIVERS\ati2mtag.sys]
C:\WINDOWS\system32\DRIVERS\atmarpc.sys InMem: 0 Det [G] MD5: EC88DA854AB7D7752EC8BE11A741BB7F PX5: C41A09F600246E0AEA81009B2DE4BF0073057136
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc - ImagePath [C:\WINDOWS\system32\DRIVERS\atmarpc.sys]
C:\WINDOWS\system32\DRIVERS\audstub.sys InMem: 0 Det [G] MD5: D9F724AA26C010A217C97606B160ED68 PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub - ImagePath [C:\WINDOWS\system32\DRIVERS\audstub.sys]
C:\WINDOWS\System32\Drivers\avg7core.sys InMem: 0 Det [G] MD5: 400E920D2E3F42BF6F1F75DD1B069CE3 PX5: 67739A3E605266738A910CA383908000FB63460D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7Core - ImagePath [C:\WINDOWS\System32\Drivers\avg7core.sys]
C:\WINDOWS\System32\Drivers\avg7rsw.sys InMem: 0 Det [G] MD5: 8A7E25876955E06142EF65B52C906CF1 PX5: D3752A4F8005D64C100000F6EA3191000922D830
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7RsW - ImagePath [C:\WINDOWS\System32\Drivers\avg7rsw.sys]
C:\WINDOWS\System32\Drivers\avg7rsxp.sys InMem: 0 Det [G] MD5: 04D823D681F0D53191A172C3E667FC33 PX5: 587F629080BFBF736CAB001984B437005EE48C55
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7RsXP - ImagePath [C:\WINDOWS\System32\Drivers\avg7rsxp.sys]
C:\WINDOWS\System32\Drivers\avgclean.sys InMem: 0 Det [G] MD5: 603DC17A48C65C637623A9BB5A5E6008 PX5: 87B050E3083D57B52A2F00D1C9CA3A00EF6956A7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AvgClean - ImagePath [C:\WINDOWS\System32\Drivers\avgclean.sys]
C:\WINDOWS\System32\Drivers\avgtdi.sys InMem: 0 Det [G] MD5: 8FA5CDFA0D72BEFFF5E9A36DF50E13EC PX5: 272B2EC760A8F718135000A25D4E000069297BEB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AvgTdi - ImagePath [C:\WINDOWS\System32\Drivers\avgtdi.sys]
C:\WINDOWS\system32\DRIVERS\blueletaudio.sys InMem: 0 Det [G] MD5: 31FF5B87C1DD907613CC613224B8E303 PX5: FD45647B8039FE284E2E006DA1D34E00F9C6E9A5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BlueletAudio - ImagePath [C:\WINDOWS\system32\DRIVERS\blueletaudio.sys]
C:\WINDOWS\system32\DRIVERS\btnetdrv.sys InMem: 0 Det [G] MD5: 9DA8ABC4885AFF4793D4AA420E40BB12 PX5: 851D462F348433272AAF00084767F70061307D2C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BT - ImagePath [C:\WINDOWS\system32\DRIVERS\btnetdrv.sys]
C:\WINDOWS\System32\Drivers\btcusb.sys InMem: 0 Det [G] MD5: BDF2C32C14EF7AB75DDCC3394D6F80D4 PX5: B6B4755BD8EC305257FD00A5BDB36900AB0FCDDA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Btcsrusb - ImagePath [C:\WINDOWS\System32\Drivers\btcusb.sys]
C:\WINDOWS\system32\DRIVERS\vbtenum.sys InMem: 0 Det [G] MD5: 083AD7F6FF500D0A93C0BEA2CF298C93 PX5: BA0B6D0E54248ACF2D3200F67CE7260048A8C7EC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTHidEnum - ImagePath [C:\WINDOWS\system32\DRIVERS\vbtenum.sys]
C:\WINDOWS\System32\Drivers\BTHidMgr.sys InMem: 0 Det [G] MD5: F408264F6AD1DC7E7BDD4837440F115D PX5: E87272632F2BE07F6E5E004DCAE42C0058C87B85
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTHidMgr - ImagePath [C:\WINDOWS\System32\Drivers\BTHidMgr.sys]
C:\WINDOWS\system32\drivers\BTNetFilter.sys InMem: 0 Det [G] MD5: 6B05FDC0CFC3753B520D2D4176CC32D0 PX5: E7986B5BF892A0CE335C005E7F6422000BA82DDF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BTNetFilter - ImagePath [C:\WINDOWS\system32\drivers\BTNetFilter.sys]
C:\WINDOWS\system32\DRIVERS\CCDECODE.sys InMem: 0 Det [G] MD5: 6163ED60B684BAB19D3352AB22FC48B2 PX5: 4E4CADF380552430426F00BC05FF9D0038FB5853
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CCDECODE - ImagePath [C:\WINDOWS\system32\DRIVERS\CCDECODE.sys]
C:\WINDOWS\system32\DRIVERS\cdrom.sys InMem: 0 Det [G] MD5: AF9C19B3100FE010496B1A27181FBF72 PX5: B3CE44DD80DABE80C1400031E25C450069663A5F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom - ImagePath [C:\WINDOWS\system32\DRIVERS\cdrom.sys]
C:\WINDOWS\system32\cisvc.exe InMem: 0 Det [G] MD5: C4E84243292E37CA3B6FAF4A1855B8A7 PX5: B03833B20005A59D1629005665669D00201F0525
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CiSvc - ImagePath [C:\WINDOWS\system32\cisvc.exe]
C:\WINDOWS\system32\clipsrv.exe InMem: 0 Det [G] MD5: 0A215E4BAC9A1A9381D88C67517C850B PX5: 50E35C41004F616D823700EBB15ECF008A4FA87F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv - ImagePath [C:\WINDOWS\system32\clipsrv.exe]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe InMem: 0 Det [G] MD5: 3D560AF01BDC50B4A1E1BFB5CDC06D63 PX5: 639D7FDD58E813780DE701C08A718E00AD3C3A7E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32 - ImagePath [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
C:\WINDOWS\system32\drivers\cmuda.sys InMem: 0 Det [G] MD5: 53F4CC55F3C255439C5973E31F0ADCE7 PX5: 88825C14C0DA57F3F3C1149D0F8573008EF37BA1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\cmuda - ImagePath [C:\WINDOWS\system32\drivers\cmuda.sys]
C:\WINDOWS\system32\dllhost.exe InMem: 0 Det [G] MD5: F4B3C65E2A3406F32D220019DEB522F8 PX5: 6EA1D06F0041EB21141900B4A32FF2002F6B8881
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp - ImagePath [C:\WINDOWS\system32\dllhost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv - ImagePath [C:\WINDOWS\system32\dllhost.exe]
C:\WINDOWS\system32\Drivers\CO_Mon.sys InMem: 0 Det [G] MD5: 6BE1D6403727BDD8A2B2568DBE6BFB8B PX5: 8A825775003A9CCC70FF008098771600AC36AA1C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CO_Mon - ImagePath [C:\WINDOWS\system32\Drivers\CO_Mon.sys]
C:\WINDOWS\system32\DRIVERS\disk.sys InMem: 0 Det [G] MD5: 00CA44E4534865F8A3B64F7C0984BFF0 PX5: 61E4E34300C80A908E6D00C10934AF006F571071
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk - ImagePath [C:\WINDOWS\system32\DRIVERS\disk.sys]
C:\WINDOWS\System32\dmadmin.exe InMem: 0 Det [G] MD5: 6C9AAA1AA9BF1699D23DEC4D4113226F PX5: CB8A3D6900018319702703238C5916001DF268F6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin - ImagePath [C:\WINDOWS\System32\dmadmin.exe]
C:\WINDOWS\System32\drivers\dmboot.sys InMem: 0 Det [G] MD5: 6570B4C952F0D8FEE4C6EF2FF5E10C08 PX5: 917F152000320DE9366A0C362239380089D45879
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmboot - ImagePath [C:\WINDOWS\System32\drivers\dmboot.sys]
C:\WINDOWS\System32\drivers\dmio.sys InMem: 0 Det [G] MD5: C57D35621782C7F40770F3E5CA20A182 PX5: 33A7916180B2EE7E5AC702A49AA6DC00E6795F14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmio - ImagePath [C:\WINDOWS\System32\drivers\dmio.sys]
C:\WINDOWS\System32\drivers\dmload.sys InMem: 0 Det [G] MD5: E9317282A63CA4D188C0DF5E09C6AC5F PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmload - ImagePath [C:\WINDOWS\System32\drivers\dmload.sys]
C:\WINDOWS\system32\drivers\DMusic.sys InMem: 0 Det [G] MD5: A6F881284AC1150E37D9AE47FF601267 PX5: 64B493018066E6FACEE6008D21636D008F236B03
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DMusic - ImagePath [C:\WINDOWS\system32\drivers\DMusic.sys]
C:\WINDOWS\system32\drivers\drmkaud.sys InMem: 0 Det [G] MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E PX5: FA93CCC9802BA0DD0B8800D3A4C66500B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\drmkaud - ImagePath [C:\WINDOWS\system32\drivers\drmkaud.sys]
C:\WINDOWS\system32\DRIVERS\fdc.sys InMem: 0 Det [G] MD5: CED2E8396A8838E59D8FD529C680E02C PX5: 030113CC009ED3836B77000B64308F0030511E66
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Fdc - ImagePath [C:\WINDOWS\system32\DRIVERS\fdc.sys]
C:\WINDOWS\system32\DRIVERS\flpydisk.sys InMem: 0 Det [G] MD5: 0DD1DE43115B93F4D85E889D7A86F548 PX5: 60E1171000EEA79E50BF00391F7EE000F2860CEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Flpydisk - ImagePath [C:\WINDOWS\system32\DRIVERS\flpydisk.sys]
C:\WINDOWS\system32\DRIVERS\fltMgr.sys InMem: 0 Det [G] MD5: 3D234FB6D6EE875EB009864A299BEA29 PX5: DD494D2180C4BB98F7F901405AA62900817D3A94
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FltMgr - ImagePath [C:\WINDOWS\system32\DRIVERS\fltMgr.sys]
C:\WINDOWS\system32\DRIVERS\ftdisk.sys InMem: 0 Det [G] MD5: F3269A6EE547EA87B949A1CEA4816B38 PX5: D543638280F1FAF5EBA30154BD3E7700D3ED2EEC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ftdisk - ImagePath [C:\WINDOWS\system32\DRIVERS\ftdisk.sys]
C:\WINDOWS\system32\DRIVERS\msgpc.sys InMem: 0 Det [G] MD5: C0F1D4A21DE5A415DF8170616703DEBF PX5: A6DC8C520088C979894600B57B2B1A00363C4157
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Gpc - ImagePath [C:\WINDOWS\system32\DRIVERS\msgpc.sys]
C:\WINDOWS\System32\Drivers\gt680x.sys InMem: 0 Det [G] MD5: 7B90BE6811334CAA9243B89F3D3FEE1A PX5: 1D6B51D3607BDE5644D1005FB44A460074863ECF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\GT680x - ImagePath [C:\WINDOWS\System32\Drivers\gt680x.sys]
C:\WINDOWS\system32\DRIVERS\hidusb.sys InMem: 0 Det [G] MD5: 1DE6783B918F540149AA69943BDFEBA8 PX5: 1484F98A807906C3258400E49D6D650019C14BBC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\hidusb - ImagePath [C:\WINDOWS\system32\DRIVERS\hidusb.sys]
C:\WINDOWS\System32\Drivers\HTTP.sys InMem: 0 Det [G] MD5: CB77BB47E67E84DEB17BA29632501730 PX5: 1A572A9180D9F92E022704747529EC0016C1652C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTP - ImagePath [C:\WINDOWS\System32\Drivers\HTTP.sys]
C:\WINDOWS\system32\DRIVERS\i8042prt.sys InMem: 0 Det [G] MD5: 30E64DFA4EFAACC8142EA07766181FB4 PX5: 5176B379805D75ECD1900002BF9BC2003FF0C0D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\i8042prt - ImagePath [C:\WINDOWS\system32\DRIVERS\i8042prt.sys]
C:\WINDOWS\System32\Drivers\imagedrv.sys InMem: 0 Det [G] MD5: 0A7C49B48C772591A2D362DAA00246C8 PX5: E383C2F480AFC2491541008E40C3620095FC446B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\imagedrv - ImagePath [C:\WINDOWS\System32\Drivers\imagedrv.sys]
C:\WINDOWS\system32\DRIVERS\imagesrv.sys InMem: 0 Det [G] MD5: 549BA4F539E7B8D8129500B96DD7B27A PX5: 765B695900F122C8E91A01E15C4A6300587F7CC0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\imagesrv - ImagePath [C:\WINDOWS\system32\DRIVERS\imagesrv.sys]
C:\WINDOWS\system32\DRIVERS\imapi.sys InMem: 0 Det [G] MD5: F8AA320C6A0409C0380E5D8A99D76EC6 PX5: A6DE19768012C7FDA37F00B5535D7900050612BF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Imapi - ImagePath [C:\WINDOWS\system32\DRIVERS\imapi.sys]
C:\WINDOWS\system32\imapi.exe InMem: 0 Det [G] MD5: ED7ABB35C81709FB41972D30FE15311E PX5: 74CFCD09009BDDD14A8402202B1E530034B0D214
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ImapiService - ImagePath [C:\WINDOWS\system32\imapi.exe]
C:\WINDOWS\system32\DRIVERS\intelide.sys InMem: 0 Det [G] MD5: 7C15B34147134381421D7044479A1D73 PX5: 13577194803FCB8815F90068ABEFAF00861C758E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IntelIde - ImagePath [C:\WINDOWS\system32\DRIVERS\intelide.sys]
C:\WINDOWS\system32\DRIVERS\intelppm.sys InMem: 0 Det [G] MD5: EBC07787034BBE312020D30198A9F362 PX5: 308DA7E000DC5FE09D58006BABC91A0052CD17AF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\intelppm - ImagePath [C:\WINDOWS\system32\DRIVERS\intelppm.sys]
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys InMem: 0 Det [G] MD5: 4448006B6BC60E6C027932CFC38D6855 PX5: 554B18088049820E711F003BBA86E4005B660DCC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ip6Fw - ImagePath [C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys]
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys InMem: 0 Det [G] MD5: 731F22BA402EE4B62748ADAF6363C182 PX5: E130718C809C039180F700DA0AC8EE00F2B31814
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpFilterDriver - ImagePath [C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys]
C:\WINDOWS\system32\DRIVERS\ipinip.sys InMem: 0 Det [G] MD5: E1EC7F5DA720B640CD8FB8424F1B14BB PX5: 9655BFAF0030F62E523A00C352D248003081C413
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpInIp - ImagePath [C:\WINDOWS\system32\DRIVERS\ipinip.sys]
C:\WINDOWS\system32\DRIVERS\ipnat.sys InMem: 0 Det [G] MD5: E2168CBC7098FFE963C6F23F472A3593 PX5: 16BC903800541BF40F8E02F0609797000CA3B3FE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpNat - ImagePath [C:\WINDOWS\system32\DRIVERS\ipnat.sys]
C:\WINDOWS\system32\DRIVERS\ipsec.sys InMem: 0 Det [G] MD5: 64537AA5C003A6AFEEE1DF819062D0D1 PX5: 84ED89D600412A2C245201A3F8A740006B772EC6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IPSec - ImagePath [C:\WINDOWS\system32\DRIVERS\ipsec.sys]
C:\WINDOWS\system32\DRIVERS\irenum.sys InMem: 0 Det [G] MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 PX5: 42D7DCAC001BE9A12C7B00EF915041002AED16BC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IRENUM - ImagePath [C:\WINDOWS\system32\DRIVERS\irenum.sys]
C:\WINDOWS\system32\DRIVERS\isapnp.sys InMem: 0 Det [G] MD5: EA3245A8E8758D6B84DE189A5CAAA75E PX5: 8A87001A0002BFB48D1F0066402D8A00BD468997
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\isapnp - ImagePath [C:\WINDOWS\system32\DRIVERS\isapnp.sys]
C:\WINDOWS\system32\DRIVERS\kbdclass.sys InMem: 0 Det [G] MD5: E883AE6EA0B313E659225AA32E449CE9 PX5: 11013D51001BA498620F00A282D06D00135D5A16
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Kbdclass - ImagePath [C:\WINDOWS\system32\DRIVERS\kbdclass.sys]
C:\WINDOWS\system32\DRIVERS\kl1.sys InMem: 0 Det [G] MD5: 6512F37E1B52531BFD8D65FA95B6EE63 PX5: A7E8576E18BE510CAF1301B6B1751600A5AA2BB3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kl1 - ImagePath [C:\WINDOWS\system32\DRIVERS\kl1.sys]
C:\WINDOWS\system32\DRIVERS\klif.sys InMem: 0 Det [G] MD5: 0BF247D33BC9694CE0B32B7F1335A802 PX5: 8FBD18FA18395B18D39801702590410068F0210F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\KLIF - ImagePath [C:\WINDOWS\system32\DRIVERS\klif.sys]
C:\WINDOWS\system32\drivers\kmixer.sys InMem: 0 Det [G] MD5: BA5DEDA4D934E6288C2F66CAF58D2562 PX5: 1C3250A68067C4B7A11302D8512D99006E8A628F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kmixer - ImagePath [C:\WINDOWS\system32\drivers\kmixer.sys]
C:\WINDOWS\system32\mnmsrvc.exe InMem: 0 Det [G] MD5: 940A4E02B7F03C2592A52E16DDDB3E46 PX5: F2F6E69800D71BFC80AE00AF40E07800F93A911A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mnmsrvc - ImagePath [C:\WINDOWS\system32\mnmsrvc.exe]
C:\WINDOWS\system32\drivers\MODEMCSA.sys InMem: 0 Det [G] MD5: 1992E0D143B09653AB0F9C5E04B0FD65 PX5: FF5B4A5100F3876C3F990076267105003450ED78
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MODEMCSA - ImagePath [C:\WINDOWS\system32\drivers\MODEMCSA.sys]
C:\WINDOWS\system32\DRIVERS\mouclass.sys InMem: 0 Det [G] MD5: C458E314B8722253897C94A714C2E0C0 PX5: 7E80CA6A0038C59C5C6F0047F0E35500920EB276
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mouclass - ImagePath [C:\WINDOWS\system32\DRIVERS\mouclass.sys]
C:\WINDOWS\system32\DRIVERS\mouhid.sys InMem: 0 Det [G] MD5: D7662F0CF5B77BBBE3202716F5BD5318 PX5: 2301F35080287EAB2F80000FDBBFFD00349EAF96
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mouhid - ImagePath [C:\WINDOWS\system32\DRIVERS\mouhid.sys]
C:\Programmi\Common Files\Motive\MRENDIS5.sys InMem: 0 Det [G] MD5: 594B9D8194E3F4ECBF0325BD10BBEB05 PX5: 9DB2128253EB874F462F003034D424004C347F71
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRENDIS5 - ImagePath [C:\Programmi\Common Files\Motive\MRENDIS5.sys]
C:\WINDOWS\system32\DRIVERS\mrxdav.sys InMem: 0 Det [G] MD5: 29414447EB5BDE2F8397DC965DBB3156 PX5: 614867E18023D003BDFE0234E558A700F3D6C8CF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxDAV - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxdav.sys]
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys InMem: 0 Det [G] MD5: 025AF03CE51645C62F3B6907A7E2BE5E PX5: 3A6FDF2E00838449EA5E06BDEF52FE0062D6AA8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxSmb - ImagePath [C:\WINDOWS\system32\DRIVERS\mrxsmb.sys]
C:\WINDOWS\system32\msdtc.exe InMem: 0 Det [G] MD5: 3124662B40761A3EF8F4254D2F32E3F4 PX5: 3A5257C800292C38184B000639E3D800639539E0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSDTC - ImagePath [C:\WINDOWS\system32\msdtc.exe]
C:\WINDOWS\system32\msiexec.exe InMem: 0 Det [L] MD5: F5F0146580E7023ADB963879840777F8 PX5: 2199A4A600D88009341401C8D9AE0A004C78202A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSIServer - ImagePath [C:\WINDOWS\system32\msiexec.exe]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Package\shell\open\command - ["%SystemRoot%\System32\msiexec.exe" /i "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\Msi.Patch\shell\open\command - ["%SystemRoot%\System32\msiexec.exe" /p "%1" %*]
C:\WINDOWS\system32\drivers\MSKSSRV.sys InMem: 0 Det [G] MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 PX5: 441E162B80A429811D1500CB9CEDF700CED69BEA
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSKSSRV - ImagePath [C:\WINDOWS\system32\drivers\MSKSSRV.sys]
C:\WINDOWS\system32\drivers\MSPCLOCK.sys InMem: 0 Det [G] MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 PX5: 3656535900693AA115D1001337247B009D5BCE4B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPCLOCK - ImagePath [C:\WINDOWS\system32\drivers\MSPCLOCK.sys]
C:\WINDOWS\system32\drivers\MSPQM.sys InMem: 0 Det [G] MD5: 1988A33FF19242576C3D0EF9CE785DA7 PX5: 5D7EA63E804A637C13CA0078C414AC000E912E93
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPQM - ImagePath [C:\WINDOWS\system32\drivers\MSPQM.sys]
C:\WINDOWS\system32\DRIVERS\mssmbios.sys InMem: 0 Det [G] MD5: 469541F8BFD2B32659D5D463A6714BCE PX5: 5C75220680F731D03C3D001BD399CC00D7DBED29
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mssmbios - ImagePath [C:\WINDOWS\system32\DRIVERS\mssmbios.sys]
C:\WINDOWS\system32\drivers\MSTEE.sys InMem: 0 Det [G] MD5: BF13612142995096AB084F2DB7F40F77 PX5: EF9F4FE18003FE44154E00AC0DDE6800FF407119
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSTEE - ImagePath [C:\WINDOWS\system32\drivers\MSTEE.sys]
C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys InMem: 0 Det [G] MD5: 3EF4701A2FBE3F766AC49FED4FDA2961 PX5: A1AAA129DE37188CEE5701B0C30E4C00FD6E00A7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mtlmnt5 - ImagePath [C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys]
C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys InMem: 0 Det [G] MD5: 6F3A2A524D46B0935D8CB99106BC4F6B PX5: 517EEBFE00BDA38BFA741340E559B8001D51F902
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mtlstrm - ImagePath [C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys]
C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys InMem: 0 Det [G] MD5: 5C8DC6429C43DC6177C1FA5B76290D1A PX5: 37E661E8803A144B4DFD01732787D600D94FD14F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NABTSFEC - ImagePath [C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys]
C:\WINDOWS\system32\DRIVERS\NdisIP.sys InMem: 0 Det [G] MD5: 520CE427A8B298F54112857BCF6BDE15 PX5: 92D82929807F4CDE2A6000D7EF7E8C008BDE37E2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisIP - ImagePath [C:\WINDOWS\system32\DRIVERS\NdisIP.sys]
C:\WINDOWS\system32\DRIVERS\ndistapi.sys InMem: 0 Det [G] MD5: 08D43BBDACDF23F34D79E44ED35C1B4C PX5: 25AEC9EA809D4D4825A500A2A9E22F00CCB1FFC8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisTapi - ImagePath [C:\WINDOWS\system32\DRIVERS\ndistapi.sys]
C:\WINDOWS\system32\DRIVERS\ndisuio.sys InMem: 0 Det [G] MD5: 34D6CD56409DA9A7ED573E1C90A308BF PX5: 0BF3AB388038D73732EB00A9A855ED006D3C0384
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ndisuio - ImagePath [C:\WINDOWS\system32\DRIVERS\ndisuio.sys]
C:\WINDOWS\system32\DRIVERS\ndiswan.sys InMem: 0 Det [G] MD5: 0B90E255A9490166AB368CD55A529893 PX5: 304E26E9803B344266FF0104DAA0B500E6B358BD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisWan - ImagePath [C:\WINDOWS\system32\DRIVERS\ndiswan.sys]
C:\WINDOWS\system32\DRIVERS\netbios.sys InMem: 0 Det [G] MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 PX5: 6F5EDA40008AE18787EB007972CAB100F174D35C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBIOS - ImagePath [C:\WINDOWS\system32\DRIVERS\netbios.sys]
C:\WINDOWS\system32\DRIVERS\netbt.sys InMem: 0 Det [G] MD5: 0C80E410CD2F47134407EE7DD19CC86B PX5: 7D3B6A2A0069D5737CDE020A47DE6F00F472D659
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBT - ImagePath [C:\WINDOWS\system32\DRIVERS\netbt.sys]
C:\WINDOWS\system32\netdde.exe InMem: 0 Det [G] MD5: DE62EE316FAB09DE3D7A5180F0775ABF PX5: AAA3C89900BB76ABBADC01BFB3AC1B00E2E8A55F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDE - ImagePath [C:\WINDOWS\system32\netdde.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDEdsdm - ImagePath [C:\WINDOWS\system32\netdde.exe]
C:\WINDOWS\system32\DRIVERS\NMnt.sys InMem: 0 Det [G] MD5: 60CF8C7192B3614F240838DDBAA4A245 PX5: 4F6E51DE803D5E299DD30090E39024009FB3BD94
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nm - ImagePath [C:\WINDOWS\system32\DRIVERS\NMnt.sys]
C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys InMem: 0 Det [G] MD5: FAF9C47E3CEA3C3609E2FDEEAABFFDA2 PX5: 366185F288DADFA2C067026A9877600030D9652A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtMtlFax - ImagePath [C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys InMem: 0 Det [G] MD5: B305F3FAD35083837EF46A0BBCE2FC57 PX5: A826BA3A803B83AE30C000488911C200DC3CA878
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFlt - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys]
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys InMem: 0 Det [G] MD5: C99B3415198D1AAB7227F2C88FD664B9 PX5: B9B73139006979BB7FBC0031EA7E320032D237D0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFwd - ImagePath [C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys]
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE InMem: 0 Det [G] MD5: 7A56CF3E3F12E8AF599963B16F50FB6A PX5: F61B8D0330B79FF65C6601A611B00C00EFE13B0C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ose - ImagePath [C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE]
C:\WINDOWS\system32\DRIVERS\parport.sys InMem: 0 Det [G] MD5: 3490EAD0612BFD0E7C1B864EE24E6A4A PX5: 4A82394D8019443A393C017F618C1500973C174B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Parport - ImagePath [C:\WINDOWS\system32\DRIVERS\parport.sys]
C:\WINDOWS\system32\DRIVERS\pci.sys InMem: 0 Det [G] MD5: 91FC1D483D900B1C0600A08B871C39D5 PX5: 9DA3602E807459480C5D01595A918400CA482387
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCI - ImagePath [C:\WINDOWS\system32\DRIVERS\pci.sys]
C:\WINDOWS\system32\DRIVERS\pciide.sys InMem: 0 Det [G] MD5: B2DF00D650FD6C4EE781740ED3C8E67F PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCIIde - ImagePath [C:\WINDOWS\system32\DRIVERS\pciide.sys]
C:\WINDOWS\system32\DRIVERS\raspptp.sys InMem: 0 Det [G] MD5: 1C5CC65AAC0783C344F16353E60B72AC PX5: F406FA260016D348BD2800EFDBDF52003203F53C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PptpMiniport - ImagePath [C:\WINDOWS\system32\DRIVERS\raspptp.sys]
C:\WINDOWS\system32\DRIVERS\psched.sys InMem: 0 Det [G] MD5: 48671F327553DCF1D27F6197F622A668 PX5: C7C1320E008655110E77011715C66E0009C5AE75
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PSched - ImagePath [C:\WINDOWS\system32\DRIVERS\psched.sys]
C:\WINDOWS\system32\DRIVERS\ptilink.sys InMem: 0 Det [G] MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD PX5: F96F182D805891FA452B007EBD870E004C25BA07
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ptilink - ImagePath [C:\WINDOWS\system32\DRIVERS\ptilink.sys]
C:\WINDOWS\System32\drivers\pxark.sys InMem: 0 Det [G] MD5: 962A0FEF398E7B2C7BECD8C459AB7293 PX5: C1D2D54E00AE19C02A6D0076900F0E0084DF7F32
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pxark - ImagePath [C:\WINDOWS\System32\drivers\pxark.sys]
C:\WINDOWS\System32\Drivers\PxHelp20.sys InMem: 0 Det [G] MD5: D86B4A68565E444D76457F14172C875A PX5: CEED5A5408FE9DE2AA3300585AD0A300BEEAAC3B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PxHelp20 - ImagePath [C:\WINDOWS\System32\Drivers\PxHelp20.sys]
C:\WINDOWS\system32\DRIVERS\rasacd.sys InMem: 0 Det [G] MD5: FE0D99D6F31E4FAD8159F690D68DED9C PX5: EF519CA180B540A42200002C4F06E3005372DD33
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAcd - ImagePath [C:\WINDOWS\system32\DRIVERS\rasacd.sys]
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys InMem: 0 Det [G] MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C PX5: C15C1546804EC8E6C8410037F34FAD00B1FBF6DF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasl2tp - ImagePath [C:\WINDOWS\system32\DRIVERS\rasl2tp.sys]
C:\WINDOWS\system32\DRIVERS\raspppoe.sys InMem: 0 Det [G] MD5: 7306EEED8895454CBED4669BE9F79FAA PX5: A8F2C94800B2E031A21A00F0EC682E009B5794D5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasPppoe - ImagePath [C:\WINDOWS\system32\DRIVERS\raspppoe.sys]
C:\WINDOWS\system32\DRIVERS\raspti.sys InMem: 0 Det [G] MD5: FDBB1D60066FCFBB7452FD8F9829B242 PX5: 506F10F380FEE57C406900BE351741009F00F0DE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Raspti - ImagePath [C:\WINDOWS\system32\DRIVERS\raspti.sys]
C:\WINDOWS\system32\DRIVERS\rdbss.sys InMem: 0 Det [G] MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF PX5: EE21D17900972EBEAA93023D87A14E0013D2E867
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rdbss - ImagePath [C:\WINDOWS\system32\DRIVERS\rdbss.sys]
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys InMem: 0 Det [G] MD5: 4912D5B403614CE99C28420F75353332 PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDPCDD - ImagePath [C:\WINDOWS\System32\DRIVERS\RDPCDD.sys]
C:\WINDOWS\system32\DRIVERS\rdpdr.sys InMem: 0 Det [G] MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD PX5: 02477783007980B5019E03607F7E03003B692115
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rdpdr - ImagePath [C:\WINDOWS\system32\DRIVERS\rdpdr.sys]
C:\WINDOWS\system32\sessmgr.exe InMem: 0 Det [G] MD5: CC0693C481502844A24EF71B90A7195E PX5: 2C67C68B0020C05D2C3E02893D0F09005D1CF7F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDSessMgr - ImagePath [C:\WINDOWS\system32\sessmgr.exe]
C:\WINDOWS\system32\DRIVERS\RecAgent.sys InMem: 0 Det [G] MD5: 93F4513A9C7F0C5EC318E4B59C6A3E7C PX5: 4D7477DED0FF3CCB359200458A49D100C4929389
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RecAgent - ImagePath [C:\WINDOWS\system32\DRIVERS\RecAgent.sys]
C:\WINDOWS\system32\DRIVERS\redbook.sys InMem: 0 Det [G] MD5: A8EEE004A16AF1D583D9DE9F6DE250E0 PX5: AEF2FC7D804F986FE3C7004FF2D91D0029FD0FC2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\redbook - ImagePath [C:\WINDOWS\system32\DRIVERS\redbook.sys]
C:\WINDOWS\System32\Drivers\RootMdm.sys InMem: 0 Det [G] MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7 PX5: F3E7979300A8EEA3177100743639FF0080591A18
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ROOTMODEM - ImagePath [C:\WINDOWS\System32\Drivers\RootMdm.sys]
C:\WINDOWS\system32\locator.exe InMem: 0 Det [G] MD5: 33A8F0FE0005B2D79DF53441679F5149 PX5: C3C0A8550045DDC726E601EBB10B83000E4A4556
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcLocator - ImagePath [C:\WINDOWS\system32\locator.exe]
C:\WINDOWS\system32\rsvp.exe InMem: 0 Det [G] MD5: DCE0D20F8FB66DF41D53734BFF9D66F0 PX5: 2057508700E163D906880231F30F2D00E5519440
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RSVP - ImagePath [C:\WINDOWS\system32\rsvp.exe]
C:\WINDOWS\system32\DRIVERS\RTL8139.SYS InMem: 0 Det [G] MD5: D507C1400284176573224903819FFDA3 PX5: 0D1CF5B000B2C8EA5211002E76778C00F4B2E39E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rtl8139 - ImagePath [C:\WINDOWS\system32\DRIVERS\RTL8139.SYS]
C:\WINDOWS\System32\SCardSvr.exe InMem: 0 Det [G] MD5: 74B1E7FCFCA9A3A23871AA014144013E PX5: FFC6D19800BAA7847E46014ECC3CD200949D4E12
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SCardSvr - ImagePath [C:\WINDOWS\System32\SCardSvr.exe]
C:\WINDOWS\system32\DRIVERS\secdrv.sys InMem: 0 Det [G] MD5: 90A3935D05B494A5A39D37E71F09A677 PX5: 84A9A7CB006F9ECC508100883E7135006D51A95C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Secdrv - ImagePath [C:\WINDOWS\system32\DRIVERS\secdrv.sys]
C:\WINDOWS\system32\DRIVERS\serenum.sys InMem: 0 Det [G] MD5: A2D868AEEFF612E70E213C451A70CAFB PX5: 4F3C7EAD801665B83CEF00E324D68C009966C2DD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\serenum - ImagePath [C:\WINDOWS\system32\DRIVERS\serenum.sys]
C:\WINDOWS\system32\DRIVERS\serial.sys InMem: 0 Det [G] MD5: DBAB3260E7EB3398CB87267D1410FAD4 PX5: 84269A0C80DA4AE9020E01315B99420097A96A32
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Serial - ImagePath [C:\WINDOWS\system32\DRIVERS\serial.sys]
C:\WINDOWS\system32\DRIVERS\SLIP.sys InMem: 0 Det [G] MD5: 5CAEED86821FA2C6139E32E9E05CCDC9 PX5: C05453A580D50DE62B1A00E6C96F380022C2D117
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SLIP - ImagePath [C:\WINDOWS\system32\DRIVERS\SLIP.sys]
C:\WINDOWS\system32\DRIVERS\slntamr.sys InMem: 0 Det [G] MD5: 3A3620316CA4A0E32B189B1446957FEE PX5: 03A33B15FED6C4502D2F0603BB1BA0006050C7ED
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Slntamr - ImagePath [C:\WINDOWS\system32\DRIVERS\slntamr.sys]
C:\WINDOWS\system32\DRIVERS\Slnthal.sys InMem: 0 Det [G] MD5: 0F49E0D7A870FA4BEC8FD71F8163DC89 PX5: 8140277CC0991A6D741601865DDFE7007CA79461
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SlNtHal - ImagePath [C:\WINDOWS\system32\DRIVERS\Slnthal.sys]
C:\WINDOWS\system32\slserv.exe InMem: 0 Det [G] MD5: 93786110CF34D825F5BD098586C8D683 PX5: B8C20B6244D8F5E720C50110E521B700F8441AD6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SLService - ImagePath [C:\WINDOWS\system32\slserv.exe]
C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys InMem: 0 Det [G] MD5: 5C7B0D9631A9FD21D443932804061444 PX5: B34E4A41B849EEF633D4005DED01E500C1D736F3
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SlWdmSup - ImagePath [C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys]
C:\WINDOWS\system32\DRIVERS\snpstd.sys InMem: 0 Det [G] MD5: A2E9CAEF31863CAB5486267A65FE322C PX5: 409DC13B0043416993E5049B4FDAFF006EFAEF79
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\snpstd - ImagePath [C:\WINDOWS\system32\DRIVERS\snpstd.sys]
C:\WINDOWS\system32\drivers\splitter.sys InMem: 0 Det [G] MD5: 0CE218578FFF5F4F7E4201539C45C78F PX5: 249A00630095166C194E008C6AC35800063B57CE
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\splitter - ImagePath [C:\WINDOWS\system32\drivers\splitter.sys]
C:\WINDOWS\System32\Drivers\sptd.sys InMem: 0 Det [G] MD5: 4E3C4FFCB2C95C2EC1FA04A6F4531533 PX5: 169D8907F8AEEF2CC04B098FE23F9F00E7B3EE7D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sptd - ImagePath [C:\WINDOWS\System32\Drivers\sptd.sys]
C:\WINDOWS\system32\DRIVERS\sr.sys InMem: 0 Det [G] MD5: 896F566AFC498077172EAE8A50E8BAF8 PX5: 4D90659E00D8A4771F1A013E6E421F00F36027A5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sr - ImagePath [C:\WINDOWS\system32\DRIVERS\sr.sys]
C:\WINDOWS\system32\ZoneLabs\srescan.sys InMem: 0 Det [G] MD5: 8564B89EDA35A72C09D9B26120605868 PX5: 82B78E2AF011ABA5C4F900B002D4F40038269022
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srescan - ImagePath [C:\WINDOWS\system32\ZoneLabs\srescan.sys]
C:\WINDOWS\system32\DRIVERS\srv.sys InMem: 0 Det [G] MD5: EA554A3FFC3F536FE8320EB38F5E4843 PX5: 75BFBC608040FEEB14BC05A8A20D28000AA8481B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Srv - ImagePath [C:\WINDOWS\system32\DRIVERS\srv.sys]
C:\WINDOWS\system32\DRIVERS\StreamIP.sys InMem: 0 Det [G] MD5: 284C57DF5DC7ABCA656BC2B96A667AFB PX5: 37C869AE00A1D1423CD000F9D66948002AC47A8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\streamip - ImagePath [C:\WINDOWS\system32\DRIVERS\StreamIP.sys]
C:\WINDOWS\system32\DRIVERS\swenum.sys InMem: 0 Det [G] MD5: 03C1BAE4766E2450219D20B993D6E046 PX5: FDB253C8004ADC8E110200CB82EF3C003BACCEF1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swenum - ImagePath [C:\WINDOWS\system32\DRIVERS\swenum.sys]
C:\WINDOWS\system32\drivers\swmidi.sys InMem: 0 Det [G] MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D PX5: D73823E800EBA9D4D48400057CBBEE004EA1E5C8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swmidi - ImagePath [C:\WINDOWS\system32\drivers\swmidi.sys]
C:\WINDOWS\system32\drivers\sysaudio.sys InMem: 0 Det [G] MD5: 650AD082D46BAC0E64C9C0E0928492FD PX5: 23CF2276806778A5EDCF00D9512FDE00BB195FEF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sysaudio - ImagePath [C:\WINDOWS\system32\drivers\sysaudio.sys]
C:\WINDOWS\system32\smlogsvc.exe InMem: 0 Det [G] MD5: BC8B8694DEF74B4E6C626322D4321A54 PX5: C0E6801A0095AB606A660128541E440050C06325
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SysmonLog - ImagePath [C:\WINDOWS\system32\smlogsvc.exe]
C:\WINDOWS\system32\DRIVERS\tcpip.sys InMem: 0 Det [G] MD5: 90CAFF4B094573449A0872A0F919B178 PX5: 9F6EEC1C80D7CCB57E0F0545DD505C004B15302D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Tcpip - ImagePath [C:\WINDOWS\system32\DRIVERS\tcpip.sys]
C:\WINDOWS\system32\DRIVERS\termdd.sys InMem: 0 Det [G] MD5: A540A99C281D933F3D69D55E48727F47 PX5: 3111E3EA882052CE9F39002D38F46900A7415306
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermDD - ImagePath [C:\WINDOWS\system32\DRIVERS\termdd.sys]
C:\WINDOWS\system32\tlntsvr.exe InMem: 0 Det [G] MD5: 2A9DAAEF2CC0333DB6F129F2F8B3D3FD PX5: F869AF89008EB51B24EC0113A0DCBB001FBDD7D2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TlntSvr - ImagePath [C:\WINDOWS\system32\tlntsvr.exe]
C:\WINDOWS\system32\drivers\tmcomm.sys InMem: 0 Det [G] MD5: DF8444A8FA8FD38D8848BDD40A8403B3 PX5: 2E50D1090835340B919B013591DC5A0043757FD7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\tmcomm - ImagePath [C:\WINDOWS\system32\drivers\tmcomm.sys]
C:\WINDOWS\system32\DRIVERS\update.sys InMem: 0 Det [G] MD5: CED744117E91BDC0BEB810F7D8608183 PX5: DB815C1080BD5D598E3605C672D6A20096A59C7E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Update - ImagePath [C:\WINDOWS\system32\DRIVERS\update.sys]
C:\WINDOWS\System32\ups.exe InMem: 0 Det [G] MD5: E4896F38A3F8DACEA6EA8D7EC9889D91 PX5: B1B748F7000750CB484000B4D1F04D00484BD2C2
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UPS - ImagePath [C:\WINDOWS\System32\ups.exe]
C:\WINDOWS\system32\DRIVERS\usbehci.sys InMem: 0 Det [G] MD5: 15E993BA2F6946B2BFBBFCD30398621E PX5: 42E57CAC00DC4FAF684000867EE93C003087E4F7
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbehci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbehci.sys]
C:\WINDOWS\system32\DRIVERS\usbhub.sys InMem: 0 Det [G] MD5: C72F40947F92CEA56A8FB532EDF025F1 PX5: 1972CD35009EF197E1E10053A918EE0090181966
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbhub - ImagePath [C:\WINDOWS\system32\DRIVERS\usbhub.sys]
C:\WINDOWS\system32\DRIVERS\usbprint.sys InMem: 0 Det [G] MD5: A42369B7CD8886CD7C70F33DA6FCBCF5 PX5: C449F0710094064A6580004CDAAF0B00CAA1349A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbprint - ImagePath [C:\WINDOWS\system32\DRIVERS\usbprint.sys]
C:\WINDOWS\system32\DRIVERS\usbuhci.sys InMem: 0 Det [G] MD5: F8FD1400092E23C8F2F31406EF06167B PX5: 4756F37D00016D8B5030004DF844F10054C11836
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbuhci - ImagePath [C:\WINDOWS\system32\DRIVERS\usbuhci.sys]
C:\WINDOWS\system32\DRIVERS\VComm.sys InMem: 0 Det [GP] MD5: 9EBEE4A060C5364A31AEAA04EAC2AF1E PX5: 6686C63580A766B2EFE700A4DC25B500A44D6B56
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VComm - ImagePath [C:\WINDOWS\system32\DRIVERS\VComm.sys]
C:\WINDOWS\System32\Drivers\VcommMgr.sys InMem: 0 Det [GP] MD5: EF0D45ED806B0C9AE9756BFEECB077ED PX5: E125ADDBE46FB81C4011014D2020120085C5C0CD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VcommMgr - ImagePath [C:\WINDOWS\System32\Drivers\VcommMgr.sys]
C:\WINDOWS\System32\drivers\vga.sys InMem: 0 Det [G] MD5: 8A60EDD72B4EA5AEA8202DAF0E427925 PX5: 14B18202007EA0B752C8003693833D00BCED634F
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VgaSave - ImagePath [C:\WINDOWS\System32\drivers\vga.sys]
C:\WINDOWS\System32\vsdatant.sys InMem: 0 Det [G] MD5: CDDA2FCE6F9753D40842C9ED2FA5C2BB PX5: D74B10CAE82A254D06CC061E5A70E7005A9818E6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\vsdatant - ImagePath [C:\WINDOWS\System32\vsdatant.sys]
C:\WINDOWS\System32\vssvc.exe InMem: 0 Det [G] MD5: 147C653AD61BD01556723B3C8C4FAFC8 PX5: F8FD01E1006746AE7C9C04ADE2180F00B254A617
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VSS - ImagePath [C:\WINDOWS\System32\vssvc.exe]
C:\WINDOWS\system32\DRIVERS\wanarp.sys InMem: 0 Det [G] MD5: 984EF0B9788ABF89974CFED4BFBAACBC PX5: D61BDDFF00BF41D487E5002B87E94900EE92AF43
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wanarp - ImagePath [C:\WINDOWS\system32\DRIVERS\wanarp.sys]
C:\WINDOWS\system32\DRIVERS\gwausb.sys InMem: 0 Det [G] MD5: 4074C9CBB02F817B508265A13546C79E PX5: D11069BF809FB1156B2F02283AADA100C0B7217B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wanusb - ImagePath [C:\WINDOWS\system32\DRIVERS\gwausb.sys]
C:\WINDOWS\system32\drivers\wdmaud.sys InMem: 0 Det [G] MD5: EFD235CA22B57C81118C1AEB4798F1C1 PX5: 1A706C8200C406CF446E0184AD924B00FE330A09
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wdmaud - ImagePath [C:\WINDOWS\system32\drivers\wdmaud.sys]
C:\Programmi\Windows Live\installer\WLSetupSvc.exe InMem: 0 Det [G] MD5: 94A85E956A065E23E0010A6A7826243B PX5: 2D572DB3008F010D10110431BDE6C6002A62A0E0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WLSetupSvc - ImagePath [C:\Programmi\Windows Live\installer\WLSetupSvc.exe]
C:\WINDOWS\system32\wbem\wmiapsrv.exe InMem: 0 Det [G] MD5: 0EE2A2754039B13A632489726689DAD0 PX5: A8EB9B0C007C19C1EE9501FD1D31580061EB57F5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiApSrv - ImagePath [C:\WINDOWS\system32\wbem\wmiapsrv.exe]
C:\Programmi\Windows Media Player\WMPNetwk.exe InMem: 0 Det [G] MD5: F30DC8F80CF65A323E8B6A2DB81561E3 PX5: AF2881470070FC5204AF0EFACB168500F7ECD6E8
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WMPNetworkSvc - ImagePath [C:\Programmi\Windows Media Player\WMPNetwk.exe]
C:\WINDOWS\System32\drivers\ws2ifsl.sys InMem: 0 Det [G] MD5: 6ABE6E225ADB5A751622A9CC3BC19CE8 PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WS2IFSL - ImagePath [C:\WINDOWS\System32\drivers\ws2ifsl.sys]
C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS InMem: 0 Det [G] MD5: D5842484F05E12121C511AA93F6439EC PX5: B2CFBF068074D4084BB4001A2B9A35007D8AF7A1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WSTCODEC - ImagePath [C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS]
C:\WINDOWS\system32\DRIVERS\WudfPf.sys InMem: 0 Det [G] MD5: F15FEAFFFBB3644CCC80C5DA584E6311 PX5: 0CF32E7D00C942692FB1016FE6CD6B005D0F67E4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfPf - ImagePath [C:\WINDOWS\system32\DRIVERS\WudfPf.sys]
C:\WINDOWS\system32\DRIVERS\wudfrd.sys InMem: 0 Det [G] MD5: 28B524262BCE6DE1F7EF9F510BA3985B PX5: 938378B8001690D3445C01DE64563A001F0572DD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfRd - ImagePath [C:\WINDOWS\system32\DRIVERS\wudfrd.sys]
C:\WINDOWS\system32\NeroCheck.exe InMem: 0 Det [G] MD5: 3E4C03CEFAD8DE135263236B61A49C90 PX5: 0A1755890076B4FC600C028A81C92900BA5A263E
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NeroFilterCheck [C:\WINDOWS\system32\NeroCheck.exe]
C:\WINDOWS\system32\RunDll32.exe InMem: 0 Det [G] MD5: F88CDB0CCC416B3778736BE74CDEBB94 PX5: 797CA9E8007174E38209003396ABA600D9E79205
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - Cmaudio [RunDll32 cmicnfg.cpl,CMICtrlWnd]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.i]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} - StubPath [C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dl]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}\LocalServer32 - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_COMServ]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\system\cmicnfg.cpl InMem: 0 Det [G] MD5: FDF5872FDFE7A46E7C0744879BD0A041 PX5: 6190C66500AC5F4D404A2B3598D50F00A97425C5
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - Cmaudio [RunDll32 cmicnfg.cpl,CMICtrlWnd]
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Cmcpls [C:\WINDOWS\System\cmicnfg.cpl]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE InMem: 0 Det [G] MD5: 32B0CBB036AE701352881A4303B10A7A PX5: CD01E22200B050E886BC01FDB86F82006D49A00B
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - EPSON Stylus C46 Series [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EP]
C:\Programmi\QuickTime\qttask.exe InMem: 0 Det [G] MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0 PX5: 3A450B5700D74820606D045C20435800F4D65C1B
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - QuickTime Task ["C:\Programmi\QuickTime\qttask.exe" -atboottime]
C:\Programmi\Grisoft\AVG7\avgw.exe InMem: 0 Det [G] MD5: B331EF4C7437F5093D703340678469EB PX5: 75C2FBB50077C4CB589103ED9FC2A900DCA9D54E
REGRUNKEY - \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - AVG7_Run [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE]
REGRUNKEY - \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run - AVG7_Run [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE]
REGRUNKEY - \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run - AVG7_Run [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE]
REGRUNKEY - \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - AVG7_Run [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE]
C:\Programmi\Ahead\Nero BackItUp\NBJ.exe InMem: 0 Det [G] MD5: D811E48F720BC670B248A0E388DF47EB PX5: A5F394510077B563D06E1DC7A3742D00D12E9BEE
REGRUNKEY - \REGISTRY\User\S-1-5-21-117609710-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run - NBJ ["C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"]
C:\WINDOWS\system32\userinit.exe InMem: 0 Det [G] MD5: C1E7FE19F98A877BF8F941BF48148695 PX5: 33A4BB2F001DA1EB620B00510674AE00F15A5361
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UserInit [C:\WINDOWS\system32\userinit.exe]
C:\WINDOWS\system32\logonui.exe InMem: 0 Det [G] MD5: 43BDF167CE792A5639D99AD7F1EABC1C PX5: 6B3184960083D65DDE0B0761A134100078FE806C
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UIHost [logonui.exe]
C:\WINDOWS\system32\autochk.exe InMem: 0 Det [G] MD5: 779768A0A8091EDB749DCB8FE60213E1 PX5: 38890F3300760B775A86096430A56A00DB68AE82
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - BootExecute [autocheck]
C:\WINDOWS\system32\lsdelete.exe InMem: 0 Det [G] MD5: 56D1AA22BDBFDE2E3A64A93359DD9397 PX5: 685EDCA958E6FFEB31CF00F4C9946C00F7865F85
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - BootExecute [autocheck]
C:\WINDOWS\system32\msjava.dll InMem: 0 Det [G] MD5: E75AA32C6B79C846F5314CA4DA92F29E PX5: 01A2D955103896C5756F0E58E5337C005E03C8EE
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} - KeyFileName [C:\WINDOWS\system32\msjava.dll]
REGIESTYLE - \REGISTRY\Machine\Software\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\InprocServer32 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [C:\WINDOWS\system32\msjava.dll]
C:\WINDOWS\system32\Security.dll InMem: 0 Det [G] MD5: 71ECCDFAED35071ECB63430732E4276F PX5: 6E962CC0006BCF2D162C007F8D738E00DB8BC691
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - [Security Update for Microsoft .NET Framework 2.0 (KB922770)]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - [Security Update for Microsoft .NET Framework 2.0 (KB928365)]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F} - [Security Update for Microsoft .NET Framework 2.0 (KB917283)]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{B7DFB71C-4B92-FD28-58CD-77CDE0A56206} - [Security Update for Microsoft .NET Framework 2.0 (KB922770)]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - [Security]
C:\Programmi\Messenger\msmsgs.exe InMem: 0 Det [G] MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259 PX5: 937DB9BC008B29B4DA13198C306CAF00327E8384
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - KeyFileName [C:\Programmi\Messenger\msmsgs.exe]
C:\WINDOWS\system32\msieftp.dll InMem: 0 Det [G] MD5: 9BA0424BF46A751E9F68829A9AFBE680 PX5: 44133DFB00C5C1B9D64903B9EB9B6E00A95E5477
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9} - KeyFileName [C:\WINDOWS\system32\msieftp.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{63da6ec0-2e98-11cf-8d82-444553540000}\InprocServer32 - {63da6ec0-2e98-11cf-8d82-444553540000} [C:\WINDOWS\system32\msieftp.dll]
C:\WINDOWS\system32\ieudinit.exe InMem: 0 Det [G] MD5: 1DACF4474566F7394195F8A4952ACADF PX5: A7FBBAD300728720360A0021165ED300B7A09074
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - StubPath [C:\WINDOWS\system32\ieudinit.exe]
C:\WINDOWS\inf\unregmp2.exe InMem: 0 Det [G] MD5: 720FE9EDDFA670D2BDF98C13AA6305AF PX5: 62D1ABBC006680A4DC3104F3FD5F6600BA9B55C1
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Stubpath [C:\WINDOWS\inf\unregmp2.exe /ShowWMP]
C:\WINDOWS\system32\ie4uinit.exe InMem: 0 Det [G] MD5: 0C910DE39D27E698276528E4507AB4CB PX5: B3FEB4010052718E147101425FEA5D00AFF23641
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - StubPath [C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - StubPath [C:\WINDOWS\system32\ie4uinit.exe -BaseSettings]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c} - LocalizedName [@C:\WINDOWS\system32\ie4uinit.exe,-21]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} - LocalizedName [@C:\WINDOWS\system32\ie4uinit.exe,-20]
C:\WINDOWS\system32\IEDKCS32.DLL InMem: 0 Det [G] MD5: EC5F37DD9461E62200DE6D51B2042744 PX5: 421ACBEF00A76C9BDE4E05189A8C2A009D6374CE
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - StubPath [RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - LocalizedName [@C:\WINDOWS\system32\iedkcs32.dll,-3052]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} - DllName [iedkcs32.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} - DllName [iedkcs32.dll]
C:\WINDOWS\system32\shmgrate.exe InMem: 0 Det [G] MD5: F8CBCDAA8C509F6A424834FE51956E21 PX5: 20602ECB00AD0F89A6D6007CC62E8E00FE74C13B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - StubPath [%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE]
C:\WINDOWS\system32\regsvr32.exe InMem: 0 Det [G] MD5: DA9623D7E0CA24DD3E08523287E05A4C PX5: 9F2DE48F0086912530FD001A3E083800D58E0872
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} - StubPath [%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %System]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} - StubPath [regsvr32.exe /s /n /i:U shell32.dll]
C:\Programmi\Outlook Express\setup50.exe InMem: 0 Det [G] MD5: 5565E7539564F955441DE6FDCBE447A9 PX5: 990052A900467F972069015D0AA93E00C6116D6B
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} - StubPath ["%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WI]
C:\WINDOWS\system32\advpack.dll InMem: 1 Det [G] MD5: E8457BFA776838B498D18A81389779AB PX5: 6AFB0846001811DCE8EF01062CF91F004F0980A8
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.i]
C:\WINDOWS\system32\mscories.dll InMem: 0 Det [G] MD5: 46E55AEA48BAD9297DF685C722619BD6 PX5: 652959240095250822A60140F37F47001792531A
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} - StubPath [C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dl]
C:\WINDOWS\system32\logon.scr InMem: 0 Det [G] MD5: 6FA8411D60C4FAEE5102EEE1367AB34D PX5: 509D0B6F00114C175E1803F3B4819D004996445C
REGSCRNSAVE - \REGISTRY\User\.DEFAULT\Control Panel\Desktop - SCRNSAVE.EXE [logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-19\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-20\Control Panel\Desktop - SCRNSAVE.EXE [%SystemRoot%\System32\logon.scr]
REGSCRNSAVE - \REGISTRY\User\S-1-5-18\Control Panel\Desktop - SCRNSAVE.EXE [logon.scr]
C:\WINDOWS\system32\MA2_6.scr InMem: 0 Det [G] MD5: E9267BCB4BD01683C609C0AF16FC8413 PX5: 54235A9A0080851AC0192C846DF29A00618BBFFF
REGSCRNSAVE - \REGISTRY\User\S-1-5-21-117609710-261903793-725345543-1003\Control Panel\Desktop - SCRNSAVE.EXE [C:\WINDOWS\system32\MA2_6.scr]
C:\WINDOWS\system32\gptext.dll InMem: 0 Det [G] MD5: F286C70F59F434B6DDBAB5738B6B029B PX5: 3937BBDB001CF5150EDE03108010A6002700AFB6
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3} - DllName [gptext.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} - DllName [gptext.dll]
C:\WINDOWS\system32\fdeploy.dll InMem: 0 Det [G] MD5: B4767457D286EBB4767C5EC1DF9A7424 PX5: 4B245433003392E32A140131FF3EF30000999A70
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} - DllName [fdeploy.dll]
C:\WINDOWS\system32\dskquota.dll InMem: 0 Det [G] MD5: 78B72D69EE065560A89B7ECE65ED7E2C PX5: 67A29FF30003BFCF6E3801450DA1040095E8819B
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} - DllName [dskquota.dll]
C:\WINDOWS\system32\appmgmts.dll InMem: 0 Det [G] MD5: 00E50CD4D9247CB56EFC1360C32AB755 PX5: D38F92810065B7EDAC840228F23E3C004E625C37
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} - DllName [appmgmts.dll]
C:\WINDOWS\system32\sclgntfy.dll InMem: 0 Det [G] MD5: 5FF2551A3D740476F06B20F59CD7F0BE PX5: 164435B300B5B4E0548400AA1F6E0800C2CDD06A
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy - DllName [sclgntfy.dll]
C:\WINDOWS\system32\comm.drv InMem: 0 Det [G] MD5: 01B656374912D7CCF7465A3893F18982 PX5: 0D8B262B3068553F296F004B25B4F300F3172575
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - comm.drv [comm.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\vga.drv InMem: 0 Det [G] MD5: 9C86BBB80450AF95B6A4EA8EBDA93D76 PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - display.drv [vga.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mmsystem.dll InMem: 0 Det [G] MD5: 7B3633A771FFAD1CFB8D999FB5FC2687 PX5: B7018ADE208113FC103101C8EB6DD700B1D99765
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - drivers [mmsystem.dll]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\keyboard.drv InMem: 0 Det [G] MD5: ED4BF709AAD8B665075DE06A0945B030 PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - keyboard.drv [keyboard.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mouse.drv InMem: 0 Det [G] MD5: 7D29780AC88BB7292CDCFF71BA67433D PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - mouse.drv [mouse.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wfwnet.drv InMem: 0 Det [G] MD5: 5302ADA9B0793C84151FC463DD65D7BF PX5: E9641F0220200734353000D28FC59A003BEC664C
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - network.drv [wfwnet.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\progman.exe InMem: 0 Det [G] MD5: DF0960F73F899D517FFE5A96F8715E0E PX5: C0D0815600445D69AC3B01B2DAB067005DE0E11A
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - shell [progman.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\sound.drv InMem: 0 Det [G] MD5: 028A1F74926DC3DF2D9629EDC9AEBAFB PX5: E70CAE91D00DCE52067C00647C846400B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - sound.drv [sound.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\system.drv InMem: 0 Det [G] MD5: 4A00D59AE6D75BDFC2C8E5182C4B1376 PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14
REG16BITRUN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot - system.drv [system.drv]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ntvdm.exe InMem: 0 Det [G] MD5: 0FEA136CC628C6182E91598F7990229C PX5: DFD881F400018F016A4F06473E7EAA001AE7779E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - cmdline [%SystemRoot%\system32\ntvdm.exe]
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - wowcmdline [%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386]
C:\WINDOWS\system32\commdlg.dll InMem: 0 Det [G] MD5: 282C6A1E0565458CE162C907A84043F4 PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ctl3dv2.dll InMem: 0 Det [G] MD5: 637D88E7A1BEDC4457C80DBC8BA9F135 PX5: C84734B440655DC66A4D00304EF8AC0014627D07
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ddeml.dll InMem: 0 Det [G] MD5: BF6529DE6619C4970E727F58E0AD48D1 PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\lanman.drv InMem: 0 Det [G] MD5: E9D142FEAA02E867C8DCDDFE84E29E20 PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\netapi.dll InMem: 0 Det [G] MD5: 0F4AD2E828A6CB0F100CB36F3AC6FAEE PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olecli.dll InMem: 0 Det [G] MD5: CA0305757C0648715F6D92BA0C43992F PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\olesvr.dll InMem: 0 Det [G] MD5: 16BF834A84A7DC0D24EDC8E924C90637 PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\pmspl.dll InMem: 0 Det [G] MD5: 57F8A50513E43AAF6A7B23389E389BBC PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\shell.dll InMem: 0 Det [G] MD5: DC8A8C47542EDD026AD8F4AC3D6C2292 PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\toolhelp.dll InMem: 0 Det [G] MD5: C86363C599E5D6836C21A3A3FD21C388 PX5: 87219368400265353643009B30E21C003936EBD7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\win87em.dll InMem: 0 Det [G] MD5: C980C971AD4FF3CA5CEFDEF40932D3A1 PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winoldap.mod InMem: 0 Det [G] MD5: 0DDFD6315DA4B29D09D09B6873EA460B PX5: E19A53B2202676D208C7002132DA8800B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winsock.dll InMem: 0 Det [G] MD5: 68485C5EF0E2EFCEBF21BBB1042B823B PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\winspool.exe InMem: 0 Det [G] MD5: 0B4B94B78123E8035B84105BC024F9F8 PX5: F5BB157440E5748C08D600021F9AD300B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\wowdeb.exe InMem: 0 Det [G] MD5: A7B82D6B38A2ACD3B2684E7371C6CE93 PX5: C1613D5DB0A80A260ABB006471357400B79BCD14
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\timer.drv InMem: 0 Det [G] MD5: 01DC53809B29550424FDB88345F6872C PX5: 01DC5380F09B29550F040024FDB8830045F6872C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\compobj.dll InMem: 0 Det [G] MD5: 40F9FC896B2BA69FDC04D75E9D00DD01 PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\storage.dll InMem: 0 Det [G] MD5: 3A5CD674ADA85BCC1FF26B81B4CDEFB5 PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2.dll InMem: 0 Det [G] MD5: 145AA8ECF0526C093F71117C181694AB PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2disp.dll InMem: 0 Det [G] MD5: EB38BE7D7CF9EC15442A9D24CB39A2AC PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\ole2nls.dll InMem: 0 Det [G] MD5: 32CFCC848A57F87638E31E8735515F80 PX5: 09B13294B021FA9E558F026E08072F00900228B5
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\typelib.dll InMem: 0 Det [G] MD5: 7161255DFA81E67B66B746D2504D2F2B PX5: C0620321C004C14EB60D020DCCE16200701F9AEA
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msvideo.dll InMem: 0 Det [G] MD5: 0FEC57467004486CF202ED7BDFA5DCEE PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avifile.dll InMem: 0 Det [G] MD5: 92FBB472D13A6CC283529301810922FB PX5: 23078576D07C879BAB0E016052733100CC123BD6
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\msacm.dll InMem: 0 Det [G] MD5: B3E0E6C925D333FDCA47808EBF787CB2 PX5: 9509859960B48961EF3C0048E192C7002EB67DBB
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciavi.drv InMem: 0 Det [G] MD5: E6A1BB6F039486BCEB825B365AA5548D PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciseq.drv InMem: 0 Det [G] MD5: 6F3561B8890792B0F61C353D1FC85F9C PX5: 6F3561B8D089079262B000F61C353D001FC85F9C
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\mciwave.drv InMem: 0 Det [G] MD5: 2D1A8D96222A829884C50D453B805765 PX5: 2D1A8D9600222A826E980084C50D45003B805765
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\WINDOWS\system32\avicap.dll InMem: 0 Det [G] MD5: 4A78D6C08D90BDE538D5B538A082C1C9 PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8
REG16BITRUN - \REGISTRY\Machine\System\CurrentControlSet\Control\WOW - KnownDlls [comm.drv]
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll InMem: 0 Det [G] MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A PX5: 43FC1F718034B0CAF2E7007A2CAFD0009BF22C42
REGBHO - \REGISTRY\Machine\Software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 - [C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]
C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll InMem: 0 Det [G] MD5: 230F34EB9C919978C23E6939120DB35C PX5: BBA7FBC100325D3030CB05C849653C009458DF5C
REGBHO - \REGISTRY\Machine\Software\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 - InternetExplore [C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll]
REGBHO - \REGISTRY\Machine\Software\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 - FileExplorer [C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll]
REGBHO - \REGISTRY\Machine\Software\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 - FileBrowser [C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\InprocServer32 - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll]
C:\WINDOWS\system32\ntsd.exe InMem: 0 Det [G] MD5: 3ECFFB9259462ACCCAF0063841E85E9B PX5: 834FBBDD002D211C7C10004432E9BD00FC3D4F55
REGIFEO - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a - Debugger [ntsd -d]
C:\WINDOWS\system32\mmsys.cpl InMem: 0 Det [G] MD5: B9E3764A67F8D272E88A74E0BDFA1BD0 PX5: 22BCF726009533B384CD093581FB0B00BBF55E93
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00022613-0000-0000-C000-000000000046}\InprocServer32 - {00022613-0000-0000-C000-000000000046} [mmsys.cpl]
C:\WINDOWS\system32\icmui.dll InMem: 0 Det [G] MD5: CC61775DD0099C04C1C464D2E838E0A3 PX5: 79852F4F004FA70AD8870036A8B3F300BFB6CC72
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{176d6597-26d3-11d1-b350-080036a75b03}\InprocServer32 - {176d6597-26d3-11d1-b350-080036a75b03} [icmui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5DB2625A-54DF-11D0-B6C4-0800091AA605}\InprocServer32 - {5DB2625A-54DF-11D0-B6C4-0800091AA605} [%SystemRoot%\System32\icmui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{675F097E-4C4D-11D0-B6C1-0800091AA605}\InprocServer32 - {675F097E-4C4D-11D0-B6C1-0800091AA605} [%SystemRoot%\system32\icmui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DBCE2480-C732-101B-BE72-BA78E9AD5B27}\InprocServer32 - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} [%SystemRoot%\system32\icmui.dll]
C:\WINDOWS\system32\rshx32.dll InMem: 0 Det [G] MD5: 96DBC8F1582FE95B299CD3D6CDBA10A2 PX5: 8E3D69C300B1B3BBA05400C01998E00021B13B08
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32 - {1F2E5C40-9550-11CE-99D2-00AA006E086C} [rshx32.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}\InprocServer32 - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [rshx32.dll]
C:\WINDOWS\system32\docprop.dll InMem: 0 Det [G] MD5: 33CF28FEAC3984EDEA3B8672A0D7F46A PX5: 4D155A630014F006B8E7003E1F6CD600C0918C31
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32 - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} [docprop.dll]
C:\WINDOWS\system32\deskadp.dll InMem: 0 Det [G] MD5: 77DD733136353761750B2258AD368A7E PX5: 1FEBC52C0075696A427B005EACC72200AF70D61C
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{42071712-76d4-11d1-8b24-00a0c9068ff3}\InprocServer32 - {42071712-76d4-11d1-8b24-00a0c9068ff3} [deskadp.dll]
C:\WINDOWS\system32\deskmon.dll InMem: 0 Det [G] MD5: B4D9F35F49B9E5B03C45BEBD96486FE4 PX5: E6AC7E1B00B4347342D70033642CB1001FC78895
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{42071713-76d4-11d1-8b24-00a0c9068ff3}\InprocServer32 - {42071713-76d4-11d1-8b24-00a0c9068ff3} [deskmon.dll]
C:\WINDOWS\system32\dssec.dll InMem: 0 Det [G] MD5: FBA19F60318C5E62CC531F7265E64899 PX5: BF365090005B6ECFCC56008F370997000EDC51ED
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{4E40F770-369C-11d0-8922-00A024AB2DBB}\InprocServer32 - {4E40F770-369C-11d0-8922-00A024AB2DBB} [dssec.dll]
C:\WINDOWS\system32\SlayerXP.dll InMem: 0 Det [G] MD5: 92E3C0617DDA6F19A7B0F680C94C9B6F PX5: 071E70380069307964410011CDEF880004B79666
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}\InprocServer32 - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} [SlayerXP.dll]
C:\WINDOWS\system32\shscrap.dll InMem: 0 Det [G] MD5: 886E25758E76F75B62955E031EAAA7E5 PX5: CEE438A6004ACC126CE400DA76EA3300F6FBD343
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{56117100-C0CD-101B-81E2-00AA004AE837}\InprocServer32 - {56117100-C0CD-101B-81E2-00AA004AE837} [shscrap.dll]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ShellScrap\shell\open\command - [rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1]
C:\WINDOWS\system32\diskcopy.dll InMem: 0 Det [G] MD5: 18AC1727A4FDD1012974AD76580D0C74 PX5: 74FF218D0092AEB8EC3016F62F9A37009BC24342
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{59099400-57FF-11CE-BD94-0020AF85B590}\InprocServer32 - {59099400-57FF-11CE-BD94-0020AF85B590} [diskcopy.dll]
C:\WINDOWS\system32\ntlanui2.dll InMem: 0 Det [G] MD5: 75AC93BB0EDA95A6B928C7949E60B98B PX5: 0FBD6225003D84B73AA5000A7557EF00532B5590
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{59be4990-f85c-11ce-aff7-00aa003ca9f6}\InprocServer32 - {59be4990-f85c-11ce-aff7-00aa003ca9f6} [ntlanui2.dll]
C:\WINDOWS\system32\printui.dll InMem: 0 Det [G] MD5: CA104D6E9428BA00346CD615A1EE2E31 PX5: CFC465B500331E10BE8C08062B62D70065070AFA
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{77597368-7b15-11d0-a0c2-080036af3f03}\InprocServer32 - {77597368-7b15-11d0-a0c2-080036af3f03} [printui.dll]
C:\WINDOWS\system32\dskquoui.dll InMem: 0 Det [G] MD5: BECA74D3E444B46FA22300B26A46B67D PX5: 22C011F30068927142C902641380E9009CE9DCD6
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7988B573-EC89-11cf-9C00-00AA00A14F56}\InprocServer32 - {7988B573-EC89-11cf-9C00-00AA00A14F56} [dskquoui.dll]
C:\WINDOWS\system32\syncui.dll InMem: 0 Det [G] MD5: AD552FCC0582EA9D1A8F7AB38FB53393 PX5: 32CB8DAC001BF20AF6D60250E1D558008C7994BA
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 - {85BBD920-42A0-1069-A2E4-08002B30309D} [syncui.dll]
C:\WINDOWS\system32\hticons.dll InMem: 0 Det [G] MD5: 487B70D88AE51825E90C98E067205E60 PX5: FDDAAC340069DC70AEDE004813C9AE00464F204F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}\InprocServer32 - {88895560-9AA2-1069-930E-00AA0030EBC8} [C:\WINDOWS\system32\hticons.dll]
C:\WINDOWS\system32\fontext.dll InMem: 0 Det [G] MD5: 71A69EEE673B5D15EBC8479BE12D65C7 PX5: A9B1E4F600762191E233053033E9D8001908E1DB
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BD84B380-8CA2-1069-AB1D-08000948F534}\InprocServer32 - {BD84B380-8CA2-1069-AB1D-08000948F534} [fontext.dll]
C:\WINDOWS\system32\deskperf.dll InMem: 0 Det [G] MD5: 584DAC27268A6A1892062380B1582494 PX5: DEBA621400871F794A8D0005514927006E3B795A
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f92e8c40-3d33-11d2-b1aa-080036a75b03}\InprocServer32 - {f92e8c40-3d33-11d2-b1aa-080036a75b03} [deskperf.dll]
C:\WINDOWS\system32\cryptext.dll InMem: 0 Det [G] MD5: D8340D897AD5CF76E359D3EBBABB5A03 PX5: 144B846200DE013DD4E800E6AFBAF700F56839D9
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 - {7444C717-39BF-11D1-8CD9-00C04FC29D45} [C:\WINDOWS\system32\cryptext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 - {7444C719-39BF-11D1-8CD9-00C04FC29D45} [C:\WINDOWS\system32\cryptext.dll]
C:\WINDOWS\system32\wiashext.dll InMem: 0 Det [G] MD5: C1F811F1EDC12130F9842B93B588957F PX5: C96A74CF00663EB10AB209D765C2F9007A08BE3F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\InprocServer32 - {E211B736-43FD-11D1-9EFB-0000F8757FCD} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}\InprocServer32 - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{905667aa-acd6-11d2-8080-00805f6596d2}\InprocServer32 - {905667aa-acd6-11d2-8080-00805f6596d2} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3F953603-1008-4f6e-A73A-04AAC7A992F1}\InprocServer32 - {3F953603-1008-4f6e-A73A-04AAC7A992F1} [wiashext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{83bbcbf3-b28a-4919-a5aa-73027445d672}\InprocServer32 - {83bbcbf3-b28a-4919-a5aa-73027445d672} [wiashext.dll]
C:\WINDOWS\system32\remotepg.dll InMem: 0 Det [G] MD5: 248AFC0C31E60BBBFACEAC5FD66B4F3D PX5: B276FC4B0072F7D1EE38004C043BDE00E8D7EAE4
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F0152790-D56E-4445-850E-4F3117DB740C}\InprocServer32 - {F0152790-D56E-4445-850E-4F3117DB740C} [C:\WINDOWS\system32\remotepg.dll]
C:\WINDOWS\system32\wshext.dll InMem: 0 Det [G] MD5: 1905F39172A4864F8ABAD9337BDCAD22 PX5: 38E6CFFB00379FAF0083014A90873000B4F2EB52
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{60254CA5-953B-11CF-8C96-00AA00B8708C}\InprocServer32 - {60254CA5-953B-11CF-8C96-00AA00B8708C} [C:\WINDOWS\system32\wshext.dll]
C:\Programmi\File comuni\System\Ole DB\oledb32.dll InMem: 0 Det [G] MD5: A2033E5A2B7FC1874CACD6D70A7A7095 PX5: 722A7F0200065713701D079CB9F9D70095D47802
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2206CDB2-19C1-11D1-89E0-00C04FD7A829}\InprocServer32 - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} [C:\Programmi\File comuni\System\Ole DB\oledb32.dll]
C:\WINDOWS\system32\mstask.dll InMem: 0 Det [G] MD5: EC25A03FF0624969D508C6F1E25CD664 PX5: 28BAE091003DDB7248B2048CE9759F0060145387
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}\InprocServer32 - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [C:\WINDOWS\system32\mstask.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}\InprocServer32 - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [C:\WINDOWS\system32\mstask.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\InprocServer32 - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} [C:\WINDOWS\system32\mstask.dll]
C:\WINDOWS\system32\wuaucpl.cpl InMem: 0 Det [G] MD5: D7FA9A9750403CC68DC209CDE7C50D7A PX5: DEC1D60858D0AD974D1603850E3A98002B746A2D
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5F327514-6C5E-4d60-8F16-D07FA08A78ED}\InprocServer32 - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} [C:\WINDOWS\system32\wuaucpl.cpl]
C:\WINDOWS\system32\twext.dll InMem: 0 Det [G] MD5: 9C0305DF90319693B0B8025976DE5C66 PX5: 83D6D2D5007A7A78AC5A00555BE37F0060757F73
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\InprocServer32 - {596AB062-B4D2-4215-9F74-E9109B0A8153} [%SystemRoot%\system32\twext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9DB7A13C-F208-4981-8353-73CC61AE2783}\InprocServer32 - {9DB7A13C-F208-4981-8353-73CC61AE2783} [%SystemRoot%\system32\twext.dll]
C:\WINDOWS\system32\shmedia.dll InMem: 0 Det [G] MD5: BF30BB4D33AFA9E7E33F82F7DE84F18C PX5: 6F935BCA00698E3154450276A47BF4000FC59B48
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}\InprocServer32 - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}\InprocServer32 - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E4B29F9D-D390-480b-92FD-7DDB47101D71}\InprocServer32 - {E4B29F9D-D390-480b-92FD-7DDB47101D71} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InprocServer32 - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A6FD9E45-6E44-43f9-8644-08598F5A74D9}\InprocServer32 - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} [%SystemRoot%\system32\shmedia.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{c5a40261-cd64-4ccf-84cb-c394da41d590}\InprocServer32 - {c5a40261-cd64-4ccf-84cb-c394da41d590} [%SystemRoot%\system32\shmedia.dll]
C:\WINDOWS\system32\sendmail.dll InMem: 0 Det [G] MD5: 2E2CF126E0C68EE3954D4033035CA78E PX5: 89815E52001B0148D88B0081AF133A006B487C42
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [C:\WINDOWS\system32\sendmail.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [C:\WINDOWS\system32\sendmail.dll]
C:\WINDOWS\system32\occache.dll InMem: 0 Det [G] MD5: D3E739F96F21AC80D9488AEA40674277 PX5: 775D775C00AED10A92CA016B883DA800385F129C
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{88C6C381-2E85-11D0-94DE-444553540000}\InprocServer32 - {88C6C381-2E85-11D0-94DE-444553540000} [C:\WINDOWS\system32\occache.dll]
C:\WINDOWS\system32\appwiz.cpl InMem: 0 Det [G] MD5: 5811931252689335B915135F40AF5EF1 PX5: 7BF23A6100E0F96772F20888CE0D3F00288DF318
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{352EC2B7-8B9A-11D1-B8AE-006008059382}\InprocServer32 - {352EC2B7-8B9A-11D1-B8AE-006008059382} [%SystemRoot%\system32\appwiz.cpl]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0B124F8F-91F0-11D1-B8B5-006008059382}\InprocServer32 - {0B124F8F-91F0-11D1-B8B5-006008059382} [%SystemRoot%\system32\appwiz.cpl]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CFCCC7A0-A282-11D1-9082-006008059382}\InprocServer32 - {CFCCC7A0-A282-11D1-9082-006008059382} [%SystemRoot%\system32\appwiz.cpl]
C:\WINDOWS\system32\shimgvw.dll InMem: 0 Det [G] MD5: 3528C993453CA6AEC6AB684FF1189950 PX5: BF42E4FC005BE16EB66806F7E01C32002F436309
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{e84fda7c-1d6a-45f6-b725-cb260c236066}\InprocServer32 - {e84fda7c-1d6a-45f6-b725-cb260c236066} [%SystemRoot%\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}\InprocServer32 - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} [%SystemRoot%\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}\LocalServer32 - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_COMServ]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3F30C968-480A-4C6C-862D-EFC0897BB84B}\InprocServer32 - {3F30C968-480A-4C6C-862D-EFC0897BB84B} [C:\WINDOWS\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9DBD2C50-62AD-11d0-B806-00C04FD706EC}\InprocServer32 - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} [C:\WINDOWS\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EAB841A0-9550-11cf-8C16-00805F1408F3}\InprocServer32 - {EAB841A0-9550-11cf-8C16-00805F1408F3} [C:\WINDOWS\system32\shimgvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}\InprocServer32 - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [%SystemRoot%\system32\shimgvw.dll]
C:\WINDOWS\system32\netplwiz.dll InMem: 0 Det [G] MD5: 497A6C557821B002C784437591FF731B PX5: C0B90A180022DF616EE40D61CC92200055AE5438
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CC6EEFFB-43F6-46c5-9619-51D571967F7D}\InprocServer32 - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} [%SystemRoot%\system32\netplwiz.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{add36aa8-751a-4579-a266-d66f5202ccbb}\InprocServer32 - {add36aa8-751a-4579-a266-d66f5202ccbb} [%SystemRoot%\system32\netplwiz.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6b33163c-76a5-4b6c-bf21-45de9cd503a1}\InprocServer32 - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} [%SystemRoot%\system32\netplwiz.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{58f1f272-9240-4f51-b6d4-fd63d1618591}\InprocServer32 - {58f1f272-9240-4f51-b6d4-fd63d1618591} [%SystemRoot%\system32\netplwiz.dll]
C:\WINDOWS\system32\zipfldr.dll InMem: 0 Det [G] MD5: 84DC2B97AE10DEA7B265A74971634131 PX5: ED969ADB00D5666D2CF80569EB9E87007A803837
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\InprocServer32 - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [%SystemRoot%\system32\zipfldr.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BD472F60-27FA-11cf-B8B4-444553540000}\InprocServer32 - {BD472F60-27FA-11cf-B8B4-444553540000} [%SystemRoot%\system32\zipfldr.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}\InprocServer32 - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [%SystemRoot%\system32\zipfldr.dll]
C:\WINDOWS\system32\extmgr.dll InMem: 0 Det [G] MD5: FBDBCC75168D1AB9E5FA5208836253E5 PX5: 7A6620D700E5ED7908D40216916F4100405E6F62
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{692F0339-CBAA-47e6-B5B5-3B84DB604E87}\InprocServer32 - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} [C:\WINDOWS\system32\extmgr.dll]
C:\WINDOWS\system32\docprop2.dll InMem: 0 Det [G] MD5: 886BA5DB0A87B5A0D5F85C39424FC2AC PX5: BAD4E96E0064F346BC36008E2891DB0060D308D0
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{883373C3-BF89-11D1-BE35-080036B11A03}\InprocServer32 - {883373C3-BF89-11D1-BE35-080036B11A03} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A9CF0EAE-901A-4739-A481-E35B73E47F6D}\InprocServer32 - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{8EE97210-FD1F-4B19-91DA-67914005F020}\InprocServer32 - {8EE97210-FD1F-4B19-91DA-67914005F020} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}\InprocServer32 - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6A205B57-2567-4A2C-B881-F787FAB579A3}\InprocServer32 - {6A205B57-2567-4A2C-B881-F787FAB579A3} [C:\WINDOWS\system32\docprop2.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}\InprocServer32 - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} [C:\WINDOWS\system32\docprop2.dll]
C:\WINDOWS\system32\dsquery.dll InMem: 0 Det [G] MD5: 3241BE7FA4E0191AE13D80B605AC980E PX5: 97CEB5F9000C9E25AA2703A3E1CE88000E6ADB1E
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{8A23E65E-31C2-11d0-891C-00A024AB2DBB}\InprocServer32 - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} [%SystemRoot%\system32\dsquery.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}\InprocServer32 - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [%SystemRoot%\system32\dsquery.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}\InprocServer32 - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} [%SystemRoot%\system32\dsquery.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F020E586-5264-11d1-A532-0000F8757D7E}\InprocServer32 - {F020E586-5264-11d1-A532-0000F8757D7E} [%SystemRoot%\system32\dsquery.dll]
C:\WINDOWS\system32\dsuiext.dll InMem: 0 Det [G] MD5: CA33E221EFA6C8BC9081F62FB81C4F46 PX5: 6A192EC500170EFDBCEB0145A96D9300BCCCF2CE
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0D45D530-764B-11d0-A1CA-00AA00C16E65}\InprocServer32 - {0D45D530-764B-11d0-A1CA-00AA00C16E65} [%SystemRoot%\system32\dsuiext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{62AE1F9A-126A-11D0-A14B-0800361B1103}\InprocServer32 - {62AE1F9A-126A-11D0-A14B-0800361B1103} [%SystemRoot%\system32\dsuiext.dll]
C:\WINDOWS\msagent\agentpsh.dll InMem: 0 Det [G] MD5: 43E7C7538D4FD053D19758DD758A2842 PX5: 7469413C00931FFF5E8700E559045400C1A9DC6C
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\InprocServer32 - {143A62C8-C33B-11D1-84FE-00C04FA34A14} [C:\WINDOWS\msagent\agentpsh.dll]
C:\WINDOWS\system32\dfsshlex.dll InMem: 0 Det [G] MD5: 41F6A64EB0D0C8B6FDFF7C376F4CEC17 PX5: C56F8BCC000B5CE570B200C57894E100F757413D
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}\InprocServer32 - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [C:\WINDOWS\system32\dfsshlex.dll]
C:\WINDOWS\system32\photowiz.dll InMem: 0 Det [G] MD5: 06CFB5CE176F60AA715635A291960ACC PX5: B7418C4500E88487A00C02F731B52500E7F273D2
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{60fd46de-f830-4894-a628-6fa81bc0190d}\InprocServer32 - {60fd46de-f830-4894-a628-6fa81bc0190d} [%SystemRoot%\system32\photowiz.dll]
C:\WINDOWS\System32\mmcshext.dll InMem: 0 Det [G] MD5: D1C8ED56D0DB39E432EDDC5BFCA6DBE5 PX5: 8A0ADE010092153AC6C80087DEA97400BEB13B83
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7A80E4A8-8005-11D2-BCF8-00C04F72C717}\InprocServer32 - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} [%SystemRoot%\System32\mmcshext.dll]
C:\WINDOWS\system32\cabview.dll InMem: 0 Det [G] MD5: B6BF125D2C37CD7DF340B255A07134E8 PX5: 3D37E41700A8F7F74C2701763FA52300CB1B48CD
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InprocServer32 - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} [cabview.dll]
C:\Programmi\Outlook Express\wabfind.dll InMem: 0 Det [G] MD5: 64ECEDD4E261443874CAD4D66FE9FE44 PX5: 4FBC213F00A9A845805300462EEB2700C79BF84F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InprocServer32 - {32714800-2E5F-11d0-8B85-00AA0044F941} [C:\Programmi\Outlook Express\wabfind.dll]
C:\WINDOWS\system32\wmpshell.dll InMem: 0 Det [G] MD5: 7F36E513A02D1AE1A1CEA84014775A14 PX5: A257F2F40064E0C786EE01FC6369D9002CF4EA3F
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{8DD448E6-C188-4aed-AF92-44956194EB1F}\InprocServer32 - {8DD448E6-C188-4aed-AF92-44956194EB1F} [C:\WINDOWS\system32\wmpshell.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\InprocServer32 - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [C:\WINDOWS\system32\wmpshell.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\InprocServer32 - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [C:\WINDOWS\system32\wmpshell.dll]
C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL InMem: 0 Det [G] MD5: 32E82A0C6D4272407DC8547354EFA42B PX5: 073BE487D0FEC602BA1813A9CC42E600B4CC277E
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} [C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]
C:\Programmi\Microsoft Office\OFFICE11\MLSHEXT.DLL InMem: 0 Det [G] MD5: 1B085E6B3AD4C110FBB9C6BE353E913B PX5: 9B2D4CB3588A5EDB6A2600A1D5BF7900111D2336
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\InprocServer32 - {00020D75-0000-0000-C000-000000000046} [C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL]
C:\Programmi\Microsoft Office\OFFICE11\OLKFSTUB.DLL InMem: 0 Det [G] MD5: 36DAA15E14C55D2A2F1A7C7674E4DEB3 PX5: 19E651CC58314F6F8A2003BC4AFAA0001C166509
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0006F045-0000-0000-C000-000000000046}\InprocServer32 - {0006F045-0000-0000-C000-000000000046} [C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL]
C:\Programmi\Microsoft Office\OFFICE11\msohev.dll InMem: 0 Det [G] MD5: 165AE7A443F2139DD2C078AD87699F91 PX5: 9A454C88383E02BC06ED01134822DA00C01DA356
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 - {42042206-2D85-11D3-8CFF-005004838597} [C:\Programmi\Microsoft Office\OFFICE11\msohev.dll]
C:\WINDOWS\system32\dfshim.dll InMem: 0 Det [G] MD5: B3511383C8BE3A8C5B88A78971FC1141 PX5: 494A923700854E7646D901138F98BF001434DC1A
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{e82a2d71-5b2f-43a0-97b8-81be15854de8}\InprocServer32 - {e82a2d71-5b2f-43a0-97b8-81be15854de8} [C:\WINDOWS\system32\dfshim.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}\InprocServer32 - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} [C:\WINDOWS\system32\dfshim.dll]
C:\Programmi\WinRAR\rarext.dll InMem: 1 Det [G] MD5: 3B42317C8A22B82B04BF8C4E13B27CF0 PX5: 07DF7C73006B868CEA65018EC514810076D8EDF7
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InprocServer32 - {B41DB860-8EE4-11D2-9906-E49FADC173CA} [C:\Programmi\WinRAR\rarext.dll]
C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll InMem: 1 Det [G] MD5: B5B72C5A3BFF3CBC9FFD9D6B31350AFB PX5: 7B634103E8B85A60C57A00C68480140029165693
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB}\InprocServer32 - {D9872D13-7651-4471-9EEE-F0A00218BEBB} [C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll]
C:\WINDOWS\system32\wpdshext.dll InMem: 0 Det [G] MD5: 81D2A27C916C7830743E4AFA454099F7 PX5: 260936F700D6CD55B83A276215529800C0FDB145
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{35786D3C-B075-49b9-88DD-029876E11C01}\InprocServer32 - {35786D3C-B075-49b9-88DD-029876E11C01} [%SystemRoot%\system32\wpdshext.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}\InprocServer32 - {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} [%SystemRoot%\system32\wpdshext.dll]
C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll InMem: 0 Det [G] MD5: 649E3AB705EB0F3AF213DCD4378515CF PX5: B1890F3400D5EA5A20BB010834EFD000F277BA6A
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32 - {5E2121EE-0300-11D4-8D3B-444553540000} [C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll]
C:\WINDOWS\system32\Audiodev.dll InMem: 0 Det [G] MD5: 4C48F1B30A82583CAEE0DA02DD7259EE PX5: 4BE217500087C5F13A360430E7958900806DA483
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}\InprocServer32 - {640167b4-59b0-47a6-b335-a6b3c0695aea} [%SystemRoot%\system32\Audiodev.dll]
C:\Programmi\Grisoft\AVG7\avgse.dll InMem: 1 Det [G] MD5: 36687E123D87F468E33ABF11E5DD0797 PX5: F9F3CE2B006E4BABC6AA009F1D03DF00B7FB4F13
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\InprocServer32 - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [C:\Programmi\Grisoft\AVG7\avgse.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}\InprocServer32 - {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [C:\Programmi\Grisoft\AVG7\avgse.dll]
C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll InMem: 1 Det [G] MD5: 8BDE1F61DFBAAE7A2916170E8B75FE0F PX5: C50DF20B18DE433E0699056FA6DBAF006DF279E3
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}\InprocServer32 - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} [C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll]
C:\Programmi\a-squared Free\a2freecontmenu.dll InMem: 0 Det [G] MD5: 80BEF750167F69AEEEEBC229E37FDCC3 PX5: 2DC32EDD909DF5714C2B03139648A400FFC160C8
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A155339D-CCCD-4714-85EB-3754B804C9DF}\InprocServer32 - {A155339D-CCCD-4714-85EB-3754B804C9DF} [C:\Programmi\a-squared Free\a2freecontmenu.dll]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll InMem: 0 Det [G] MD5: 233CE7C252D3AC7DE4A793C45B6F4CC3 PX5: B885D7570011A1C33E580C3C0EDB9F0028F9BD5D
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll]
C:\WINDOWS\system32\msapsspc.dll InMem: 0 Det [G] MD5: 9B6E96F4EC4104BCB180C5BEA2787B3F PX5: 8C479BBA0065475850000105207F00002CA02E51
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\digest.dll InMem: 0 Det [G] MD5: 9B4CD31081F2CE1D69D2580D015C82EA PX5: 2283761F0087EB020C9B01CC3CCBC600B4AB6B96
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\WINDOWS\system32\msnsspc.dll InMem: 0 Det [G] MD5: A99939BAE7757437683F4D6B1021A499 PX5: 5FC3C3D6008FE4D0702D042D3521CB003038EB19
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
C:\Programmi\Adobe\Reader 8.0\Reader\pdfprevhndlrshim.exe InMem: 0 Det [G] MD5: 54CAAEBAC648AF1BA1F943046A824356 PX5: 623D7460882DBAFD90910060B8205E0036350873
REGRUNGEN - \REGISTRY\Machine\Software\Classes\CLSID\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}\LocalServer32 - {49400A7C-81A8-4F52-8CCE-D54739EE87EC} ["C:\Programmi\Adobe\Reader 8.0\Reader\pdfprevhndlrshim.exe"]
C:\Programmi\CyberLink\PowerDVD\VideoFilter\CLVsd.ax InMem: 0 Det [G] MD5: 71933377073F0BC382D253B49760B305 PX5: 2F98853D0056124AF0A107B5CCB8F30033427538
REGRUNGEN - \REGISTRY\Machine\Software\Classes\CLSID\{8ACD52ED-9C2D-4008-9129-DCE955D86065}\InprocServer32 - PreferredMPEG2VideoDecoder [C:\Programmi\CyberLink\PowerDVD\VideoFilter\CLVsd.ax]
C:\Programmi\CyberLink\PowerDVD\AudioFilter\CLAud.ax InMem: 0 Det [G] MD5: 13AB2C08165E0946AADFED61D6EEDF79 PX5: 4A42E88F00101D245049100F5E4A6800CA962A51
REGRUNGEN - \REGISTRY\Machine\Software\Classes\CLSID\{284DC28A-4A7D-442c-BC2E-D7480556E4D8}\InprocServer32 - PreferredMPEG2AudioDecoder [C:\Programmi\CyberLink\PowerDVD\AudioFilter\CLAud.ax]
C:\WINDOWS\Resources\themes\Luna\Luna.msstyles InMem: 0 Det [G] PX5: D4AC08E190E1815FF0763FFB772E82003759142D
REGRUNGEN - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Themes - InstallVisualStyle [%SystemRoot%\Resources\themes\Luna\Luna.msstyles]
C:\WINDOWS\system32\aaclient.dll InMem: 0 Det [G] MD5: A50C15D21C7D488E5535E36503A42061 PX5: F336024100ABE94CC85B015F412E3300D70AF687
REGTERM - \REGISTRY\Machine\Software\Microsoft\Terminal Server Client\TransportExtensions - gateway [aaclient.dll]
C:\WINDOWS\system32\rdpclip.exe InMem: 0 Det [G] MD5: 456E33D8A5B34B0B9B5DE1270E13C7A3 PX5: 3129DB34009CADCFF4300018D68AB90013FA4372
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - StartupPrograms [rdpclip]
C:\WINDOWS\system32\rdpwsx.dll InMem: 0 Det [G] MD5: 98B543037E34C640622FA61E895326C4 PX5: 2D4F90888862EA65546401DF11DAFF009FB4CACF
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - WsxDll [rdpwsx]
C:\WINDOWS\system32\RDPCFGEX.DLL InMem: 0 Det [G] MD5: 0F6F4433F47441C14F17D5348CF609B0 PX5: 648184F200AE0568123C00C1F661D900A8042FB8
REGTERM - \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd - CfgDll [RDPCFGEX.DLL]
C:\WINDOWS\System32\cmd.exe InMem: 0 Det [G] MD5: 94744851B6A9BDCEFCD26CC61A6AFD12 PX5: 174F65020044C14C121406F23AA7F300C65DE81F
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\1.0 - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGTELNET - \REGISTRY\Machine\Software\Microsoft\TelnetServer\Defaults - DefaultShell [%SYSTEMROOT%\System32\cmd.exe]
REGSAFESEC - \REGISTRY\Machine\System\CurrentControlSet\Control\SafeBoot - AlternateShell [cmd.exe]
C:\WINDOWS\system32\rdpsnd.dll InMem: 0 Det [G] MD5: 1C5C414CC29D507B89E355E1733A7491 PX5: 34FBA65500CFB6AF4EE7003742BB470065937B12
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wave [rdpsnd.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - mixer [rdpsnd.dll]
C:\WINDOWS\system32\imaadp32.acm InMem: 0 Det [G] MD5: 316F81B3EC381C1C76E07CA43FC12BFC PX5: 528D926A00EB3B4A408A0067B777E0007219DE4B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.imaadpcm [imaadp32.acm]
C:\WINDOWS\system32\msadp32.acm InMem: 0 Det [G] MD5: 147BA07670FA18D112D631B9EEC2CA21 PX5: 9896734D003A7B4A3AD6001B2D129300C6CAD27F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msadpcm [msadp32.acm]
C:\WINDOWS\system32\msg711.acm InMem: 0 Det [G] MD5: D609EDECB9692217BCA166C09A8AA6D0 PX5: 98836843004ECD5624170012D62AF300ADA7FDE1
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg711 [msg711.acm]
C:\WINDOWS\system32\msgsm32.acm InMem: 0 Det [G] MD5: DBB6C6DBA7C404BF266E064889C45907 PX5: 7715C6930008610D4E5300A5AC1D5400348AB758
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msgsm610 [msgsm32.acm]
C:\WINDOWS\system32\tssoft32.acm InMem: 0 Det [G] MD5: 49445261FFAAB7F8B915C4D3041AA7F4 PX5: 9DB260C30072F5C620530046E6B0DC000EF1898D
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.trspch [tssoft32.acm]
C:\WINDOWS\system32\iccvid.dll InMem: 0 Det [G] MD5: BE4DE2539B3DB9D31D75FE0D323C52EE PX5: 0CEE20B80002FE623A80014E667E0900EDC97E34
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.cvid [iccvid.dll]
C:\WINDOWS\system32\msh263.drv InMem: 0 Det [G] MD5: B2E67E6045966C14A746627DCCF3F67D PX5: D1EBECF00092F1C390AB04548720B200A8771D55
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.I420 [msh263.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M263 [msh263.drv]
C:\WINDOWS\system32\ir32_32.dll InMem: 0 Det [G] MD5: CDE3AEAEEFF57DBB43133F46E96AD8C5 PX5: 48C6FD2800CF7D770AB40340E9EE0B00336C0935
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv31 [ir32_32.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv32 [ir32_32.dll]
C:\WINDOWS\system32\ir41_32.ax InMem: 0 Det [G] MD5: 757C7944EB0D518020BB59A1A3AE9826 PX5: 88C1844600D60C2BF2960C06110E8900D716354E
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv41 [ir41_32.ax]
C:\WINDOWS\system32\iyuv_32.dll InMem: 0 Det [G] MD5: 193315B73270BAD33A3C2F527C8380F6 PX5: 8D2F485A000F6953BA8B00EF89F3AE0028DCEE98
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.IYUV [iyuv_32.dll]
C:\WINDOWS\system32\msrle32.dll InMem: 0 Det [G] MD5: 7B999CA58C6276D885F17ABC73982009 PX5: 6AD29AC5008293D12C2D00B216F74700B26503F0
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.mrle [msrle32.dll]
C:\WINDOWS\system32\msvidc32.dll InMem: 0 Det [G] MD5: D648EDBA85278839E30979CE627E5C81 PX5: CE4E524C0073A8EC64FF00E1300C68000D8D97A8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.msvc [msvidc32.dll]
C:\WINDOWS\system32\msyuv.dll InMem: 0 Det [G] MD5: B35E1E08BF94E68DAF5D9F52485EA368 PX5: 92EC75E800DB9BE5440C000A47ABC3009642377A
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.UYVY [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YUY2 [msyuv.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YVYU [msyuv.dll]
C:\WINDOWS\system32\tsbyuv.dll InMem: 0 Det [G] MD5: A892EC07DFFC3D8BF879102982F08721 PX5: 86646A040019522320A100B4BB4D900094B11477
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - VIDC.YVU9 [tsbyuv.dll]
C:\WINDOWS\system32\msg723.acm InMem: 0 Det [G] MD5: D53BDE174AD076AE58C8245A524CFB85 PX5: 11020CC8008FB79ED00601EAD6C03900AA679A83
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msg723 [msg723.acm]
C:\WINDOWS\system32\msh261.drv InMem: 0 Det [G] MD5: 35F5338123495C871C4C7CC9FCE784F6 PX5: A41AA5420008DA3EF0B402388EE55600B25D24F8
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.M261 [msh261.drv]
C:\WINDOWS\system32\msaud32.acm InMem: 0 Det [G] MD5: 9EFCA60A4BDCF77FC5E2337E3AB61B1E PX5: C38F33CC0026C9E080B10460DFC46F004CE633B9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.msaudio1 [msaud32.acm]
C:\WINDOWS\system32\sl_anet.acm InMem: 0 Det [G] MD5: C2E1907DDE505F02585E7C85F927333A PX5: 3DA8D952002B67BF508D01A57E615F00B2B2EA92
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.sl_anet [sl_anet.acm]
C:\WINDOWS\system32\iac25_32.ax InMem: 0 Det [G] MD5: 60B88C336EF385EB0ED77B73852712F3 PX5: D062C8E7003B5A390C1703C014BB9700CE1BED53
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.iac2 [C:\WINDOWS\system32\iac25_32.ax]
C:\WINDOWS\system32\ir50_32.dll InMem: 0 Det [G] MD5: B11FB596034932DC55A7638911F482C2 PX5: 8FA030FE0030B5D3865F0B4087D0420068F6854C
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.iv50 [ir50_32.dll]
C:\WINDOWS\system32\l3codeca.acm InMem: 0 Det [G] MD5: C5AF10FD0A2C5938C4D962537AF13BA3 PX5: BD6FA9CA00B4F05D702C042DD7B42E003DC5A552
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - msacm.l3acm [C:\WINDOWS\system32\l3codeca.acm]
C:\WINDOWS\system32\VfWWDM32.dll InMem: 0 Det [G] MD5: 148B5330921C365FA4A2DB6C431A9B2C PX5: 50A7CDEB00FEFE76D6A800E76B929700EFCC0032
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - MSVideo8 [VfWWDM32.dll]
C:\WINDOWS\system32\DivX.dll InMem: 0 Det [GP] MD5: 5E1E3DB1E221217A9D8741DF89B739A1 PX5: EDB7DF0D00962A6F6A3F0AFC80E46A00C24897F6
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.DIVX [DivX.dll]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.yv12 [DivX.dll]
C:\WINDOWS\system32\JAVASUP.VXD InMem: 0 Det [G] MD5: 35BD074AE32E5EB19FF88DAF3030F803 PX5: 99B75F2393917E501C450098C8A2BA0043E75EB1
REGDRIVER - \REGISTRY\Machine\System\CurrentControlSet\Services\VXD\JAVASUP - StaticVxD [JAVASUP.VXD]
C:\WINDOWS\system32\rsvpsp.dll InMem: 0 Det [G] MD5: B4B4BC22821A8A0AC357297B784B996E PX5: 316FAA8C007F4493605401B98234D5008F685EE8
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
C:\WINDOWS\system32\ipxrip.dll InMem: 0 Det [G] MD5: 2DAC54A61B837FAC36FFD92B7E39B3FF PX5: 859821B9009D40A9548200AD83A363008B36EF0D
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXRIP - DllName [ipxrip.dll]
C:\WINDOWS\system32\ipxsap.dll InMem: 0 Det [G] MD5: 3EEA6D343B3D6FCF500DB1837C07DF06 PX5: 85797B9500D099280499015DBB948C00AAAAF548
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXSAP - DllName [ipxsap.dll]
C:\WINDOWS\System32\iprtrmgr.dll InMem: 0 Det [G] MD5: 30584106B1E3C4F836D35C92BA38B184 PX5: D40494A6008ED12A98FE023AAD1857000DD8C7B5
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip - DllPath [%SystemRoot%\System32\iprtrmgr.dll]
C:\WINDOWS\System32\ipxrtmgr.dll InMem: 0 Det [G] MD5: 7FF943A30BA413C3F43E8441A28B7AA7 PX5: 4718448E00AA1CC09C1B00C6E262700012078A35
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx - DllPath [%SystemRoot%\System32\ipxrtmgr.dll]
C:\WINDOWS\system32\Firewall.cpl InMem: 0 Det [G] MD5: 486C95D7867757EF75946CDC7FA547DD PX5: C6AD4E5900619E5B3AA801566FFF65004318E0B5
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Internet Connection Firewall [Firewall.cpl]
C:\WINDOWS\system32\NetSetup.cpl InMem: 0 Det [G] MD5: 6C00E8B5734CD98456E36A1919393597 PX5: 1727E2B500CA6EDF648A0091303FF7003D7EE312
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - NetSetupWizard [NetSetup.cpl]
C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl InMem: 0 Det [G] MD5: B281E4E0C7DE6016F067191AA0B10047 PX5: 4B95DF2F0028608F7026024663B5470081E40772
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Speech [C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl]
C:\Programmi\QuickTime\QTSystem\QuickTime.cpl InMem: 0 Det [G] MD5: A2E7C43D2C111EA2DD69F7EEE1EA2A53 PX5: 34BA02B2002A5C0FC048100E747F06005EE604D2
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - QuickTime [C:\Programmi\QuickTime\QTSystem\QuickTime.cpl]
C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma.cpl InMem: 0 Det [G] MD5: 130DE5BD97BAC6D112B395CF82CAA34A PX5: 5A3F558C0007D094104A0406613681009301CDED
REGCPL - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls - Adobe Gamma [C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma.cpl]
C:\WINDOWS\system32\Magnify.exe InMem: 0 Det [G] MD5: B8485B1B335C0C00397DD7ABC041475D PX5: 8FD0DD1200F1CC211E520147693D72005CC20F83
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier - Application path [Magnify.exe]
C:\WINDOWS\system32\osk.exe InMem: 0 Det [G] MD5: 7D5B9DD2D397E5D323C5DE2D0B4CAEB6 PX5: 865A974F008F100B4EF6035F16FFB2007D13E899
REGUTIL - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard - Application path [osk.exe]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\GIFIMP32.FLT InMem: 0 Det [G] MD5: 440D122A9A872889490CC04FEC6E6D00 PX5: 46D64618801D5766630903F3CBA7640069CEF45B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\GIF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\GIF - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\JPEGIM32.FLT InMem: 0 Det [G] MD5: 36C019ECC154058269648CA51D8725F7 PX5: 4275BF3980065F038D2B024B2BA05900A2274E6C
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\JPEG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\JPEG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\PNG32.FLT InMem: 0 Det [G] MD5: EB7B10F7936EFEC35C6275210FE0E8FF PX5: D8CEC01B80295FA22BAE032D94E9A900DE9D0159
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\PNG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PNG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\CDRIMP32.FLT InMem: 0 Det [G] MD5: 589D9DB1FA5A64DAB74FB8D8FEEFBF1C PX5: D9EC399480CCEA44E9DD06A420151C008C56C1AC
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CDR - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\CDRIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\CGMIMP32.FLT InMem: 0 Det [G] MD5: 7416984B33F98032239EE8089340426C PX5: 9E7372A1804D002369A10461642CC900342E903B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CGM - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\CGMIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\EPSIMP32.FLT InMem: 0 Det [G] MD5: 19C5EBD461870768BD5476ED20DBF58A PX5: 5BF32337808C68F099B2062F0E984D002C7BE2A9
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\EPS - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\EPSIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\PICTIM32.FLT InMem: 0 Det [G] MD5: 73985A4C015A8767455974BAB9BD4A31 PX5: 55D8C2B8807552990333018219988B0031600759
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PICT - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PICTIM32.FLT]
C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\WPGIMP32.FLT InMem: 0 Det [G] MD5: C4A4A1D5EAC5EA1D9BC225F68F53F44C PX5: 905DC0BF8097672A179502F27F53EB00F3EA4F01
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\WPG - Path [C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\WPGIMP32.FLT]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx InMem: 0 Det [G] MD5: 7CFDD7F54C64BFF62F64665A7E567896 PX5: D9CCCE7600AE330472C5014263EDAE006E08A176
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\ieinfo5 - [C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\OINFO11.OCX InMem: 0 Det [G] MD5: 9ACB2586F450DF349826EB51E0ABC950 PX5: 5C5178108086295C69610BF97958AD000535240B
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\OInfo11 - [C:\PROGRA~1\FILECO~1\MICROS~1\MSINFO\OINFO11.OCX]
C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe InMem: 0 Det [G] MD5: 12644A48270558AEC35230E476534F48 PX5: DCC20BBB0036A3BB9EFA00953DF8F200E6CDE36A
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo - Path [C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe]
C:\Programmi\Microsoft Office\OFFICE11\MSQRY32.EXE InMem: 0 Det [G] MD5: 8E60C525F12F5D759D21A87AAB446ABD PX5: 742FB872380EAE8EBA4809A85C15F50021837323
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSQuery - Path [C:\PROGRA~1\MICROS~2\OFFICE11\MSQRY32.EXE]
C:\Programmi\File comuni\Microsoft Shared\TextConv\HTML32.CNV InMem: 0 Det [G] MD5: 07C43E2B0AC9C694F90D502B1397B953 PX5: 54707638803422C1EB2B0406C665C10065D0A3A2
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\HTML - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\HTML32.CNV]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\HTML - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\HTML32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WRD6ER32.CNV InMem: 0 Det [G] MD5: E53620BEF06B224FE7A67388B0BECFF2 PX5: C3C71C92400AE19A461E003B3C2E07005391A6FD
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWord6RTFExp - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WRD6ER32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TEXTCONV\works632.cnv InMem: 0 Det [G] MD5: A06B48B5ACDDDD5BBC79737C20395FB9 PX5: E463410B08DE8A64449F01223E9C5D008661BD78
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWorksWin6 - Path [C:\Programmi\File comuni\Microsoft Shared\TEXTCONV\works632.cnv]
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWorksWin6 - Path [C:\Programmi\File comuni\Microsoft Shared\TEXTCONV\works632.cnv]
C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc InMem: 0 Det [G] MD5: AFD63CA25E43793FD7C42C5F74961559 PX5: 71A6A3C449C4AC08B01A01656F55D100B9B2E691
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWinWrite.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc InMem: 0 Det [G] MD5: DA91B90D37135534D061B7E3480FC11C PX5: 255241CE4A8E0D0D40E903D813E15E00D95525A3
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc - Path [C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc]
C:\Programmi\File comuni\Microsoft Shared\TextConv\MSWRD832.CNV InMem: 0 Det [G] MD5: 232E562BDD24ED4663F536F217D33EB6 PX5: 06F35CBD80DFE62F5B3C03943C185800B9472BB0
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord8 - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\MSWRD832.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\RECOVR32.CNV InMem: 0 Det [G] MD5: DA4E955D7542BA7B9CEAD34B48F6AE24 PX5: A0E75DBF5869DD1778C700BCF0A48A00305991ED
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Recover - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\RECOVR32.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT632.CNV InMem: 0 Det [G] MD5: 2F0A93673E7E6CCBB9063D4E1F9F8345 PX5: 7A2681AC80B62455753C03C186EAC100ED316E97
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WordPerfect6x - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WPFT632.CNV]
C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT532.CNV InMem: 0 Det [G] MD5: B1195FACC4B5F1DD2BFC84F3BE076BA4 PX5: 5E058B488045AD24E3750214979C0C009EC41038
REGSHARED - \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WrdPrfctDos - Path [C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WPFT532.CNV]
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll InMem: 1 Det [G] MD5: 2094BC9A0FC9C0E15EEA5F4A9581DD14 PX5: 8C22B1270080452CB0520538F9A2700042807472
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}\InprocServer32 - [C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll]
C:\WINDOWS\system32\mshta.exe InMem: 0 Det [G] MD5: 2667B412F7453B8C39197D3C550536CD PX5: E471D23E00EB3DB3B2DC00A2C177ED0052C33CB2
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\htafile\shell\open\command - [C:\WINDOWS\system32\mshta.exe "%1" %*]
C:\WINDOWS\System32\WScript.exe InMem: 0 Det [G] MD5: F5AFF05C4B08EF753084D19690CFB5F3 PX5: 6955E35B00E6FD67C0C30150882FFB00E6346771
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\VBEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSHFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\WSFFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSEFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\JSFile\shell\open\command - [%SystemRoot%\System32\WScript.exe "%1" %*]
C:\Programmi\CyberLink\PowerDVD\PowerDVD.exe InMem: 0 Det [G] MD5: 3DDD47B8C513EF32DD09C0CF927AD6EF PX5: BA0ACF0E003661B4107C08BABC2C21001CF9AC3F
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\plsfile\shell\open\command - ["C:\Programmi\CyberLink\PowerDVD\PowerDVD.exe" "%L"]
C:\WINDOWS\system32\mmc.exe InMem: 0 Det [G] MD5: B0B93DE885F03974C12B6238D68A6F67 PX5: C6EB514E00915CDD74820CD0EB0CF8007694B8C8
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\MSCFile\shell\open\command - [%SystemRoot%\system32\mmc.exe "%1" %*]
C:\Programmi\Outlook Express\msimn.exe InMem: 0 Det [G] MD5: 9A4B8A0D20B22E0E8BBC495CD0FC7EEA PX5: C590CE8500B66EAEEC1A000D7D657F00AB8E0704
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\mailto\shell\open\command - ["%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1]
C:\Programmi\Adobe\Adobe Photoshop CS2\Photoshop.exe InMem: 0 Det [G] PX5: D21F9E6E00299B32404A2AFD3D410E01D2D81AD6
C:\Programmi\Alice ti aiuta\bin\MotiveBrowser.exe InMem: 0 Det [G] MD5: FD247E69D850C876D8D5594A23772421 PX5: DF1A1F7D00210A5950630286399DAB00F94834CA
C:\Programmi\EA GAMES\American McGee's Alice\alice.exe InMem: 0 Det [GP] MD5: 990441FA6CD3C401060604A4D39ADD1F PX5: 4D1DE1F12B77DA52B81921231A652200C1286DE1
C:\Programmi\CCleaner\ccleaner.exe InMem: 0 Det [G] MD5: 70F1BE97F2AF234835B24E8E60D076AE PX5: 95ACB797F053E701047A0B21BB6A8900438C6C3D
C:\Programmi\FreePOPs\freepopsd.exe InMem: 0 Det [u] MD5: 687DBE343BAEBDD72F70AC527FADD2EE PX5: 3A7DBED50054E838C023002BE2D24F00E9D63331
C:\Programmi\GoldWave\GoldWave.exe InMem: 0 Det [G] MD5: 162869309D0E77D0E0AF56E5014E9CB8 PX5: A7CA098500D34B70FCB12FBDFBE4DC0087C90639
C:\Programmi\Internet Explorer\iexplore.exe InMem: 0 Det [G] MD5: 2703D940A62B731AA220529DD7331A78 PX5: 459377C4006EC2958CF50957C1B302001020D1D8
C:\Programmi\jv16 PowerTools\jv16 PowerTools.exe InMem: 0 Det [GP] MD5: 1C6C568BA56D097C466F70686CF9C986 PX5: FE5DF3D100A41F42AA910F5628B29300D22638ED
C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\xlicons.exe InMem: 0 Det [GP] MD5: 12845372A47AFA7D73B5A52AEBFF5A04 PX5: C71AFF7200E4C034407F062DDDE82A004090619E
C:\WINDOWS\Installer\{90170410-6000-11D3-8CFE-0150048383C9}\misc.exe InMem: 0 Det [GP] MD5: 8133548F7A54C488EE074A69136035E4 PX5: C71AFF7200E4C034107F022DDDE82A003BB49701
C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pptico.exe InMem: 0 Det [GP] MD5: D98692AA6A4E8B04A714241D870DEAB6 PX5: C71AFF7200E4C034D07F032DDDE82A00DA84EAB2
C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\pubs.exe InMem: 0 Det [GP] MD5: D7BD29D5B36938BB9C9CF93FD6C8196E PX5: C71AFF7200E4C034F07F002DDDE82A00434F305A
C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\wordicon.exe InMem: 0 Det [GP] MD5: CE923E38FCD460DC17D4F5B11BB9FA18 PX5: C71AFF7200E4C034607F042DDDE82A00619CDD34
C:\Programmi\mIRC\mirc.exe InMem: 0 Det [G] MD5: 52F9F2101923E84DD146FD1058D97B60 PX5: 3ACAE8FC0037BC18B0101FC2406CE6000AFB40DF
C:\Programmi\PeerGuardian2\pg2.exe InMem: 0 Det [GP] MD5: 4F2FF640B393438F9C80BD1F72794224 PX5: 0BD413CE0001B6FCB2CC15034DC296002CD07BBB
C:\Programmi\Winamp\winamp.exe InMem: 0 Det [G] MD5: 3EF1A923AFC488FFA4FF137903133A76 PX5: E1655C3100F19F7A5E260AD89D2A15009143158B
D:\CANTINA\Fanta\WSM\WSM Manager Assistant.exe InMem: 0 Det [u] PX5: 2533565000C1A54E60A2947839FD9A005F5543B0
C:\Programmi\uTorrent\uTorrent.exe InMem: 0 Det [UP] MD5: CA3F4554910E40A0053626C1BB66C5FE PX5: B1F693AA30196BE45B0D032546DD930051E6D38F
C:\Programmi\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe InMem: 0 Det [G] MD5: FE2B506E16AF29AA6F993416DA2DF4E2 PX5: A67C8B3B50DE0A5E9D4E2BFC1AE23E007ED5C13F
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe InMem: 0 Det [G] MD5: 80660C611B596FFE8AF4074B31AA6FB7 PX5: 14B1D57F70D4C970368E05E929733300A0A3AB98
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe InMem: 0 Det [G] MD5: BD728EA235C9361F31D06C43FF7C4FB4 PX5: 9167754900A18409F0C80FC2E28A23006861544D
C:\Programmi\Sierra Online\Switchball\Switchball.exe InMem: 0 Det [u] PX5: 63F6F84501204CA5E0E06E8C60CC98000DDA8B5C
C:\Programmi\DivX\DivX Player\DivX Player.exe InMem: 0 Det [GP] MD5: 0339F52751F92749B715DFCC04181C45 PX5: BE009E620088C13924E519C6E8CBD80088CA1DB7
D:\CANTINA\eMule\emule.exe InMem: 0 Det [G] PX5: FFBE563F00E5D13F00B45190355B020096758CC9
C:\Programmi\EA Sports\FIFA 08\FIFA08.exe InMem: 0 Det [G] PX5: 8E04987D00E5E31F56477BBFAA32860030F23EF2
C:\Programmi\IncrediMail\bin\IncMail.exe InMem: 0 Det [G] MD5: 27AA1BB9B9DD79D456512094E8598B1C PX5: 7485BF09B8E47C1445FA03514322F90052B613A9
C:\Programmi\LHSP\L&H Power Translator Pro\ptpro.exe InMem: 0 Det [G] PX5: 8E305F6535EF1C8FB0AF3991F85D910027D391B0
C:\Programmi\Ahead\Nero StartSmart\NeroStartSmart.exe InMem: 0 Det [G] PX5: 32A0206056F6A43930C048E0C77BB300389D9682
C:\Programmi\EA GAMES\NFS Underground\Speed.exe InMem: 0 Det [GP] PX5: 7F3BDB72C821A01C0A023DF336FB940010B734D5
C:\Programmi\Eidos Interactive\TRAOD\Launcher.exe InMem: 0 Det [G] PX5: BE4DA8E900C23077F0CD53C34191D4002E1A007F
C:\Programmi\ArcSoft\VideoImpression 1.6\videoimp.exe InMem: 0 Det [G] MD5: 738F583FBB697AFEB4865F7A7AAD5B33 PX5: 203152E200033A09A09E0B5BEB571F0023D7028C
C:\WINDOWS\system32\drivers\acpiec.sys InMem: 0 Det [G] MD5: 49AC5CD87FBDDA62F3E25190019E7627 PX5: F21BE3DC800E8A0A2F3C009238A73C008905B399
C:\WINDOWS\system32\drivers\amdk6.sys InMem: 0 Det [G] MD5: 03BBCA770830A6FFC5A57B697D150F2F PX5: 4242D904806C60F8A08300740C09B400A99A704A
C:\WINDOWS\system32\drivers\amdk7.sys InMem: 0 Det [G] MD5: A4FF6CFCD83941B3628779CB32959C2B PX5: EABF85AE00CF7D2BA2F600B95331A000E92CF98B
C:\WINDOWS\system32\drivers\arp1394.sys InMem: 0 Det [G] MD5: F0D692B0BFFB46E30EB3CEA168BBC49F PX5: E79B803D809043E9ED9C00655C5EAE00E1E46E49
C:\WINDOWS\system32\drivers\ASUSHWIO.SYS InMem: 0 Det [G] MD5: DE91D0D73C3E61E6826D98FAC2FAC729 PX5: A73AAFA5C01706ED1657005184698A000DFF3991
C:\WINDOWS\system32\drivers\ati2erec.dll InMem: 0 Det [G] MD5: E0E6561D31A2E5CC2B79B0757709A026 PX5: 0B325C650088246CA04D0014BADC7600367DFB75
C:\WINDOWS\system32\drivers\atmepvc.sys InMem: 0 Det [G] MD5: 39A0A59180F19946374275745B21AEBA PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B
C:\WINDOWS\system32\drivers\atmlane.sys InMem: 0 Det [G] MD5: 0128E78FE835F074E469F03DB681CA9E PX5: 823332B380717184DAFD00B035ED9500F95C0458
C:\WINDOWS\system32\drivers\atmuni.sys InMem: 0 Det [G] MD5: E7EF69B38D17BA01F914AE8F66216A38 PX5: 92E7BF650082565E607E05AD216E0900953642D5
C:\WINDOWS\system32\drivers\avgmfx86.sys InMem: 0 Det [G] MD5: 0F471F46D155046BB58E4D6869A15382 PX5: 5CEACF26484D8409691D002E31934B00DCCD2A08
C:\WINDOWS\system32\drivers\AWRTPD.sys InMem: 0 Det [G] MD5: EC018602809B28520CAA132CD616BB2A PX5: 9443D85580132C06185A00846D3009009DCB0F0B
C:\WINDOWS\system32\drivers\AWRTRD.sys InMem: 0 Det [G] MD5: 10D3F81B955CD10D6464B1B922E5AC68 PX5: 6018459180814B2820FB00C5D1B25900FA03784B
C:\WINDOWS\system32\drivers\bcbthub.sys InMem: 0 Det [G] MD5: B990976940E0E93B4932CCCB536F446D PX5: 66E69F735E2B985E45EB02C652DD5800B945EEC8
C:\WINDOWS\system32\drivers\beep.sys InMem: 0 Det [G] MD5: DA1F27D85E0D1525F6621372E7B685E9 PX5: F62FA4F780D77A5110B2005CD7507900637E04C1
C:\WINDOWS\system32\drivers\bridge.sys InMem: 0 Det [G] MD5: E4E6A0922E3D983728C9AD4E8D466954 PX5: 69CABDC3803104ED17D001BEA902E2004A7836B0
C:\WINDOWS\system32\drivers\cbidf2k.sys InMem: 0 Det [G] MD5: 90A673FC8E12A79AFBED2576F6A7AAF9 PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7
C:\WINDOWS\system32\drivers\cdaudio.sys InMem: 0 Det [G] MD5: C1B486A7658353D33A10CC15211A873B PX5: 7D0D30B9001A5352491B006D9C79D000079079B1
C:\WINDOWS\system32\drivers\cdfs.sys InMem: 0 Det [G] MD5: CD7D5152DF32B47F4E36F710B35AAE02 PX5: 0225C13D004CC9CDF93000922132D000BA57D976
C:\WINDOWS\system32\drivers\cdr4_xp.sys InMem: 0 Det [G] MD5: BF79E659C506674C0497CC9C61F1A165 PX5: C8104DA1808A5DEE09FC008AD65C6900B79BCD14
C:\WINDOWS\system32\drivers\cdralw2k.sys InMem: 0 Det [G] MD5: 2C41CD49D82D5FD85C72D57B6CA25471 PX5: 9824CFC900F05AAF0AF10058B4C7A500B79BCD14
C:\WINDOWS\system32\drivers\cinemst2.sys InMem: 0 Det [G] MD5: 0CCCBD6EF94910804921BF04A2107EF8 PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424
C:\WINDOWS\system32\drivers\classpnp.sys InMem: 0 Det [G] MD5: D86173B401470F06D9810F7962969DDF PX5: 61280642007AE0BEC20400D8EC4D8200079FF3CE
C:\WINDOWS\system32\drivers\cpqdap01.sys InMem: 0 Det [G] MD5: 9624293E55AD405415862B504CA95B73 PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3
C:\WINDOWS\system32\drivers\crusoe.sys InMem: 0 Det [G] MD5: F8C288D89AD71BF1AFF0F9E4DB5D3A10 PX5: E4FE1A7080AF31429EBC00A2612936006E0D7B97
C:\WINDOWS\system32\drivers\diskdump.sys InMem: 0 Det [G] MD5: D16C81677A9BE399C63CD2EA486472A5 PX5: 6D7A5F848072A37B37EB00C342763700264F9014
C:\WINDOWS\system32\drivers\drmk.sys InMem: 0 Det [G] MD5: FF86422268DE771D571E123EB7092C6A PX5: 73B664558055CFD9EB9800CC44976A00031F37A9
C:\WINDOWS\system32\drivers\dxapi.sys InMem: 0 Det [G] MD5: FE97D0343ACFDEBDD578FC67CC91FA87 PX5: D0E069F50027643C29470029619BD400B7B7054A
C:\WINDOWS\system32\drivers\dxg.sys InMem: 0 Det [G] MD5: D3DAC8432110AAD0B02A58B4459AB835 PX5: 3F54B7A780F0ED98157C011AE18D4A00EE6485EB
C:\WINDOWS\system32\drivers\dxgthk.sys InMem: 0 Det [G] MD5: A73F5D6705B1D820C19B18782E176EFD PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14
C:\WINDOWS\system32\drivers\fastfat.sys InMem: 0 Det [G] MD5: 3117F595E9615E04F05A54FC15A03B20 PX5: 1E68B78D00BA4E2F30E102605EF38B00BED2E67D
C:\WINDOWS\system32\drivers\filedisk.sys InMem: 0 Det [G] MD5: 093913A016845FE257ED9B7FC8E28ED8 PX5: D92C145880BE2DAF32810076727065008714348E
C:\WINDOWS\system32\drivers\fips.sys InMem: 0 Det [G] MD5: 333FBBC71BDCBB46C58A3B51B3D51184 PX5: 1007D8C50089CEC889D600EFFDE6B800D02A5DA9
C:\WINDOWS\system32\drivers\fsvga.sys InMem: 0 Det [G] MD5: 25A7F5539209BE062D4BB3F9CD84BD16 PX5: 78ACD409008333CF30C90046F776F800BAB458CE
C:\WINDOWS\system32\drivers\fs_rec.sys InMem: 0 Det [G] MD5: 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A PX5: 2E3179C900CB71741FBA004F645EEB00865149D3
C:\WINDOWS\system32\drivers\fw203x.sys InMem: 0 Det [G] MD5: 4198F23618E7C8BCD24CC108C36F93A3 PX5: 9C23610D358E0BE2C5D00174E580CA00B6839A1C
C:\WINDOWS\system32\drivers\hidclass.sys InMem: 0 Det [G] MD5: 378055AB8DDA86228683C697C4E11685 PX5: 800EAA28801FAC928DC800F3F0296600134890AF
C:\WINDOWS\system32\drivers\hidparse.sys InMem: 0 Det [G] MD5: 5FFF41CD5108E9051D255C37825AF697 PX5: 202AE5AF805FDB4161470039E900C0009EB401B0
C:\WINDOWS\system32\drivers\ks.sys InMem: 0 Det [G] MD5: B9540E258F952650DE8DEC68719A5C97 PX5: 78D9F49380D52F3B2603022FFE8CE100B4CA1585
C:\WINDOWS\system32\drivers\ksecdd.sys InMem: 0 Det [G] MD5: EB7FFE87FD367EA8FCA0506F74A87FBB PX5: 774C935980F76922670D01959D71E6009D9267E6
C:\WINDOWS\system32\drivers\kstvtune.ax InMem: 0 Det [G] MD5: 8954589EC986884DEFF7A92F3AEC700A PX5: 12D57DCB007D6AF5F2DA001A7E2F9D001DAA2AFB
C:\WINDOWS\system32\drivers\kswdmcap.ax InMem: 0 Det [G] MD5: 20249FAB6E667647072DAAE3FED3D459 PX5: B3C771E000CFF110644001770C26F30015B04AC1
C:\WINDOWS\system32\drivers\ksxbar.ax InMem: 0 Det [G] MD5: EF4A57FF82379756822453E2C8308D7C PX5: 4267232500A72038A8B7002C909ABC00B9B91389
C:\WINDOWS\system32\drivers\mcd.sys InMem: 0 Det [G] MD5: D1F8BE91ED4DDB671D42E473E3FE71AB PX5: 874B185900D5916B1EF900C2FE181D00136FAB22
C:\WINDOWS\system32\drivers\mf.sys InMem: 0 Det [G] MD5: 729D83E56C29C510258A6E9E79FFDDC3 PX5: F49C56310087ADB9F998009652109C00BB35FCB1
C:\WINDOWS\system32\drivers\mnmdd.sys InMem: 0 Det [G] MD5: 4AE068242760A1FB6E1A44BF4E16AFA6 PX5: 33A41DEC8064684210700001C4EA1400320E2D4F
C:\WINDOWS\system32\drivers\modem.sys InMem: 0 Det [G] MD5: B30D2DB351E3191BD71232036CFE711A PX5: F22F2ACE0067686F7617004AA04CD400DCD5102E
C:\WINDOWS\system32\drivers\mountmgr.sys InMem: 0 Det [G] MD5: 65653F3B4477F3C63E68A9659F85EE2E PX5: 7309084F00AE944FA5B9001585E15200FF872CDC
C:\WINDOWS\system32\drivers\mqac.sys InMem: 0 Det [G] MD5: 157A32DDC6A019A4E31B19D604D2F127 PX5: A4B93ADE00A3CC201DAC01B48E57ED00D6108E71
C:\WINDOWS\system32\drivers\msfs.sys InMem: 0 Det [G] MD5: 561B3A4333CA2DBDBA28B5B956822519 PX5: 075BA4B3803111464A9700E6E20263008B5F85A4
C:\WINDOWS\system32\drivers\mup.sys InMem: 0 Det [G] MD5: 82035E0F41C2DD05AE41D27FE6CF7DE1 PX5: 488AE40380446D0EA57D014A890CCF00C681450A
C:\WINDOWS\system32\drivers\ndis.sys InMem: 0 Det [G] MD5: 558635D3AF1C7546D26067D5D9B6959E PX5: D3D6286080F2E0F0CA7A02249DEC7F001D734284
C:\WINDOWS\system32\drivers\ndproxy.sys InMem: 0 Det [G] MD5: 59FC3FB44D2669BC144FD87826BB571F PX5: FB8873A080F72F00942D005DFF5068001A60ED1C
C:\WINDOWS\system32\drivers\nic1394.sys InMem: 0 Det [G] MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC PX5: 720917AF800A6EE8F12400F5E9C6E000F750E215
C:\WINDOWS\system32\drivers\nikedrv.sys InMem: 0 Det [G] MD5: BE984D604D91C217355CDD3737AAD25D PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9
C:\WINDOWS\system32\drivers\npfs.sys InMem: 0 Det [G] MD5: 4F601BCB8F64EA3AC0994F98FED03F8E PX5: 20DA5FD280719B5A789A008E44C90300CCA72CD2
C:\WINDOWS\system32\drivers\NSDriver.sys InMem: 0 Det [G] MD5: 05BDD706A847BBFA9FD5948CD636EB1A PX5: D7A41BC58062FA0624F6003169CC6600FBF360AB
C:\WINDOWS\system32\drivers\ntfs.sys InMem: 0 Det [G] MD5: 19A811EF5F1ED5C926A028CE107FF1AF PX5: F6D2D4BD008F0B21C44F08EC65529C002F16FA15
C:\WINDOWS\system32\drivers\null.sys InMem: 0 Det [G] MD5: 73C1E1F395918BC2C6DD67AF7591A3AD PX5: 7047032880E19D2B0B4300F23A496700B79BCD14
C:\WINDOWS\system32\drivers\nwlnkipx.sys InMem: 0 Det [G] MD5: 79EA3FCDA7067977625B3363A2657C80 PX5: B455E8AE80D2C31959AC01662F7EE7009B9C1B54
C:\WINDOWS\system32\drivers\nwlnknb.sys InMem: 0 Det [G] MD5: 56D34A67C05E94E16377C60609741FF8 PX5: 04BB889700AAB944F73D0096D8122400A0912260
C:\WINDOWS\system32\drivers\nwlnkspx.sys InMem: 0 Det [G] MD5: C0BB7D1615E1ACBDC99757F6CEAF8CF0 PX5: 38D410228045AB3DDA820098A4E752008EA9780C
C:\WINDOWS\system32\drivers\nwrdr.sys InMem: 0 Det [G] MD5: 3F18D9365BE71C7B2E43B7CF4A0C1A10 PX5: 83E10CED0073D0907FCD02CE4498B500A105309E
C:\WINDOWS\system32\drivers\oprghdlr.sys InMem: 0 Det [G] MD5: 4BB30DDC53EBC76895E38694580CDFE9 PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14
C:\WINDOWS\system32\drivers\OXSER.SYS InMem: 0 Det [G] MD5: 8DB0DBDEC7880E81B73B8E7E8E9A666A PX5: 1D04E89CE12C5B9AC773000B168B8A005536FB01
C:\WINDOWS\system32\drivers\OXSER.VXD InMem: 0 Det [G] MD5: D55833194FE02E92EFA9E8EA8EB6B4AB PX5: 04AEA56E2C5394F538FF00AE3498280098AE5560
C:\WINDOWS\system32\drivers\p3.sys InMem: 0 Det [G] MD5: ACF18D9F903B29790B8F8E01535F37D4 PX5: BC6A682380C862C2B56A0022A0FE9B00ED93F9A1
C:\WINDOWS\system32\drivers\partmgr.sys InMem: 0 Det [G] MD5: 3334430C29DC338092F79C38EF7B4CD0 PX5: CD5C0D6C00BC0D35496D00DCA66DE800E5B26EF9
C:\WINDOWS\system32\drivers\parvdm.sys InMem: 0 Det [G] MD5: 0DABEF655A444CB1E193626FB1D24B9F PX5: D78233F200E873FD1B40001BF0D2FD00501E1542
C:\WINDOWS\system32\drivers\pciidex.sys InMem: 0 Det [G] MD5: 520B91AB011456B940D9B05FC91108FF PX5: DD4713DB00668128625F00A6F0879B00FA781103
C:\WINDOWS\system32\drivers\pcmcia.sys InMem: 0 Det [G] MD5: 28F3538A2091993A03506311A05053E8 PX5: 1E5E2DAE80A234A7D5E1011E8065A7000BABC19F
C:\WINDOWS\system32\drivers\portcls.sys InMem: 0 Det [G] MD5: 5B0F00E43A7094C0B7E433CB42C79164 PX5: AD607B188079CDEF39B802DAB6A7B200F599BD35
C:\WINDOWS\system32\drivers\processr.sys InMem: 0 Det [G] MD5: 2BE7F01E46970E946AA18CBA3DE019EB PX5: AF0FBDFA005416189A000040A9FF7600B2B78287
C:\WINDOWS\system32\drivers\rawwan.sys InMem: 0 Det [G] MD5: 01524CD237223B18ADBB48F70083F101 PX5: 3623B25780ED679386B1006F511AA700A8DBED63
C:\WINDOWS\system32\drivers\rdpwd.sys InMem: 0 Det [G] MD5: B54CD38A9EBFBF2B3561426E3FE26F62 PX5: F059F0E3086A11EC2111023C258C8900CFC29C24
C:\WINDOWS\system32\drivers\rio8drv.sys InMem: 0 Det [G] MD5: A56FE08EC7473E8580A390BB1081CDD7 PX5: 689BF8B80051228F2F8000540597A5009049C8B5
C:\WINDOWS\system32\drivers\riodrv.sys InMem: 0 Det [G] MD5: 0A854DF84C77A0BE205BFEAB2AE4F0EC PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7
C:\WINDOWS\system32\drivers\rmcast.sys InMem: 0 Det [G] MD5: 9D54C7C15847B933E03D6E7C9307BAE5 PX5: 51F889B700FC9166166A03256E7AAC00D3C16FD6
C:\WINDOWS\system32\drivers\rndismp.sys InMem: 0 Det [G] MD5: 7CE8B277F3207EA82D7D22AD348BEFC6 PX5: F5E4CD0480C828137517005714D7F1002CA246EF
C:\WINDOWS\system32\drivers\SCBaud.cpl InMem: 0 Det [G] MD5: 3B82611E599A17B0F64C8B60A7524C37 PX5: 919F5CF200EB608220C5019B5A33B70031E900C0
C:\WINDOWS\system32\drivers\SCBaud.w9x InMem: 0 Det [G] MD5: 22C591E694A081C05EA6F0310C7AAB77 PX5: 2B0F5DF60069E927508D01734B76E000133DC1E1
C:\WINDOWS\system32\drivers\scsiport.sys InMem: 0 Det [G] MD5: D7FD0FF761E28AC0EA35AD71E0CD67E9 PX5: BAEDAB6C00163F8D78C6012DFF6A240038CAB5E8
C:\WINDOWS\system32\drivers\SCTB.VXD InMem: 0 Det [G] MD5: 52A11358CDC5C1607FAE907BEE08B756 PX5: B145E9AE9B4192831638005E8F24D700BF52A60C
C:\WINDOWS\system32\drivers\SCTray.exe InMem: 0 Det [G] MD5: 5957FB8E1FD27E4B58E8FBAB3F128BB1 PX5: 3A635FB200F57BACA0B000200EC4BA00F0F47CEE
C:\WINDOWS\system32\drivers\sdbus.sys InMem: 0 Det [G] MD5: 02FC71B020EC8700EE8A46C58BC6F276 PX5: BA494C87000D7A4F08B4013D43118E00EBAF0531
C:\WINDOWS\system32\drivers\sffdisk.sys InMem: 0 Det [G] MD5: 1D9F1BEC651815741F088A8FB88E17EE PX5: AF380F15808E7A972B3D001ABF251400652E930D
C:\WINDOWS\system32\drivers\sffp_sd.sys InMem: 0 Det [G] MD5: 586499FD312FFD7F78553F408E71682E PX5: 35A841FC0030CAF028AD002AAB39F600184DF1C4
C:\WINDOWS\system32\drivers\sfloppy.sys InMem: 0 Det [G] MD5: 0D13B6DF6E9E101013A7AFB0CE629FE0 PX5: 6884E1AE807AAB872CD300DC197E0C00B015D834
C:\WINDOWS\system32\drivers\Sio9502k.sys InMem: 0 Det [G] MD5: F6ACD9575B5D77673B979BB46FF6A837 PX5: 15AB5321CC22E106BBDA009138FEB800FE9B0BC3
C:\WINDOWS\system32\drivers\SioUi2k.dll InMem: 0 Det [G] MD5: D5BC498AAA82C8EF5710C296D0901FB6 PX5: D9015413006042D83070019DD793D600AF54E683
C:\WINDOWS\system32\drivers\SktBt2k.sys InMem: 0 Det [G] MD5: 42A39AA7ED51616E36ADB5ABDDF8349B PX5: EC434DD6AC1B2A9EBD7600F83DEA6700625676BE
C:\WINDOWS\system32\drivers\sktsio9x.vxd InMem: 0 Det [G] MD5: 25253B33EFE0BF638845FD700E1BD53C PX5: DCA15B2966662EFA40710079D9352700157868D5
C:\WINDOWS\system32\drivers\smclib.sys InMem: 0 Det [G] MD5: 017DAECF0ED3AA731313433601EC40FA PX5: 8A9722BD003AC63939580092009AC20088FC78D8
C:\WINDOWS\system32\drivers\sonydcam.sys InMem: 0 Det [G] MD5: ADDC9E4757A68AB60562AD3CB9C288D6 PX5: 0B9EAE4180F27A6F636900C11EF4E3002F2E7423
C:\WINDOWS\system32\drivers\stream.sys InMem: 0 Det [G] MD5: C43356072EB3E88CD62958DB10CEAD47 PX5: E9758E5F00F11219BE3300252F112F00F38A6C5B
C:\WINDOWS\system32\drivers\tape.sys InMem: 0 Det [G] MD5: A2A9CA0D1A9AC1FF54220AA0789FE5CF PX5: 1278B1EF80B32A683A3F0096934CD200746C2998
C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL InMem: 0 Det [G] MD5: 727723537C9BF6BAA1FB8799A6839CD4 PX5: 4F73F53680D573A87D91052B82C9450016319BCD
C:\WINDOWS\system32\drivers\tcpip6.sys InMem: 0 Det [G] MD5: DCCACDD2747ADA221AECE5C9ADA5D551 PX5: 5D79645C800A9DEE710003BFD457ED00F0D2E94E
C:\WINDOWS\system32\drivers\tdi.sys InMem: 0 Det [G] MD5: 6891B74AB9A016064E82A419388D0601 PX5: D2E197368059988748C500010EF1F2006AC8B3D9
C:\WINDOWS\system32\drivers\tdpipe.sys InMem: 0 Det [G] MD5: 38D437CF2D98965F239B0ABCD66DCB0F PX5: 3FCBC6C1086354332FFD003DE3512D00CB438F2A
C:\WINDOWS\system32\drivers\tdtcp.sys InMem: 0 Det [G] MD5: ED0580AF02502D00AD8C4C066B156BE9 PX5: 8942980688A6EF76558200032BC6D800A375DA91
C:\WINDOWS\system32\drivers\tosdvd.sys InMem: 0 Det [G] MD5: 699450901C5CCFD82357CBC531CEDD23 PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE
C:\WINDOWS\system32\drivers\tsbvcap.sys InMem: 0 Det [G] MD5: D74A8EC75305F1D3CFDE7C7FC1BD62A9 PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD
C:\WINDOWS\system32\drivers\tunmp.sys InMem: 0 Det [G] MD5: 87A0E9E18C10A9E454238E3330E2A26D PX5: CBD0AEE38035D6A5300B00CF5C419100CB427E52
C:\WINDOWS\system32\drivers\udfs.sys InMem: 0 Det [G] MD5: 12F70256F140CD7D52C58C7048FDE657 PX5: 5FD2643980FF4C93024701049FF5A900913F1B6B
C:\WINDOWS\system32\drivers\usb8023.sys InMem: 0 Det [G] MD5: AF090265EC388BAB320F1FF7E7A7D5EA PX5: 6C38C2AE8005B13A31EC001CD2E193004FD5788A
C:\WINDOWS\system32\drivers\usbcamd.sys InMem: 0 Det [G] MD5: 2654EECC6FB13603EBDDCD5C8EA943D1 PX5: D11C923000C0476E5DDA002FC1E34E00BC32EEBC
C:\WINDOWS\system32\drivers\usbcamd2.sys InMem: 0 Det [G] MD5: 61018BA9DF6B63E51D9753C980E73EC2 PX5: D11C923080C0476E5DDA002FC1E34E002B3DC035
C:\WINDOWS\system32\drivers\usbd.sys InMem: 0 Det [G] MD5: 596EB39B50D6EBD9B734DC4AE0544693 PX5: F328D8568037A02F12FA00A0B0E095005A1BACA9
C:\WINDOWS\system32\drivers\usbintel.sys InMem: 0 Det [G] MD5: 2853FD4C4489E0F8BFCF78EFCDB7E998 PX5: 46A2709480A8B9863E99007B5ED70B000E5AFC3D
C:\WINDOWS\system32\drivers\usbport.sys InMem: 0 Det [G] MD5: 2034CA78F9C6E787B4B76D81AC888351 PX5: A1EF174180FC34972E3902AA15903200854523B2
C:\WINDOWS\system32\drivers\vdmindvd.sys InMem: 0 Det [G] MD5: 55E01061C74A8CEFFF58DC36114A8D3F PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF
C:\WINDOWS\system32\drivers\vfwwdm32.dll InMem: 0 Det [G] MD5: 148B5330921C365FA4A2DB6C431A9B2C PX5: 50A7CDEB00FEFE76D6A800E76B929700EFCC0032
C:\WINDOWS\system32\drivers\VHIDMini.sys InMem: 0 Det [G] MD5: C434C1BC13B72C81DD20BB564C9783FB PX5: A650888DD80917E9308900B9F5B9B30096929201
C:\WINDOWS\system32\drivers\vidcap.ax InMem: 0 Det [G] MD5: 8E364FE4450573C35F3B1AABEA2A7A9C PX5: B324302C00FE2B7F703100BF514586009E62FA07
C:\WINDOWS\system32\drivers\videoprt.sys InMem: 0 Det [G] MD5: D5A9D123F5ED7C9965A481BD20CF66D8 PX5: BBE87C52808D55E2379801ACFA738900C0632DEC
C:\WINDOWS\system32\drivers\volsnap.sys InMem: 0 Det [G] MD5: 698869E82C57169F2140C04A272BF12B PX5: AC3AFD0E80294768D03200EE1153E40098EF3DD1
C:\WINDOWS\system32\drivers\wmilib.sys InMem: 0 Det [G] MD5: 2F31B7F954BED437F2C75026C65CAF7B PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3
C:\WINDOWS\system32\drivers\wpdusb.sys InMem: 0 Det [G] MD5: CF4DEF1BF66F06964DC0D91844239104 PX5: E04E67C68020394F960F004FBC02B000DC6FED3C
C:\WINDOWS\system32\drivers\wssbtr1f.sys InMem: 0 Det [G] MD5: 85C3BAA151A6118B24D7701DDFC2D1EB PX5: 3132B4C1009AC351F80600940278E900F648260A
C:\Programmi\Alice ti aiuta\bin\matcli.exe InMem: 0 Det [G] MD5: 726A77C3B4BAE262B3BB8D6DC3BB7C5C PX5: F8C0488C0020CED750D20321443D9600E333F439
C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe InMem: 0 Det [G] MD5: C2FF17734176CD15221C10044EF0BA1A PX5: 2239093A00DFACBBBCB7015C24E82F009061170A
C:\WINDOWS\QTFont.for InMem: 0 Det [G] MD5: E1034D757709F37F2D1EBD96D5EAD02B PX5: E1034D75817709F3057F002D1EBD9600D5EAD02B
C:\WINDOWS\system32\advpack.dll.mui InMem: 0 Det [G] MD5: FC35907D12CA343991204222A683DA06 PX5: A3C1EECA009173A9307900B3BCE3AD00B8C5D1AA
C:\WINDOWS\system32\CoInst.dll InMem: 0 Det [G] MD5: 00D8FABC4797CFBBD37D28AC0AD8255B PX5: 7216B9720063215364C200506EB89100731281ED
C:\WINDOWS\system32\ieframe.dll.mui InMem: 0 Det [G] MD5: 5198FFAE588EAA2E66519325A821136A PX5: 7CFF633600E0BA21C0580FB2DDEACF0049B43F2E
C:\WINDOWS\system32\MRT.exe InMem: 0 Det [G] PX5: 266490CF788BB6302E73240043499A015FCABFA3
C:\WINDOWS\system32\mucltui.dll.mui InMem: 0 Det [G] MD5: 0B4F08D15CAF75A5C75120B1FDE1E1AA PX5: A5CEE5C07828FA91754700AE8244D0004ACFFC69
C:\WINDOWS\system32\watchdog.sys InMem: 0 Det [G] MD5: C9BF2F12C4E6C12F8A85FBA4B6BC6208 PX5: A5490EC7005C2AF84570001E79455E0011553B7B
C:\WINDOWS\system32\wgalogon.dll.old InMem: 0 Det [G] MD5: 87CFCF38E69FD03EB888A67AA5BA15B5 PX5: 89BDBABD808784849D2F0363E75E1B002F3B657B
C:\WINDOWS\system32\wgatray.exe.old InMem: 0 Det [G] MD5: 7B0E6D7461D97E1C1700C58002F2C76C PX5: FA038D4F803D513A25930548E7AE3F00C7170301
C:\WINDOWS\system32\win32k.sys InMem: 0 Det [G] MD5: 6AFDE6C2294DB179A558377F9EB5A0F7 PX5: AF40E9838058D78E21CB1CA553259300AEAD9216
C:\WINDOWS\system32\wuapi.dll.mui InMem: 0 Det [G] MD5: B7B1EBD53C9E861DB7A8AB7D13D8E1D8 PX5: 92E0CC095853C0C1753300650DDDAD00C0399BC2
C:\WINDOWS\system32\wuaucpl.cpl.mui InMem: 0 Det [G] MD5: 5271DCC72118B26619D1F8F4B3372A06 PX5: FD92C06C58084CD4759C00E6600FAC0065A26BA6
C:\WINDOWS\system32\wuaueng.dll.mui InMem: 0 Det [G] MD5: A9875E8F8A1852E0E325A02CE421ED36 PX5: 8F87ECF5583D62C253DE00AB7F3D51002C1F4DC0
C:\WINDOWS\system32\wucltui.dll.mui InMem: 0 Det [G] MD5: 7A5740C5A55447E88A760322334244D5 PX5: 70241DA158CC4AF1959400D2361A37006066AE07
C:\WINDOWS\system32\wups2.dll InMem: 1 Det [G] MD5: CEB1BD87FBCB5984BDF7DC0991A060B5 PX5: 8F8648A158D15CF4A9FE004434B05300230EE2A8
C:\WINDOWS\system32\wzcdlg.dll InMem: 1 Det [G] MD5: 362D2868E6C48FBC6581B16AF55E2AD1 PX5: FDC5ABBF00DE72F2C818054EFDC634000861176E
C:\Programmi\Haali\MatroskaSplitter\mmfinfo.dll InMem: 1 Det [G] MD5: 23B625C2D8A15ACFB42CBD97224F6AC8 PX5: 721E4C1D0026372970AF02D80A9E8500805286DA
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0561EC90-CE54-4f0c-9C55-E226110A740C}\InprocServer32 - {0561EC90-CE54-4f0c-9C55-E226110A740C} [C:\Programmi\Haali\MatroskaSplitter\mmfinfo.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}\InprocServer32 - {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} [C:\Programmi\Haali\MatroskaSplitter\mmfinfo.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{327669A0-59A7-4be9-B99E-1C9F3A57611A}\InprocServer32 - {327669A0-59A7-4be9-B99E-1C9F3A57611A} [C:\Programmi\Haali\MatroskaSplitter\mmfinfo.dll]
C:\Programmi\Haali\MatroskaSplitter\mkunicode.dll InMem: 1 Det [G] MD5: 399477319263E987B6A1261CCA789D43 PX5: 2297CBD8008FD4EA5CC20034570448009612A4E8
C:\Programmi\Zone Labs\ZoneAlarm\zlavscan_Loc0410.dll InMem: 1 Det [G] MD5: 702806D9E15970073A7BDA20723FAE0A PX5: 5C42CAF290C9E0EE453F00DD5E96CC0014056B7D
C:\WINDOWS\system32\sti.dll InMem: 1 Det [G] MD5: 8F44BA342774B5CC5E5A6A0B68E5ECC3 PX5: D0C61BDE00B5681C0CA40120655A6E00CC4935F5
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe InMem: 1 Det [G] MD5: 836DC47E6CAD975304D1D3EB2F516A1C PX5: 6ECF162C90DB2F503505026809A83400350C2BE3
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SunJavaUpdateSched ["C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"]
C:\Programmi\Common Files\Motive\MCCWrapper_DSR.dll InMem: 1 Det [G] MD5: 14580042A7293B0AE5D1E87C6A993242 PX5: 1D87696800414A87FCAA0DF82BA51D00BE1194AB
C:\WINDOWS\system32\ICMP.DLL InMem: 1 Det [G] MD5: B6087457A1380F8AE1D9355AF2A6BF11 PX5: 0B30E5BF00DA4A2E0E4B007E40893D00B79BCD14
C:\WINDOWS\system32\mshtmled.dll InMem: 1 Det [G] MD5: 1D4611220D7BD69E20F46C3C467CAFC3 PX5: AE4269EC0028BF1D4C3607FD8C882700074027A3
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll InMem: 1 Det [G] MD5: BA79B29E74194882F3530FB2C4CF0903 PX5: 43D5E03F00BFAAD2601C26EA2A0194008FF90ECC
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll InMem: 1 Det [G] MD5: 86F1895AE8C5E8B17D99ECE768A70732 PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll InMem: 1 Det [G] MD5: 7C87A5FB95777E4132B11FC3D92CAAF5 PX5: 2123929800EC6BF8507B04CB6847AA005FCEF14A
c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll InMem: 1 Det [G] MD5: 7C2E09AD420E050FDBDF83445C708287 PX5: E65D52060042C450B08520DCA2642C00328CC46F
c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_20795801\mscorlib.dll InMem: 1 Det [GN] PX5: B81093E600DE73D3C0C5339C04682700D5554894
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll InMem: 1 Det [G] MD5: AB782AEB258225399B6DA1F1F33D4944 PX5: 17792AC6001E46E4309501ADD189730029C88BC1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL InMem: 1 Det [G] MD5: 17E4D4ED3C4CF86C144195BDCB39141A PX5: 2F4601B300158762D00C041754821C006CBBBB16
c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll InMem: 1 Det [G] MD5: 2814E9BDB75088C0B4CF6C1123F6EC8E PX5: 10AAD49200E4B2A350151FACA23D8300443ABC25
c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bfbc80f3\system.windows.forms.dll InMem: 1 Det [GN] MD5: 88AFB2FA091FED8137D1A2C7E15B04CE PX5: 86BCA1B20069D132105D2E61B5A26300934BCDE2
c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll InMem: 1 Det [G] MD5: 0E207D5060F29D7860F88DE86DD0F7E1 PX5: 4DA3EA4A003CBC77D0DB1288759A96005E9C967B
c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_15a927c9\system.dll InMem: 1 Det [GN] MD5: D244A4C6FB25DDBA01FB57E27B6C7B1C PX5: 9B9E267C0015504800CC1ED578E88900E106C250
c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll InMem: 1 Det [G] MD5: A5205B3AF85B1477AB2C2A1E12201598 PX5: 37B936D600E9E0A0704814170B365B00E2A3106F
c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d1baf1c8\system.xml.dll InMem: 1 Det [GN] MD5: 1335E96C29213B1FF7408DD8A0CBE216 PX5: 4EC374CC000C3F98E0791FDC30108B00B52C7EE2
c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll InMem: 1 Det [G] MD5: 1E1B73FC9C17EFFE04F5676A40C82026 PX5: AE2A0DA00097F263F0440458CF705F005B72F1C9
c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll InMem: 1 Det [G] MD5: BCF15390DE7368639C593735BF938D7A PX5: E0A5227800908BAE20F10767845498006FBD9EC7
c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_fa3f76c9\system.drawing.dll InMem: 1 Det [GN] MD5: 4515D3BA256F3D4F49B76C67B1D660CE PX5: 356522AB00A0853DC0500C85E9B03F00D61DDCF5
c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll InMem: 1 Det [G] MD5: 20ECD4C9F5176FE4E9EB3CBF8BF88D9E PX5: E03D73E900A0E1C4508D1391DC74F6003F16E0CD
c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll InMem: 1 Det [G] MD5: 7A9DFD6D5E2EFCA43AC1F231DF2E1D96 PX5: 1C7B6C1E0044C05AB02505B3D5E43F0076C381A2
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll InMem: 1 Det [G] MD5: 99EC655E7D79FF515991FF322F30CB70 PX5: D32B430F0020EFEB7C650041FC2F7700296894D5
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll InMem: 1 Det [G] MD5: FFFB49BA718EB2D100E58129265D002C PX5: 24FF9B9900104B587071012FF8BFA000CF8B1267
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll InMem: 1 Det [G] MD5: A54235D77F14C5DBA7931BE1EBFD1763 PX5: 68F54D71008E0F61F0FF0363D9DC6C000D0BDC3D
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll InMem: 1 Det [G] MD5: E7D97E60E8C3A0C47244D6BDCB5AE68B PX5: 83A1BCFB006FCDC35C1A00E6F015EE00CA58DF51
C:\Programmi\File comuni\Microsoft Shared\office11\mso.dll InMem: 1 Det [G] PX5: F2473657003E077E10BBBBB7EFB689007887175D
C:\WINDOWS\system32\perfproc.dll InMem: 1 Det [G] MD5: C903E30BDB77AB0C730237F270EC3F90 PX5: 9295671F006AB0848C9C0090B29D8700CE4DE46A
C:\WINDOWS\system32\WISPTIS.EXE InMem: 1 Det [G] MD5: 99783FA6BFEB23A5F97B4A8DB36C8A39 PX5: 081545C1003DE7C3E6CD024F3A95B800DB919319
C:\Programmi\File comuni\Microsoft Shared\INK\TPCPS.DLL InMem: 1 Det [G] MD5: 33A823764E5C96B602127DCE7B0A1187 PX5: A644483A00E03422BE24000E7CC35100A11785F2
C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL InMem: 1 Det [G] MD5: ADC90EBBE2823C23A0406ACD3D6E9312 PX5: 3AB1DFA96054F262B59A001EC0681C0042A89C47
C:\WINDOWS\system32\Macromed\Common\SwSupport.dll InMem: 1 Det [G] MD5: 656DF15E3E7AFD3BABFD656392C894A1 PX5: 4E3C81C90089578DD06D00D1EB5E740096EA7D33
D:\CANTINA\Downloads\PREVXCSIFREE(4).EXE InMem: 1 Det [G] MD5: 40A8C1B5635C8061A38DFB868BB524AB PX5: 3043F13238834E378CDF163924CA3700B1768607
C:\Documents and Settings\utente\Impostazioni locali\Temp\Tmp___17070\PrevxCSI.exe InMem: 1 Det [G] MD5: BB557FAEA9F46F4E7DA944626B0CB1A6 PX5: F114D8B400A4E76B5AFC0395C5185700965FAD5A
C:\Documents and Settings\utente\Impostazioni locali\Temp\Tmp___17070\CSICore.dll InMem: 1 Det [G] MD5: A9079023FF2F3FA7BFB178220C6A0208 PX5: 9AF2C64700DCF68D789F0B0E3D1FC40009B16690
C:\Documents and Settings\utente\Impostazioni locali\Temp\Tmp___17070\csiLang.dll InMem: 1 Det [GP] MD5: 48E4EFAEE86113EAD1D0F2DFB0FB404F PX5: 7E37D2DC005F5CC080A505EEB9A294001D222F76
C:\Documents and Settings\utente\Impostazioni locali\Temp\Tmp___17070\csiPart.dll InMem: 1 Det [GP] MD5: DA9CEEB97BA10060150C27EC2CB7C998 PX5: F74B8C88006FEF0DAC2F007DC1B76B0015FC3A4D
C:\Documents and Settings\utente\Impostazioni locali\Temp\A~NSISu_.exe InMem: 0 Det [G] MD5: EE1249111EC5FE8F9DA4A888BC52EE22 PX5: E33A5E112FD0FE9ACB1500462629D00030292921
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - PendingFileRenameOperations [\??\C:\DOCUME~1\utente\IMPOST~1\Temp\A~NSISu_.exe]
C:\Documents and Settings\utente\Impostazioni locali\Temp\~nsu.tmp\Au_.exe InMem: 0 Det [u] MD5: DBC153B4E0F1197E2FF47598202A1440 PX5: 57F4A23313AEF607EB9600266762080045624D57
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - PendingFileRenameOperations [\??\C:\DOCUME~1\utente\IMPOST~1\Temp\A~NSISu_.exe]
C:\Documents and Settings\utente\Impostazioni locali\Temp\GLB1A2B.EXE InMem: 0 Det [G] MD5: 973567B98CDFC147DF4E60471D9DF072 PX5: F5727F6700885CFE56280297A0F939003474908A
REGSESSMGR - \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager - PendingFileRenameOperations [\??\C:\DOCUME~1\utente\IMPOST~1\Temp\A~NSISu_.exe]
C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll InMem: 0 Det [G] MD5: 5B42CB6A121256465B251840FDB1B2FE PX5: 9605B73990937669C5C407C2E2482300B93A27D7
REGBHO - \REGISTRY\Machine\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 - NoExplorer [C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32 - ClsidExtension [C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll]
C:\Programmi\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll InMem: 0 Det [G] MD5: 29791D9B553D051356DCAB3119C3C4EB PX5: AA9736E5006EE2526C8B00AEE712EE002B5D8845
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - vidc.ffds [C:\PROGRA~1\Combined Community Codec Pack\Filters\FFDShow\ff_vfw]
C:\WINDOWS\system32\atiiiexx.dll InMem: 0 Det [G] MD5: 49C24D143C1E0E2B9B2C93E8CB9A7237 PX5: D2C6AA94002D6C5DB07704B97A2D9800775DDDF7
C:\WINDOWS\system32\CoreAAC-uninstall.exe InMem: 0 Det [G] MD5: 443A877374A250CEFF170A476DEFBFA5 PX5: 0D0D749AFBDFF216805600D43B0C4700DC60E626
C:\WINDOWS\system32\java.exe InMem: 0 Det [G] MD5: 0C3EA89DBFC7F4A5761246C62E10DD0E PX5: CF91D0AB004CEFDC105802D2BC227B00090E7C09
C:\WINDOWS\system32\javacpl.cpl InMem: 0 Det [G] MD5: 4D1DB6B7089DACACFCF5BC294A2E7990 PX5: E2629A0700AEA0A510B90113D8C36600460CDB32
C:\WINDOWS\system32\javaw.exe InMem: 0 Det [G] MD5: 3472BAEB8D524D5CC7B5CE56BE5BD03B PX5: C4E5ED02008194B4109E02C4245AB900B11DDC5F
C:\WINDOWS\system32\javaws.exe InMem: 0 Det [G] MD5: E3D19BC2EC623FA5DD547F3B3EB13DCB PX5: 1946B48700C30A7D2061021564C3DD0037FAFAD8
C:\WINDOWS\system32\pncrt.dll InMem: 0 Det [G] MD5: 13001EB0A58B4DE96126B16AB15FD8CC PX5: 075D86280003017340A404F66F95A3006892D13F
C:\WINDOWS\system32\pndx5016.dll InMem: 0 Det [G] MD5: 33833B3EDA1B07EBD367FA9B38B23E60 PX5: 33833B3E00DA1B071AEB00D367FA9B0038B23E60
C:\WINDOWS\system32\pndx5032.dll InMem: 0 Det [G] MD5: B74E422BC81236042529DC8A42A18423 PX5: 8314C5EB00C6E0AD16FE002E54F5E2008B5F67CE
C:\WINDOWS\system32\rmoc3260.dll InMem: 0 Det [G] MD5: C96E185FC070D327A6994FF0DAA2BC2E PX5: BA964A1E58C2B7ACD5CD0210EF5CDD0017C4568D
C:\WINDOWS\system32\unrar.dll InMem: 0 Det [G] MD5: BC8123E9966E126FDEB3064EB2FA3302 PX5: 2478C99100133F3A82200284AC266F00A4CE4E84
C:\WINDOWS\system32\VSFilter.dll InMem: 0 Det [G] MD5: 49FF63A7E370C5422FC3A253EB659232 PX5: F6751EE90009D593D0270D7109755200E2B8E9DD
C:\WINDOWS\system32\xvidcore.dll InMem: 0 Det [G] MD5: F138B1592A9004AF805C963EA00F42C0 PX5: 28045548536BD0C385930B8F2F751100FBF01271
C:\Documents and Settings\utente\Impostazioni locali\Temp\jar_cache58304.tmp InMem: 0 Det [BP] MD5: 032FA959D5A5D910ABD2CBA06B86E109 PX5: 9DF1D4165085C12555A40062D9EDA700C41355E0 Malware Group: Downloader.Delf.12.AE
Summary:
C:\Documents and Settings\utente\Impostazioni locali\Temp\jar_cache58304.tmp - [b] >> Downloader.Delf.12.AE
Note: Some of the above entries may be from previous scans or cleaned infections.
End of PrevxCSI Log - http://www.prevx.com
__________________
Windows 10 Ultima modifica di vampyr8 : 17-03-2008 alle 15:57. |
|
|
|
16-03-2008, 20:04
|
#2 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Effettua le scansioni consigliate nella guida:
http://www.hwupgrade.it/forum/showthread.php?t=1599737 Poi allega tutti i log secondo le regole di sezione. 
|
|
|
|
|
17-03-2008, 15:52
|
#3 |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
Ho aggiunto dettagli e log al primo post
spero in voi
__________________
Windows 10 |
|
|
|
|
17-03-2008, 18:02
|
#4 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Mancano i log di a-squared e la scansione con dr.web cureit e/o la scansione on line.
Scarica Avenger e inserisci questo script: Quote:
I log sarebbe meglio se li alleghi con la funzione gestisci allegati o facendo l'upload su http://fileup.itadib.com/ Ultima modifica di Nuz : 18-03-2008 alle 15:13. |
|
|
|
|
|
18-03-2008, 01:18
|
#5 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
titolo aggiornato
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
18-03-2008, 14:46
|
#6 | |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
Quote:
Avenger, mettendo quella riga mi dice che lo script non è valido. Mentre ora sto rifacendo la scansione con a squared per aver il log. Fatto sta che comunque ieri ho eliminato ancora una volta il file jar ecc ecc e stamattina è ricomparso un altro jar con cifre diverse accanto sempre infetto e che produceva sempre altri exe infetti come ho già spiegato. Mettendo quel jar in Avenger dice comunque script non valido e non fa fare niente. Non riesco a capire da dove arriva sto Trojan e perchè torna.
__________________
Windows 10 |
|
|
|
|
|
18-03-2008, 15:14
|
#7 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Lo script era sbagliato, ora l'ho corretto riprova. Poi allega un log di prevxcsi e il log avenger.txt
|
|
|
|
|
18-03-2008, 15:24
|
#8 | |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
Quote:
__________________
Windows 10 |
|
|
|
|
|
18-03-2008, 15:25
|
#9 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Ma hai scritto anche "files to delete:"?
P.s. Per i prossimi log usa la funzione gestisci allegati o uppali su http://fileup.itadib.com/ |
|
|
|
|
18-03-2008, 21:09
|
#10 | |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
Quote:
__________________
Windows 10 |
|
|
|
|
|
18-03-2008, 21:15
|
#11 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Rimuovi i cookie trovati da a-squared, poi effettua un nuovo scan con prevxcsi e un nuovo log di HiJackThis.
|
|
|
|
|
18-03-2008, 23:06
|
#12 | |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
Quote:
Hthis http://fileup.itadib.com/download.ph...3s3vwuG1RsEv8q prevx http://fileup.itadib.com/download.ph...7GEF7Q6ywBcXmI
__________________
Windows 10 |
|
|
|
|
|
18-03-2008, 23:10
|
#13 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Riscontri ancora il problema?
|
|
|
|
|
21-03-2008, 15:33
|
#14 | |
|
Senior Member
Iscritto dal: Aug 2004
Città: Prov. di Na
Messaggi: 325
|
Quote:
__________________
Windows 10 |
|
|
|
|
|
10-10-2008, 09:16
|
#15 |
|
Junior Member
Iscritto dal: Oct 2008
Messaggi: 1
|
aiuto!!!
ciao ragazzi, mi sono appena registrato...
ho lo stesso problema suo, ogni volta il mio antivirus (AVG) rileva la presenza di un trojan del tipo DOWNLOADER.DELF.12.AE, nella cartella "documents and settings", ogni volta con un nome diverso (caratteri alfanumerici a caso) ed estensione .exe...ho provato a installare un antirootkit dell'avg e a farlo girare, ma nn ha trovato niente...non so che fare, aiutatemiiiiiiiiiiiii!!!! grazie... 
|
|
|
|
|
10-10-2008, 09:19
|
#16 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
MODALITA' DI PUBBLICAZIONE DEI LOG RICHIESTI: Ogni singolo log, esclusivamente in formato txt a parte SynInspector e nell'ordine indicato in Guida, deve essere hostato su Fileqube, clicca qui per raggiungere Fileqube, pubblicando, nella discussione, singolarmente, per ogni log, il link che verrà rilasciato per il download *** REGOLE di SEZIONE - obbligatoria la lettura!! ***
__________________
Try again and you will be luckier.
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 07:35.
