Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Olmarik.RF

3 pages: 1 [2] 3

Olmarik.RF

Opzioni

Topic Precedente · Topic Sucessivo

r16

Inviato: Tuesday, January 12, 2010 10:17:09 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Fai questa scansione:
SYSTEM SCAN

http://www.suspectfile.com/systemscan

scaricalo sul desktop
http://www.suspectfile.com/systemscan
Aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now"
Finita la scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

NB:
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così.
SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.

autodidatta

Inviato: Tuesday, January 12, 2010 11:15:20 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ciao r16
la pagina wikisend non funziona, non quando clicco upload file nella pagina successiva dice siamo spiacenti ma si è verificato un errore durante il caricamento.
Ho ripetuto diverse volte, niente sempre lo stesso errore.
Comunque ti mandop il file report che c'è nella cartella "suspectfile"
SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Biagio\Desktop\sys84308.exe
Running in: User mode
Date: 12/01/2010
Time: 22.40.19

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Streams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications

===================== ACCOUNTS ON THIS PC =====================

Users on this computer:
Is Admin? | Username

Yes | Administrator
Yes | Biagio
| Guest
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)

### users folders

20/01/2009 15.36.06 (DIR) 0 byte 357 days old -- LocalService
16/08/2009 22.27.45 (DIR) 0 byte 149 days old -- Default User
22/11/2009 23.16.01 (DIR) 0 byte 51 days old -- Biagio
29/12/2009 12.48.52 (DIR) 0 byte 14 days old -- All Users
11/01/2010 20.20.58 (DIR) 0 byte 1 days old -- NetworkService

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Biagio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== RECENT FILES =====================
Listing files newer than 60 days

---- recent files in C:\
12/01/2010 22:23:30 -- 12/01/2010 22:23:30 (DIR) HS-- 0 days old -- C:\RECYCLER
14/12/2008 16:23:51 -- 11/01/2010 21:08:07 (DIR) ---A 1 days old -- C:\WINDOWS
10/01/2010 19:22:39 -- 11/01/2010 19:05:51 (DIR) ---- 1 days old -- C:\Qoobox
14/12/2008 16:30:17 -- 11/01/2010 18:54:33 (DIR) --R- 1 days old -- C:\Programmi
12/01/2010 22:24:38 -- 12/01/2010 22:24:38 327 ---A 0 days old -- C:\mbr.log
12/01/2010 22:08:59 -- 12/01/2010 22:09:19 3318 H--A 0 days old -- C:\aaw7boot.cmd
14/12/2008 16:23:51 -- 12/01/2010 18:43:081610612736 HS-A 0 days old -- C:\pagefile.sys
12/01/2010 18:35:45 -- 12/01/2010 18:35:49 77312 ---A 0 days old -- C:\mbr.exe

---- recent files in C:\DOCUME~1\Biagio\IMPOST~1\Temp\
12/01/2010 22:35:01 -- 12/01/2010 22:40:19 (DIR) ---- 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\nsw5DE.tmp
12/01/2010 13:18:44 -- 12/01/2010 18:43:46 (DIR) ---- 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\Acrobat Distiller 9
12/01/2010 18:43:24 -- 12/01/2010 18:43:24 (DIR) ---- 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\WPDNSE
11/01/2010 20:39:20 -- 11/01/2010 20:39:20 (DIR) ---- 1 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\hsperfdata_Biagio
12/01/2010 22:31:34 -- 12/01/2010 22:37:20 16384 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\~DF15B.tmp
12/01/2010 22:34:28 -- 12/01/2010 22:35:01 53 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\systemscan.ini
12/01/2010 22:35:01 -- 12/01/2010 22:35:01 16384 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\~DFEEAD.tmp
12/01/2010 22:28:45 -- 12/01/2010 22:32:56 16384 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\~DF5A55.tmp
12/01/2010 22:08:34 -- 12/01/2010 22:09:19 16384 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\~DF5F23.tmp
12/01/2010 22:08:32 -- 12/01/2010 22:08:32 0 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\~DF4A8C.tmp
11/01/2010 20:39:19 -- 12/01/2010 19:39:22 1661 ---A 0 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\jusched.log
11/01/2010 20:39:20 -- 11/01/2010 20:39:20 291 ---A 1 days old -- C:\DOCUME~1\Biagio\IMPOST~1\Temp\java_install_reg.log

---- recent files in C:\WINDOWS\
15/12/2008 20:42:21 -- 12/01/2010 22:40:19 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch
14/12/2008 16:23:51 -- 12/01/2010 22:34:03 (DIR) ---- 0 days old -- C:\WINDOWS\Temp
14/12/2008 15:44:42 -- 12/01/2010 18:46:44 (DIR) -S-- 0 days old -- C:\WINDOWS\Tasks
14/12/2008 16:23:51 -- 12/01/2010 18:34:05 (DIR) ---- 0 days old -- C:\WINDOWS\system32
11/01/2010 21:08:07 -- 11/01/2010 21:08:07 (DIR) HS-- 1 days old -- C:\WINDOWS\ftpcache
29/01/2009 21:39:50 -- 11/01/2010 18:55:15 (DIR) ---- 1 days old -- C:\WINDOWS\ERDNT
14/12/2008 16:23:51 -- 11/01/2010 18:51:31 (DIR) ---- 1 days old -- C:\WINDOWS\AppPatch
12/03/2009 19:59:10 -- 08/01/2010 17:29:58 (DIR) H--- 4 days old -- C:\WINDOWS\$NtUninstallKB960225$
14/12/2008 16:23:51 -- 31/12/2009 12:46:49 (DIR) H--- 12 days old -- C:\WINDOWS\inf
14/12/2008 16:30:24 -- 29/12/2009 13:00:26 (DIR) HS-- 14 days old -- C:\WINDOWS\Installer
14/12/2008 16:23:51 -- 29/12/2009 12:42:52 (DIR) ---- 14 days old -- C:\WINDOWS\Debug
14/12/2008 16:23:51 -- 05/12/2009 20:03:33 (DIR) ---- 38 days old -- C:\WINDOWS\WinSxS
14/12/2008 15:41:54 -- 05/12/2009 20:01:25 (DIR) ---- 38 days old -- C:\WINDOWS\Registration
05/12/2009 19:41:08 -- 05/12/2009 19:41:08 (DIR) H--- 38 days old -- C:\WINDOWS\$NtUninstallWdf01009$
03/12/2009 13:55:12 -- 03/12/2009 13:55:13 (DIR) H--- 40 days old -- C:\WINDOWS\$NtUninstallKB955759$
14/12/2008 15:48:35 -- 03/12/2009 13:54:36 (DIR) H--- 40 days old -- C:\WINDOWS\$hf_mig$
01/12/2009 20:12:42 -- 01/12/2009 20:12:43 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB976098-v2$
01/12/2009 20:12:18 -- 01/12/2009 20:12:19 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB973687$
01/12/2009 18:14:06 -- 01/12/2009 18:14:07 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB970430$
01/12/2009 18:13:50 -- 01/12/2009 18:13:51 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB974318$
01/12/2009 18:12:26 -- 01/12/2009 18:12:27 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB973904$
01/12/2009 18:12:14 -- 01/12/2009 18:12:14 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB974392$
01/12/2009 18:12:02 -- 01/12/2009 18:12:02 (DIR) H--- 42 days old -- C:\WINDOWS\$NtUninstallKB971737$
29/12/2009 12:47:22 -- 12/01/2010 22:39:24 12694 ---A 0 days old -- C:\WINDOWS\setupapi.log
14/12/2008 15:45:48 -- 12/01/2010 19:25:11 1934894 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log
29/12/2009 12:46:44 -- 12/01/2010 18:43:57 0 ---A 0 days old -- C:\WINDOWS\0.log
25/09/2009 15:00:35 -- 12/01/2010 18:43:53 4188 ---A 0 days old -- C:\WINDOWS\ModemLog_PCI SoftV92 Speakerphone Modem.txt
20/12/2008 14:11:47 -- 12/01/2010 18:43:41 159 ---A 0 days old -- C:\WINDOWS\wiadebug.log
20/12/2008 14:11:46 -- 12/01/2010 18:43:38 50 ---A 0 days old -- C:\WINDOWS\wiaservc.log
14/12/2008 15:51:48 -- 12/01/2010 18:43:11 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat
14/12/2008 15:53:51 -- 12/01/2010 18:42:07 32420 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt
31/08/2001 12:00:00 -- 11/01/2010 18:57:44 246 ---A 1 days old -- C:\WINDOWS\system.ini
10/01/2010 19:26:00 -- 25/10/2009 06:11:34 77312 ---A 2 days old -- C:\WINDOWS\MBR.exe
10/01/2010 19:25:59 -- 20/04/2009 12:56:28 31232 ---A 2 days old -- C:\WINDOWS\NIRCMD.exe
10/01/2010 19:25:51 -- 09/12/2009 22:54:07 261632 ---A 2 days old -- C:\WINDOWS\PEV.exe
10/01/2010 19:25:49 -- 31/08/2000 08:00:00 80412 ---A 2 days old -- C:\WINDOWS\grep.exe
10/01/2010 19:25:49 -- 31/08/2000 08:00:00 161792 ---A 2 days old -- C:\WINDOWS\SWREG.exe
10/01/2010 19:25:49 -- 31/08/2000 08:00:00 68096 ---A 2 days old -- C:\WINDOWS\zip.exe
10/01/2010 19:25:48 -- 31/08/2000 08:00:00 98816 ---A 2 days old -- C:\WINDOWS\sed.exe
10/01/2010 19:25:46 -- 31/08/2000 08:00:00 136704 ---A 2 days old -- C:\WINDOWS\SWSC.exe
10/01/2010 19:25:46 -- 31/08/2000 08:00:00 212480 ---A 2 days old -- C:\WINDOWS\SWXCACLS.exe
14/12/2008 16:21:47 -- 02/12/2009 17:57:46 38 ---A 41 days old -- C:\WINDOWS\avisplitter.ini

---- recent files in C:\WINDOWS\system\

---- recent files in C:\WINDOWS\system32\
14/12/2008 16:29:11 -- 12/01/2010 18:46:46 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2
14/12/2008 16:23:51 -- 11/01/2010 19:05:51 (DIR) ---- 1 days old -- C:\WINDOWS\system32\drivers
14/12/2008 16:23:51 -- 11/01/2010 18:55:28 (DIR) ---- 1 days old -- C:\WINDOWS\system32\config
14/12/2008 16:23:51 -- 08/01/2010 12:37:43 (DIR) HSR- 4 days old -- C:\WINDOWS\system32\dllcache
28/01/2009 16:21:53 -- 29/12/2009 12:42:54 (DIR) ---- 14 days old -- C:\WINDOWS\system32\NtmsData
31/12/2008 20:50:00 -- 05/12/2009 20:00:51 (DIR) ---- 38 days old -- C:\WINDOWS\system32\DRVSTORE
31/08/2001 12:00:00 -- 12/01/2010 22:36:27 2206 ---A 0 days old -- C:\WINDOWS\system32\wpa.dbl
29/12/2009 12:14:14 -- 24/08/2009 21:08:08 28160 ---A 14 days old -- C:\WINDOWS\system32\DfSdkBt.exe
05/12/2009 20:00:47 -- 05/12/2009 20:00:47 1579 ---A 38 days old -- C:\WINDOWS\system32\UninitializedDebugLog.txt
05/12/2009 20:00:13 -- 05/12/2009 20:00:13 152 ---A 38 days old -- C:\WINDOWS\system32\LORInstallLog.txt
05/12/2009 19:41:11 -- 07/11/2008 18:55:30 16928 ---- 38 days old -- C:\WINDOWS\system32\spmsgXP_2k3.dll
31/08/2001 12:00:00 -- 02/12/2009 12:53:14 480058 ---A 41 days old -- C:\WINDOWS\system32\perfh010.dat
31/08/2001 12:00:00 -- 02/12/2009 12:53:14 67984 ---A 41 days old -- C:\WINDOWS\system32\perfc009.dat
31/08/2001 12:00:00 -- 02/12/2009 12:53:14 433698 ---A 41 days old -- C:\WINDOWS\system32\perfh009.dat
31/08/2001 12:00:00 -- 02/12/2009 12:53:14 80008 ---A 41 days old -- C:\WINDOWS\system32\perfc010.dat
14/12/2008 16:30:24 -- 02/12/2009 12:53:13 1076050 ---A 41 days old -- C:\WINDOWS\system32\PerfStringBackup.INI
18/12/2008 19:25:45 -- 01/12/2009 21:06:19 25966024 ---A 42 days old -- C:\WINDOWS\system32\MRT.exe
18/12/2008 19:25:30 -- 01/12/2009 20:12:50 217296 ---A 42 days old -- C:\WINDOWS\system32\TZLog.log

---- recent files in C:\WINDOWS\system32\drivers\
14/12/2008 16:23:51 -- 11/01/2010 18:56:57 (DIR) ---- 1 days old -- C:\WINDOWS\system32\drivers\etc
08/01/2010 14:12:27 -- 07/01/2010 16:07:14 38224 ---A 4 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08/01/2010 14:12:22 -- 07/01/2010 16:07:04 19160 ---A 4 days old -- C:\WINDOWS\system32\drivers\mbam.sys
05/12/2009 19:41:23 -- 05/12/2009 19:41:23 0 H--A 38 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
05/12/2009 19:41:21 -- 05/12/2009 19:41:21 0 H--A 38 days old -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

---- recent files in C:\WINDOWS\temp\
11/01/2010 19:28:58 -- 12/01/2010 22:05:54 511 ---A 0 days old -- C:\WINDOWS\temp\WGAErrLog.txt
11/01/2010 19:17:53 -- 12/01/2010 19:03:51 3220 ---A 0 days old -- C:\WINDOWS\temp\MpCmdRun.log
12/01/2010 18:43:42 -- 12/01/2010 18:43:42 16384 ---A 0 days old -- C:\WINDOWS\temp\Perflib_Perfdata_85c.dat
12/01/2010 13:19:23 -- 12/01/2010 13:19:23 0 ---A 0 days old -- C:\WINDOWS\temp\T30DebugLogFile.txt

---- recent files in C:\Programmi\
18/12/2008 21:32:19 -- 12/01/2010 18:43:23 (DIR) ---- 0 days old -- C:\Programmi\DNA
14/12/2008 16:30:17 -- 11/01/2010 18:51:25 (DIR) ---- 1 days old -- C:\Programmi\File comuni
08/01/2010 14:12:21 -- 08/01/2010 14:12:34 (DIR) ---- 4 days old -- C:\Programmi\Malwarebytes' Anti-Malware
03/01/2009 16:16:17 -- 06/01/2010 17:02:28 (DIR) ---- 6 days old -- C:\Programmi\eMule
29/12/2009 12:59:30 -- 29/12/2009 12:59:30 (DIR) ---- 14 days old -- C:\Programmi\ESET
29/12/2009 12:14:08 -- 29/12/2009 12:14:08 (DIR) ---- 14 days old -- C:\Programmi\Ashampoo
02/06/2009 14:42:54 -- 03/12/2009 13:50:43 (DIR) ---- 40 days old -- C:\Programmi\Google
14/12/2008 15:43:41 -- 01/12/2009 18:13:22 (DIR) ---- 42 days old -- C:\Programmi\Internet Explorer
15/11/2009 12:41:16 -- 15/11/2009 12:41:39 (DIR) ---- 58 days old -- C:\Programmi\UltraISO

---- recent files in C:\Programmi\File comuni\
25/03/2009 14:17:11 -- 05/12/2009 20:03:48 (DIR) ---- 38 days old -- C:\Programmi\File comuni\Symantec Shared
15/11/2009 12:41:38 -- 15/11/2009 12:41:38 (DIR) ---- 58 days old -- C:\Programmi\File comuni\EZB Systems

---- recent files in C:\Documents and Settings\Biagio\Dati applicazioni\
18/12/2008 21:32:19 -- 12/01/2010 22:33:48 (DIR) ---- 0 days old -- C:\Documents and Settings\Biagio\Dati applicazioni\DNA
08/01/2010 14:12:39 -- 08/01/2010 14:12:39 (DIR) ---- 4 days old -- C:\Documents and Settings\Biagio\Dati applicazioni\Malwarebytes
18/12/2008 21:33:10 -- 29/12/2009 12:42:56 (DIR) ---- 14 days old -- C:\Documents and Settings\Biagio\Dati applicazioni\BitTorrent
05/12/2009 05:53:12 -- 05/12/2009 05:53:12 9586784 ---A 38 days old -- C:\Documents and Settings\Biagio\Dati applicazioni\ashampoo_winoptimizer_2010_6.50_6585.exe

---- recent files in C:\Documents and Settings\Biagio\Impostazioni locali\Dati applicazioni\
14/12/2008 15:57:03 -- 11/01/2010 21:13:37 (DIR) -S-- 1 days old -- C:\Documents and Settings\Biagio\Impostazioni locali\Dati applicazioni\Microsoft
10/01/2010 19:28:05 -- 10/01/2010 19:28:05 (DIR) ---- 2 days old -- C:\Documents and Settings\Biagio\Impostazioni locali\Dati applicazioni\ESET
04/12/2009 10:46:12 -- 03/12/2009 13:46:56 (DIR) ---- 39 days old -- C:\Documents and Settings\Biagio\Impostazioni locali\Dati applicazioni\Temp
15/12/2008 15:00:48 -- 03/12/2009 14:02:59 79872 ---A 40 days old -- C:\Documents and Settings\Biagio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"GrooveMonitor"="\"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe\""
"CloneCDTray"="\"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe\" /s"
"Windows Defender"="\"C:\Programmi\Windows Defender\MSASCui.exe\" -hide"
"Adobe Acrobat Speed Launcher"="\"C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe\""
"Acrobat Assistant 8.0"="\"C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe\""
"CARPService"="carpserv.exe"
"TrueImageMonitor.exe"="C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe"
"Servizio Acronis Scheduler2"="\"C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe\""
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE"
"SunJavaUpdateSched"="\"C:\Programmi\Java\jre6\bin\jusched.exe\""
"egui"="\"C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe\" /hide /waitservice"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"Installed"="1"
@=""
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"
"BitTorrent DNA"="\"C:\Programmi\DNA\btdna.exe\""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[Run\AdobeUpdater]
@=""

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"DWQueuedReporting"="\"C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe\" -t"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\acaptuser32.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%Systemroot%\system32\webcheck.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\wpdshserviceobj.dll"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
#### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"

[Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"@="Internet Explorer User Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"@="Internet Explorer Branding"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"@="Internet Explorer Machine Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\dimsntfy]
"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]
@=""

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[runonceex]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
#### HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32 @="C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll"
"NoExplorer"=dword:00000001
@="AcroIEHelperStub"

[Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
#### HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InprocServer32 @="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
@=""

[Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
#### HKCR\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\InprocServer32 @="C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll"

[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
@=""

[Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
#### HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\InprocServer32 @="c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
#### HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32 @="C:\Programmi\Java\jre6\bin\jp2ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
#### HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\InprocServer32 @="C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
#### HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 @="C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll"

[Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP]
"InternetExplore"="Called\00\00l\00e\00d\00\00\00h/ê\02H\00\00\00\00\00\00\00\00\00\00\00h/ê\02H\00\00\00p/ê\02XÚ]\01,…8@t]\17\00XÚ]\01\00\00ê\02¨E\17\004\086@¨ý8@\00\00\00\00xÚ]\01 \07\01\00\09\00\00\00ÀÙ]\01¤ý8@´Ú]\01 é‘|`\00’|ÿÿÿÿ]\00’|Ùõã\02\00\00ê\02\00\00\00\00p/ê\02\01\00\00\00\1cÛ]\01\00\00\00\00à³\18\00ÀÚ]\01DJ\0fwUÐ8@ô_\17\00\01\00\00\00\08Û]\01 \16ä\02Èä\02ÿÿÿÿ\14Û]\01 êã\02p/ê\02êpã\02p/ê\02\01\00\00\00¿¼ã\024Û]\01\00\00\00\00\08\00\03ExÛ]\01ä³\18\00¨E\17\00\0b\00\00\00\00\00\00\00\01\00\00\00\08¼ã\02Üÿ]\01"
"FileExplorer"="JustInstalled"
"FileBrowser"="Called\00\00\1cî\04Îƒõu\08©\02H\00\00\00\15\00\00\00\00\00\00\00€î\04\00\00\00\00\00\00\00\00\00\00\00\007‡õuÁ@éw\00\00\00\00\00\00´\04€î\04ìˆ!~\04î\04~‚óu¸\00\16\00‚\01\00\09\00\00\00Xí\04\05@\00€Lî\04 é‘|`\00’|ÿÿÿÿ]\00’|Ùõo\05\00\00´\04\00\00\00\00@\1f´\04\00\00\00\00´î\04¸\00\16\00¨Ì«\02Xî\04DJ\0fw•}\"~8\01\13\00\00\00\00\00 î\04 \16p\05Èp\05ÿÿÿÿ¬î\04 êo\05@\1f´\04êpo\05@\1f´\04\01\00\00\00¿¼o\05\01\00\00\00\02\00\00\00\08\00´\04\00\00\00\00¬Ì«\02Ò\"ïw\0b\00\04\00\00\00\00\00\00\00\00\08¼o\05lñ\04"

[Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
"NoExplorer"=dword:00000001
@="SmartSelect"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="D:\Download\SCREEN~1\FANFIS~1.SCR"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
"gopher"="gopher://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002ce4

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Programmi\DNA\btdna.exe"="C:\Programmi\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP"="5353:TCP:*:Enabled:Adobe CSI CS4"
"1900:UDP"="1900:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

[AU]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\-----

[System]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

[AdvancedOptions\TABS]
"Text"="Tabbed Browsing"

[AdvancedOptions\TABS\ENABLE]
"Text"="Enable Tabbed Browsing*"

[AdvancedOptions\TABS\FOREGROUND]
"Text"="Always switch to new tabs when they are created"

[AdvancedOptions\TABS\POPUPS]
"Text"="Always open pop-ups in a new window"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="Internet Explorer - Aggiornamento versione"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"ComponentID"="WMPACCESS"
"@="Windows Media Player"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="\"C:\WINDOWS\system32\rundll32.exe\" \"C:\WINDOWS\system32\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{71CB2612-627C-3D58-8D82-B77444B27B6A}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
"@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
"@="Provider fax"
"ComponentID"="Fax Provider"
"StubPath"=""

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {543D8726-8253-4435-B72F-3487803947CD} REG_BINARY 060000000000000000000000000000000CEC4C4B030000000000000000000000000000000CEC4C4B0F0000000000000000000000000000000CEC4C4B010000000000000000000000000000000CEC4C4B330000000000000000000000000000000CEC4C4B360000000000000000000000000000000CEC4C4B350000000000000000000000000000000CEC4C4B
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {543D8726-8253-4435-B72F-3487803947CD} REG_BINARY FC000000000000000000000000000000C3B44C4B0600000000000000040000000000000012094D4BC0A801010300000000000000040000000000000012094D4BC0A801010F00000000000000180000000000000012094D4B686F6D656E65742E74656C65636F6D6974616C69612E69740100000000000000040000000000000012094D4BFFFFFF003300000000000000040000000000000012094D4B000054603600000000000000040000000000000012094D4BC0A801013500000000000000010000000000000012094D4B05000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft H.323 Telephony Service Provider
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\ServiceModel 3.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11492 (0x2CE4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11486 (0x2CDE)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\sptd\Cfg
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpNameServer REG_SZ 192.168.1.1
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpDomain REG_SZ homenet.telecomitalia.it
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} NTEContextList REG_MULTI_SZ \0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} NTEContextList REG_MULTI_SZ 0x00000002\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpServer REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} Lease REG_DWORD 3600 (0xE10)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} Lease REG_DWORD 21600 (0x5460)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} LeaseObtainedTime REG_DWORD 1263332364 (0x4B4CEC0C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} LeaseObtainedTime REG_DWORD 1263318194 (0x4B4CB4B2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} T1 REG_DWORD 1263334164 (0x4B4CF314)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} T1 REG_DWORD 1263328994 (0x4B4CDEE2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} T2 REG_DWORD 1263335514 (0x4B4CF85A)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} T2 REG_DWORD 1263337094 (0x4B4CFE86)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} LeaseTerminatesTime REG_DWORD 1263335964 (0x4B4CFA1C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} LeaseTerminatesTime REG_DWORD 1263339794 (0x4B4D0912)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpIPAddress REG_SZ 192.168.1.200
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpSubnetMask REG_SZ 255.255.255.0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpRetryTime REG_DWORD 10798 (0x2A2E)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpRetryStatus REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpNameServer REG_SZ 192.168.1.1
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpDomain REG_SZ homenet.telecomitalia.it
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{543D8726-8253-4435-B72F-3487803947CD} DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpIPAddress REG_SZ 0.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpIPAddress REG_SZ 192.168.1.200
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpSubnetMask REG_SZ 255.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpSubnetMask REG_SZ 255.255.255.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpServer REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip Lease REG_DWORD 3600 (0xE10)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip Lease REG_DWORD 21600 (0x5460)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1263332364 (0x4B4CEC0C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1263318194 (0x4B4CB4B2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip T1 REG_DWORD 1263334164 (0x4B4CF314)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip T1 REG_DWORD 1263328994 (0x4B4CDEE2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip T2 REG_DWORD 1263335514 (0x4B4CF85A)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip T2 REG_DWORD 1263337094 (0x4B4CFE86)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1263335964 (0x4B4CFA1C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1263339794 (0x4B4D0912)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{543D8726-8253-4435-B72F-3487803947CD}\Parameters\Tcpip DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avjirw6i
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mbr

Result compared: Different

-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical

===================== Advanced startup entries analysis =====================

HKLM\SOFTWARE\Microsoft\windows\currentversion\run

GrooveMonitor = "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe -- 27/10/2006 00:47:42 -- 27/10/2006 00:47:42 -- 31016
MD5: 38d198a2dd54a67120040566a38103ba SHA1: 8741f10d2b9feb500e744ce66d9277cfed209fe5
[1] .text [2] .rdata [3] .data [4] .rsrc

CloneCDTray = "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe -- 28/09/2006 20:21:04 -- 28/09/2006 20:21:04 -- 57344
MD5: d7779335b0ebc0a7b9c7d0e1105ea078 SHA1: 4c5a4aec5197b070fa4780242f921b37b4cb3fd2
[1] .text [2] .rdata [3] .data [4] .rsrc

Windows Defender = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
C:\Programmi\Windows Defender\MSASCui.exe -- 03/11/2006 19:20:12 -- 03/11/2006 19:20:12 -- 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac SHA1: 6761523a26c96461b4051d6932cb3ade36a2efb2
[1] .text [2] .data [3] .rsrc

Adobe Acrobat Speed Launcher = "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe -- 12/06/2008 01:25:18 -- 12/06/2008 01:25:18 -- 37232
MD5: 35fd33eae23af69715ee3231a9f15b82 SHA1: db6e1f0d71d482984f68cd3bc04468e04ea4f9bc
[1] .text [2] .rdata [3] .data [4] .rsrc

Acrobat Assistant 8.0 = "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe -- 11/06/2008 21:43:26 -- 11/06/2008 21:43:26 -- 640376
MD5: 0fe0edf01cea3beb2e65a904bb87525e SHA1: 941596e4c997b16e77f08cea29f5e43c1d609b59
[1] .text [2] .rdata [3] .data [4] .idata [5] .rsrc

CARPService = carpserv.exe
C:\WINDOWS\system32\carpserv.exe -- 25/03/2009 09:32:33 -- 22/12/2001 05:02:06 -- 4608
MD5: 9aaf44fdf3a5517066b286b80c4a149f SHA1: 8eff1364ff6f7258a89358809eac2f5cca3590af
[1] .text [2] .rdata [3] .data [4] .rsrc

TrueImageMonitor.exe = C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe -- 19/05/2009 23:42:48 -- 19/05/2009 23:42:48 -- 4386216
MD5: c3f0d5d0bbb1aa989ea723706a11c6db SHA1: 32b3da6a97bab565a4c2616c38e67cc5a39d8667
Error Opening File

AcronisTimounterMonitor = C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe -- 19/05/2009 23:46:34 -- 19/05/2009 23:46:34 -- 961080
MD5: 83a33949117456a1c115314e700e646b SHA1: 567e978eb2769cc419e1a1a2dcf714ce34ab2c97
Error Opening File

Servizio Acronis Scheduler2 = "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe -- 19/05/2009 23:45:50 -- 19/05/2009 23:45:50 -- 377472
MD5: 8eb4742736b2084242f6be4eca1edecb SHA1: f3d3467934fd87e531410e6d94e2352369212f0a
Error Opening File

AliceRE_McciTrayApp = C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE -- 29/10/2009 14:37:33 -- 21/11/2006 15:26:22 -- 936960
MD5: 731be35a5e9bd8aa44b15cd3fa927e9f SHA1: 121db870bee19ba3aeb1a2d0d54be80f304724d5
[1] .text [2] .rdata [3] .data [4] .rsrc

SunJavaUpdateSched = "C:\Programmi\Java\jre6\bin\jusched.exe"
C:\Programmi\Java\jre6\bin\jusched.exe -- 07/01/2009 16:39:24 -- 11/10/2009 04:17:36 -- 149280
MD5: 3a0647bded81dbe0bcbb51d70b22c9e0 SHA1: f7390460fad962232af9cd1c0382f5ea053608ee
[1] .text [2] .rdata [3] .data [4] .rsrc

egui = "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe -- 01/10/2009 15:06:24 -- 01/10/2009 15:06:24 -- 2054360
MD5: ae610c06a68559ef9f29143d19c39564 SHA1: 0c7f3aadc3b2556996be662a7bbc197b3b1c1ec4
[1] .text [2] .rdata [3] .data [4] .tls [5] .rsrc

HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run

HKCU\SOFTWARE\Microsoft\windows\currentversion\run

MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
C:\Programmi\Messenger\msmsgs.exe -- 14/12/2008 15:41:03 -- 13/04/2008 19:14:14 -- 1695232
MD5: 0616984d75338427bbe68d30d20e8fa3 SHA1: 2ffebe6d8c96cde0947a97ff3b06ef047dd5b9b9
Error Opening File

BitTorrent DNA = "C:\Programmi\DNA\btdna.exe"
C:\Programmi\DNA\btdna.exe -- 18/12/2008 21:32:19 -- 13/11/2009 18:31:56 -- 323392
MD5: afa1f8cc076ab0462512a78473d86d53 SHA1: 7878d9e0eae7b09e23fe460f0aa5c24cb7e296c2
[1] UPX0 [2] UPX1 [3] .rsrc

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe -- 13/04/2008 18:14:04 -- 13/04/2008 18:14:04 -- 15360
MD5: f53cddef33a4c41336a782be3d170158 SHA1: 964cca35d3109f49a6f6ebaba820637a5943b43b
[1] .text [2] .data [3] .rsrc

HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run

===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)

-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000143

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000143

Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = False
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = True
DRIVE_CDROM = True
DRIVE_RAMDISK = False
RESERVED = True

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

### D:\Download\Emule\Adobe\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso)\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL)\Autorun.inf
open=Autoplay.exe -auto

### D:\Programmi Vari\Adobe\Acrobat Professional 7\Autorun.inf
open=AutoPlay.exe -auto

### D:\Programmi Vari\Adobe\Acrobat Professional 8\Autorun.inf
open=Autoplay.exe -auto

### D:\Programmi Vari\Adobe\Acrobat Professional 9\Autorun.inf
open=Autoplay.exe -auto

### D:\Programmi Vari\Adobe\Adobe Photoshop CS2 v9\AUTORUN.INF
open=Setup.exe -auto

### D:\Programmi Vari\Adobe\Adobe Photoshop Elements 4.0 Ita\AUTORUN.INF
open=Setup.exe -auto

### D:\Programmi Vari\Adobe\Adobe Photoshop Elements 5 It\AUTORUN.INF
open=Setup.exe -auto

### D:\Programmi Vari\Norton System Works 2006 ITALIANO ok!\AutoRun.inf
OPEN=NCDSTART.EXE

; the path to the trialware directory should be relative to the root of the CD
[TrialWare]
Directory=TrialWre

### D:\Programmi Vari\Pinnacle\Studio 10\CD 1\AUTORUN.INF
open = welcome.exe
icon = welcome.exe

### D:\Programmi Vari\Pinnacle\Studio 10\CD 3\AUTORUN.INF
open = autorun.exe
icon = autorun.exe

### D:\Programmi Vari\Programmi per Backup\Acronis True Image\Acronis True Image Home 10 Italiano\autorun.inf

### D:\Programmi Vari\Programmi per Masterizzare\Nero\Nero 7.5.1.1 Premium Suite\Autorun.inf
open=Setupx.exe

### C:\Programmi\File comuni\Adobe\Bridge CS4 Extensions\Adobe Output Module\mediagallery\resources\flashgallery\AUTORUN.inf
open=HawaiiWPG\resources\template.exe

### C:\Programmi\Nero\Nero 9\Nero Burning ROM\SecurDisc\Autorun.inf
open=discinfo.exe

### C:\Programmi\Nero\Nero 9\Nero Express\SecurDisc\Autorun.inf
open=discinfo.exe

===================== SCHEDULED JOBS =====================

jobs found in C:\WINDOWS:

31/08/2001 12.00.00 65 byte 3056 days old -- C:\WINDOWS\tasks\desktop.ini
11/01/2010 18.27.22 444 byte 1 days old -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
12/01/2010 18.43.16 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
12/01/2010 18.43.22 1124 byte 0 days old -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
12/01/2010 18.46.44 322 byte 0 days old -- C:\WINDOWS\tasks\MP Scheduled Scan.job
12/01/2010 21.46.01 1128 byte 0 days old -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:

Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 13.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 13.46.16
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 14.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 14.46.00
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 15.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 15.46.00
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 16.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 16.46.00
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 17.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 17.46.00
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineCore.job" (GoogleUpdate.exe)
Avviata 12/01/2010 18.43.19
"GoogleUpdateTaskMachineCore.job" (GoogleUpdate.exe)
Terminata 12/01/2010 18.43.22
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 18.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 18.46.13
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 19.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 19.46.03
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 20.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 20.46.01
Esito: Operazione completata con un codice di uscita (0).
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Avviata 12/01/2010 21.46.00
"GoogleUpdateTaskMachineUA.job" (GoogleUpdate.exe)
Terminata 12/01/2010 21.46.01
Esito: Operazione completata con un codice di uscita (0).

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

002) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER

003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

004) "adfs"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

005) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

006) "aec" - Eliminatore di eco acustico del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER

007) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER

008) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

009) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

010) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

011) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

012) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

013) "AN983" - Scheda ADMtek 10/100Mbps Fast Ethernet AN983/AN985/ADM951X
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\AN983.sys
---> TYPE = KERNEL_DRIVER

014) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

015) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

016) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

017) "AsyncMac" - Driver per supporti asincroni RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER

018) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER

019) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

020) "ati2mtag"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ati2mtag.sys
---> TYPE = KERNEL_DRIVER

021) "Atmarpc" - Protocollo client ARP ATM
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER

022) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER

023) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

024) "btaudio" - Periferica audio Bluetooth
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\btaudio.sys
---> TYPE = KERNEL_DRIVER

025) "BTDriver" - Driver di comunicazioni virtuali Bluetooth
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\btport.sys
---> TYPE = KERNEL_DRIVER

026) "BTKRNL" - Enumeratore bus Bluetooth
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\btkrnl.sys
---> TYPE = KERNEL_DRIVER

027) "BTSERIAL" - Bluetooth Serial Driver
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\drivers\btserial.sys
---> TYPE = KERNEL_DRIVER

028) "BTSLBCSP" - Bluetooth Port Client Driver
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\drivers\btslbcsp.sys
---> TYPE = KERNEL_DRIVER

029) "BTWDNDIS" - Server di accesso alla rete LAN Bluetooth
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\btwdndis.sys
---> TYPE = KERNEL_DRIVER

030) "btwmodem" - Modem Bluetooth
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\btwmodem.sys
---> TYPE = KERNEL_DRIVER

031) "BTWUSB" - WIDCOMM USB Bluetooth Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\btwusb.sys
---> TYPE = KERNEL_DRIVER

032) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\ComboFix\catchme.sys
---> TYPE = KERNEL_DRIVER

033) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

034) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

035) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

036) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

037) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER

038) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

039) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

040) "cmuda" - C-Media WDM Audio Interface
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cmuda.sys
---> TYPE = KERNEL_DRIVER

041) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

042) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

043) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

044) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER

045) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER

046) "dmio" - Driver Gestione dischi logici
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\dmio.sys
---> TYPE = KERNEL_DRIVER

047) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

048) "DMusic" - Sintetizzatore DLS Microsoft Kernel
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER

049) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

050) "drmkaud" - Decodificatore audio DRM del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER

051) "eamon" - eamon
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\eamon.sys
---> TYPE = FILE_SYSTEM_DRIVER

052) "ehdrv" - ehdrv
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ehdrv.sys
---> TYPE = KERNEL_DRIVER

053) "ElbyCDFL" - ElbyCDFL
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\ElbyCDFL.sys
---> TYPE = KERNEL_DRIVER

054) "ElbyCDIO" - ElbyCDIO Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\Drivers\ElbyCDIO.sys
---> TYPE = KERNEL_DRIVER

055) "epfwtdir" - epfwtdir
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\epfwtdir.sys
---> TYPE = KERNEL_DRIVER

056) "Fastfat"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

057) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER

058) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

059) "Flpydisk" - Driver disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER

060) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\fltMgr.sys
---> TYPE = FILE_SYSTEM_DRIVER

061) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER

062) "gameenum" - Enumeratore porta giochi
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\gameenum.sys
---> TYPE = KERNEL_DRIVER

063) "GEARAspiWDM" - GearAspiWDM
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\GEARAspiWDM.sys
---> TYPE = KERNEL_DRIVER

064) "GenericMount" - Generic Mount Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\GenericMount.sys
---> TYPE = KERNEL_DRIVER

065) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER

066) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

067) "HSFHWBS2"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\HSFHWBS2.sys
---> TYPE = KERNEL_DRIVER

068) "HSF_DP"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\HSF_DP.sys
---> TYPE = KERNEL_DRIVER

069) "HSF_DPV"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\HSF_DPV.sys
---> TYPE = KERNEL_DRIVER

070) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER

071) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

072) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

073) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER

074) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER

075) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

076) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

077) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER

078) "Ip6Fw" - Driver Windows Firewall IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\Ip6Fw.sys
---> TYPE = KERNEL_DRIVER

079) "IpFilterDriver" - Driver filtro traffico IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER

080) "IpInIp" - Driver tunnel IP in IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER

081) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER

082) "IPSec" - Driver IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER

083) "IRENUM" - Servizio enumeratore infrarossi
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER

084) "isapnp" - Driver bus PnP ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER

085) "Kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER

086) "kmixer" - Mixer wave audio del kernel Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER

087) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

088) "Lbd" - Lbd
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\Lbd.sys
---> TYPE = FILE_SYSTEM_DRIVER

089) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

090) "mdmxsdk"
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\mdmxsdk.sys
---> TYPE = KERNEL_DRIVER

091) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

092) "Modem"
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

093) "MODEMCSA" - Periferica filtro flusso Unimodem
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\MODEMCSA.sys
---> TYPE = KERNEL_DRIVER

094) "Mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER

095) "MountMgr"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

096) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

097) "MRENDIS5" - MRENDIS5 NDIS Protocol Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
---> TYPE = KERNEL_DRIVER

098) "MRxDAV" - Redirector del client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER

099) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER

100) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

101) "MSKSSRV" - Proxy di servizio di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER

102) "MSPCLOCK" - Proxy clock di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER

103) "MSPQM" - Proxy di gestione qualità di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER

104) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER

105) "ms_mpu401" - Driver Microsoft MPU-401 MIDI UART
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\msmpu401.sys
---> TYPE = KERNEL_DRIVER

106) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER

107) "NDIS" - Driver di sistema NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

108) "NdisTapi" - Driver TAPI NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER

109) "Ndisuio" - Protocollo I/O modalità utente su NDIS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER

110) "NdisWan" - Driver WAN NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER

111) "NDProxy" - multi:Proxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

112) "NetBIOS" - Interfaccia NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER

113) "NetBT" - NetBios su Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER

114) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

115) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

116) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

117) "NwlnkFlt" - Driver filtro traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER

118) "NwlnkFwd" - Driver inoltratore traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER

119) "NwlnkIpx" - Protocollo di trasporto compatibile NWLink IPX/SPX/NetBIOS
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\nwlnkipx.sys
---> TYPE = KERNEL_DRIVER

120) "NwlnkNb" - NWLink NetBIOS
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\nwlnknb.sys
---> TYPE = KERNEL_DRIVER

121) "NwlnkSpx" - Protocollo NWLink SPX/SPXII
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\nwlnkspx.sys
---> TYPE = KERNEL_DRIVER

122) "Parport" - Driver della porta parallela
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER

123) "PartMgr"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

124) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

125) "PCI" - Driver bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER

126) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

127) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER

128) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

129) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

130) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

131) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

132) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

133) "perc2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

134) "perc2hib"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

135) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER

136) "PSched" - Utilità di pianificazione pacchetti QoS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psched.sys
---> TYPE = KERNEL_DRIVER

137) "Ptilink" - Driver Direct Parallel Link
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ptilink.sys
---> TYPE = KERNEL_DRIVER

138) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\PxHelp20.sys
---> TYPE = KERNEL_DRIVER

139) "ql1080"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

140) "Ql10wnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

141) "ql12160"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

142) "ql1240"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

143) "ql1280"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

144) "RasAcd" - Driver connessione automatica Accesso remoto
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER

145) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER

146) "RasPppoe" - Driver PPPOE di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER

147) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspti.sys
---> TYPE = KERNEL_DRIVER

148) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER

149) "RDPCDD"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER

150) "rdpdr" - Driver redirector periferica Terminal Server
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rdpdr.sys
---> TYPE = KERNEL_DRIVER

151) "RDPWD"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

152) "redbook" - Driver filtro riproduzione CD-ROM audio digitale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\redbook.sys
---> TYPE = KERNEL_DRIVER

153) "RTLWUSB" - NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wg111v2.sys
---> TYPE = KERNEL_DRIVER

154) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\secdrv.sys
---> TYPE = KERNEL_DRIVER

155) "serenum" - Driver filtro Serenum
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\serenum.sys
---> TYPE = KERNEL_DRIVER

156) "Serial" - Driver della porta seriale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\serial.sys
---> TYPE = KERNEL_DRIVER

157) "Sfloppy"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

158) "Simbad"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

159) "sisagp" - Filtro bus SIS AGP
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\sisagp.sys
---> TYPE = KERNEL_DRIVER

160) "snapman" - Acronis Snapshots Manager
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\snapman.sys
---> TYPE = KERNEL_DRIVER

161) "SONYPVU1" - Driver filtro USB Sony (SONYPVU1)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\SONYPVU1.SYS
---> TYPE = KERNEL_DRIVER

162) "Sparrow"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

163) "splitter" - Frazionatore audio del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
---> TYPE = KERNEL_DRIVER

164) "sptd"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\sptd.sys
---> TYPE = KERNEL_DRIVER

165) "sr" - Driver filtro Ripristino configurazione di sistema
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\sr.sys
---> TYPE = FILE_SYSTEM_DRIVER

166) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER

167) "StarOpen"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

168) "StreamDispatcher"
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\strmdisp.sys
---> TYPE = KERNEL_DRIVER

169) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER

170) "swmidi" - Sintetizzatore Wavetable GS kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
---> TYPE = KERNEL_DRIVER

171) "symc810"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

172) "symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

173) "symsnap" - Symantec Volume Snap Shot Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\symsnap.sys
---> TYPE = FILE_SYSTEM_DRIVER

174) "sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

175) "sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

176) "sysaudio" - Periferica audio di sistema Microsoft Kernel
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
---> TYPE = KERNEL_DRIVER

177) "Tcpip" - Driver protocollo TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER

178) "TDPIPE"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

179) "tdrpman228" - Acronis Try&Decide and Restore Points filter (build 228)
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\tdrpm228.sys
---> TYPE = KERNEL_DRIVER

180) "TDTCP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

181) "TermDD" - Driver della periferica terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER

182) "tifsfilter" - Acronis True Image FS Filter
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\tifsfilt.sys
---> TYPE = FILE_SYSTEM_DRIVER

183) "timounter" - Acronis True Image Backup Archive Explorer
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\timntr.sys
---> TYPE = KERNEL_DRIVER

184) "TosIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

185) "Udfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

186) "ultra"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

187) "Update" - Driver aggiornamento microcodice
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\update.sys
---> TYPE = KERNEL_DRIVER

188) "usbccgp" - Driver principale generico USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbccgp.sys
---> TYPE = KERNEL_DRIVER

189) "usbehci" - Driver Miniport controller enhanced host USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER

190) "usbhub" - Hub abilitato USB2
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER

191) "usbohci" - Driver miniport per controller open host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbohci.sys
---> TYPE = KERNEL_DRIVER

192) "usbprint" - Classe stampanti USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = KERNEL_DRIVER

193) "usbscan" - Driver scanner USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
---> TYPE = KERNEL_DRIVER

194) "USBSTOR" - Driver archiviazione di massa USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER

195) "usbuhci" - Driver Miniport Controller Universal Host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER

196) "v2imount" - Symantec V2i Mount Driver
---> STAT = (NOT RUNNING) Started automatically
---> FILE = system32\DRIVERS\v2imount.sys
---> TYPE = KERNEL_DRIVER

197) "Vax347b"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\Vax347b.sys
---> TYPE = KERNEL_DRIVER

198) "Vax347s"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\Vax347s.sys
---> TYPE = KERNEL_DRIVER

199) "VgaSave"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER

200) "ViaIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

201) "VolSnap"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

202) "Wanarp" - Driver ARP IP di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER

203) "Wdf01000" - Kernel Mode Driver Frameworks service
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\wdf01000.sys
---> TYPE = KERNEL_DRIVER

204) "WDICA"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

205) "wdmaud" - Driver di compatibilità audio Microsoft WINMM WDM
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
---> TYPE = KERNEL_DRIVER

206) "winachsf"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\HSF_CNXT.sys
---> TYPE = KERNEL_DRIVER

207) "WS2IFSL" - Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys
---> TYPE = KERNEL_DRIVER

208) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\WudfPf.sys
---> TYPE = KERNEL_DRIVER

209) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wudfrd.sys
---> TYPE = KERNEL_DRIVER

-----HKLM\system\currentcontrolset\services-----

000) "AcrSch2Svc" - Servizio Acronis Scheduler2
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe\
---> TYPE = OWN_SERVICE

001) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

002) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> TYPE = OWN_SERVICE

003) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

004) "aspnet_state" - Servizio stato di ASP.NET
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> TYPE = OWN_SERVICE

005) "Ati HotKey Poller"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\Ati2evxx.exe
---> TYPE = OWN_SERVICE

006) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

007) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

008) "Browser" - Browser di computer
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

009) "btwdins" - Bluetooth Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe
---> TYPE = OWN_SERVICE

010) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe
---> TYPE = SHARE_SERVICE

011) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\clipsrv.exe
---> TYPE = OWN_SERVICE

012) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE

013) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE

014) "CryptSvc" - CryptSvc
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

015) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> TYPE = SHARE_SERVICE

016) "DfSdkS" - Defragmentation-Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe\
---> TYPE = OWN_SERVICE

017) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

018) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
---> TYPE = SHARE_SERVICE

019) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

020) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

021) "Dot3svc" - Configurazione automatica reti cablate
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k dot3svc
---> TYPE = SHARE_SERVICE

022) "EapHost" - Servizio Extensible Authentication Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k eapsvcs
---> TYPE = SHARE_SERVICE

023) "EhttpSrv" - ESET HTTP Server
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe\
---> TYPE = OWN_SERVICE

024) "ekrn" - ESET Service
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe\
---> TYPE = OWN_SERVICE

025) "EPSON_EB_RPCV4_01" - EPSON V5 Service4(01)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
---> TYPE = OWN_SERVICE

026) "EPSON_PM_RPCV4_01" - EPSON V3 Service4(01)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
---> TYPE = OWN_SERVICE

027) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

028) "EsetNod32Fix" - Nod32 AV
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\Regedit.exe /s %WinDir%\Fix.reg
---> TYPE = OWN_SERVICE

029) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE

030) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

031) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

032) "Fax" - Fax
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\fxssvc.exe
---> TYPE = OWN_SERVICE

033) "FLEXnet Licensing Service" - FLEXnet Licensing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\
---> TYPE = OWN_SERVICE

034) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
---> TYPE = OWN_SERVICE

035) "gupdate1c9e38bb56a2f10" - Google Update Service (gupdate1c9e38bb56a2f10)
---> STAT = (NOT RUNNING) Started automatically
---> FILE = \C:\Programmi\Google\Update\GoogleUpdate.exe\ /svc
---> TYPE = OWN_SERVICE

036) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

037) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

038) "hkmsvc" - Servizio gestione chiavi e certificati di integrità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

039) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
---> TYPE = SHARE_SERVICE

040) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe\
---> TYPE = OWN_SERVICE

041) "idsvc" - Windows CardSpace
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\
---> TYPE = SHARE_SERVICE

042) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe
---> TYPE = OWN_SERVICE

043) "JavaQuickStarterService" - Java Quick Starter
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Java\jre6\bin\jqs.exe\ -service -config \C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf\
---> TYPE = OWN_SERVICE

044) "LanmanServer" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

045) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

046) "Lavasoft Ad-Aware Service" - Lavasoft Ad-Aware Service
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe\
---> TYPE = OWN_SERVICE

047) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

048) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

049) "Microsoft Office Groove Audit Service" - Microsoft Office Groove Audit Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe\
---> TYPE = OWN_SERVICE

050) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe
---> TYPE = OWN_SERVICE

051) "MSCSPTISRV" - MSCSPTISRV
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe\
---> TYPE = OWN_SERVICE

052) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe
---> TYPE = OWN_SERVICE

053) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
---> TYPE = SHARE_SERVICE

054) "napagent" - Agente protezione accesso alla rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

055) "Nero BackItUp Scheduler 4.0" - Nero BackItUp Scheduler 4.0
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
---> TYPE = OWN_SERVICE

056) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE

057) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE

058) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

059) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

060) "NetTcpPortSharing" - Net.Tcp Port Sharing Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\
---> TYPE = SHARE_SERVICE

061) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

062) "NOD32FiXTemDono" - Eset Nod32 Boot
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
---> TYPE = OWN_SERVICE

063) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

064) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

065) "NwSapAgent" - Agente SAP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

066) "odserv" - Microsoft Office Diagnostics Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE\
---> TYPE = OWN_SERVICE

067) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE\
---> TYPE = OWN_SERVICE

068) "PACSPTISVR" - PACSPTISVR
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe\
---> TYPE = OWN_SERVICE

069) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE

070) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

071) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

072) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

073) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

074) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
---> TYPE = OWN_SERVICE

075) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

076) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

077) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe
---> TYPE = OWN_SERVICE

078) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> TYPE = OWN_SERVICE

079) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe
---> TYPE = OWN_SERVICE

080) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

081) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
---> TYPE = SHARE_SERVICE

082) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

083) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

084) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

085) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

086) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

087) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> TYPE = OWN_SERVICE

088) "SPTISRV" - Sony SPTI Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe\
---> TYPE = OWN_SERVICE

089) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

090) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

091) "StarWindService" - StarWind iSCSI Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
---> TYPE = OWN_SERVICE

092) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> TYPE = SHARE_SERVICE

093) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{CD7490A7-1506-47DF-A4C5-3D7150E6C46E}
---> TYPE = OWN_SERVICE

094) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
---> TYPE = OWN_SERVICE

095) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

096) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> TYPE = SHARE_SERVICE

097) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

098) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\tlntsvr.exe
---> TYPE = OWN_SERVICE

099) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

100) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

101) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
---> TYPE = OWN_SERVICE

102) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
---> TYPE = OWN_SERVICE

103) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

104) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = OWN_SERVICE

105) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Windows Defender\MsMpEng.exe\
---> TYPE = OWN_SERVICE

106) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

107) "Winsock"
---> STAT = (RUNNING) Started manually
---> TYPE = ADAPTER

108) "WmdmPmSN" - Portable Media Serial Number Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

109) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

110) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe
---> TYPE = OWN_SERVICE

111) "WMPNetworkSvc" - Servizio di condivisione in rete Windows Media Player
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\Windows Media Player\WMPNetwk.exe\
---> TYPE = OWN_SERVICE

112) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

113) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

114) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
---> TYPE = SHARE_SERVICE

115) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

116) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

===================== SVCHOST INSTANCES =====================

HTTPFilter
+---- HTTPFilter
+---- %SystemRoot%\System32\w3ssl.dll

LocalService
+---- Alerter
+---- %SystemRoot%\system32\alrsvc.dll
+---- WebClient
+---- %SystemRoot%\System32\webclnt.dll
+---- LmHosts
+---- %SystemRoot%\System32\lmhsvc.dll
+---- RemoteRegistry
+---- %SystemRoot%\system32\regsvc.dll
+---- upnphost
+---- %SystemRoot%\System32\upnphost.dll
+---- SSDPSRV
+---- %SystemRoot%\System32\ssdpsrv.dll

NetworkService
+---- DnsCache
+---- %SystemRoot%\System32\dnsrslvr.dll

netsvcs
+---- 6to4
+---- AppMgmt
+---- %SystemRoot%\System32\appmgmts.dll
+---- AudioSrv
+---- %SystemRoot%\System32\audiosrv.dll
+---- Browser
+---- %SystemRoot%\System32\browser.dll
+---- CryptSvc
+---- %SystemRoot%\System32\cryptsvc.dll
+---- DMServer
+---- %SystemRoot%\System32\dmserver.dll
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- ERSvc
+---- %SystemRoot%\System32\ersvc.dll
+---- EventSystem
+---- C:\WINDOWS\system32\es.dll
+---- FastUserSwitchingCompatibility
+---- %SystemRoot%\System32\shsvcs.dll
+---- HidServ
+---- %SystemRoot%\System32\hidserv.dll
+---- Ias
+---- Iprip
+---- Irmon
+---- LanmanServer
+---- %SystemRoot%\System32\srvsvc.dll
+---- LanmanWorkstation
+---- %SystemRoot%\System32\wkssvc.dll
+---- Messenger
+---- %SystemRoot%\System32\msgsvc.dll
+---- Netman
+---- %SystemRoot%\System32\netman.dll
+---- Nla
+---- %SystemRoot%\System32\mswsock.dll
+---- Ntmssvc
+---- %SystemRoot%\system32\ntmssvc.dll
+---- NWCWorkstation
+---- Nwsapagent
+---- %SystemRoot%\System32\ipxsap.dll
+---- Rasauto
+---- %SystemRoot%\System32\rasauto.dll
+---- Rasman
+---- %SystemRoot%\System32\rasmans.dll
+---- Remoteaccess
+---- %SystemRoot%\System32\mprdim.dll
+---- Schedule
+---- %SystemRoot%\system32\schedsvc.dll
+---- Seclogon
+---- %SystemRoot%\System32\seclogon.dll
+---- SENS
+---- %SystemRoot%\system32\sens.dll
+---- Sharedaccess
+---- %SystemRoot%\System32\ipnathlp.dll
+---- SRService
+---- %SystemRoot%\system32\srsvc.dll
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
+---- Themes
+---- %SystemRoot%\System32\shsvcs.dll
+---- TrkWks
+---- %SystemRoot%\system32\trkwks.dll
+---- W32Time
+---- %systemroot%\system32\w32time.dll
+---- WZCSVC
+---- %SystemRoot%\System32\wzcsvc.dll
+---- Wmi
+---- %SystemRoot%\System32\advapi32.dll
+---- WmdmPmSp
+---- winmgmt
+---- %SystemRoot%\system32\wbem\WMIsvc.dll
+---- wscsvc
+---- %SYSTEMROOT%\system32\wscsvc.dll
+---- xmlprov
+---- %SystemRoot%\System32\xmlprov.dll
+---- napagent
+---- %SystemRoot%\System32\qagentrt.dll
+---- hkmsvc
+---- %SystemRoot%\System32\kmsvc.dll
+---- BITS
+---- %systemroot%\system32\qmgr.dll
+---- wuauserv
+---- C:\WINDOWS\system32\wuauserv.dll
+---- ShellHWDetection
+---- %SystemRoot%\System32\shsvcs.dll
+---- helpsvc
+---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

DcomLaunch
+---- DcomLaunch
+---- %SystemRoot%\system32\rpcss.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll

rpcss
+---- RpcSs
+---- %SystemRoot%\System32\rpcss.dll

eapsvcs
+---- eaphost
+---- %SystemRoot%\System32\eapsvc.dll

dot3svc
+---- dot3svc
+---- %SystemRoot%\System32\dot3svc.dll

imgsvc
+---- StiSvc
+---- %SystemRoot%\system32\wiaservc.dll

termsvcs
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll

WudfServiceGroup
+---- WUDFSvc
+---- %SystemRoot%\System32\WUDFSvc.dll

===================== LOADED MODULES =====================

*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown

System pid: 4
Command line: <no command line>

smss.exe pid: 652
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe

csrss.exe pid: 732
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75af0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\CSRSRV.dll
0x75b00000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll
0x75b10000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll

winlogon.exe pid: 756
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x10000000 0x17000 6.14.0010.4096 C:\WINDOWS\system32\Ati2evxx.dll
0x47190000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x014a0000 0x42000 1.09.0040.0000 C:\WINDOWS\system32\WgaLogon.dll
0x012a0000 0x13000 4.00.0000.0344 C:\Programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x74910000 0x123000 8.100.1051.0000 C:\WINDOWS\system32\msxml3.dll

services.exe pid: 800
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1d000 5.01.2600.5755 C:\WINDOWS\system32\services.exe
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77b40000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\SCESRV.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x7dbb0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\umpnpmgr.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x474b0000 0xf000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcAdProc.dll
0x772d0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\eventlog.dll

lsass.exe pid: 812
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\lsass.exe
0x753e0000 0xb6000 5.01.2600.5834 C:\WINDOWS\system32\LSASRV.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x743d0000 0x6e000 5.01.2600.5512 C:\WINDOWS\system32\SAMSRV.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x4d200000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\msprivs.dll
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74440000 0x65000 5.01.2600.5512 C:\WINDOWS\system32\netlogon.dll
0x76780000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x7e8c0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\wdigest.dll
0x7d520000 0x31000 5.01.2600.5512 C:\WINDOWS\system32\scecli.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
0x74360000 0x30000 5.01.2600.5512 C:\WINDOWS\system32\ipsecsvc.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x756d0000 0xd0000 5.01.2600.5886 C:\WINDOWS\system32\oakley.DLL
0x742f0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\WINIPSEC.DLL
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x74320000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\pstorsvc.dll
0x74340000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\psbase.dll

ati2evxx.exe pid: 972
Command line: C:\WINDOWS\system32\Ati2evxx.exe

Base Size Version Path
0x00400000 0x67000 6.14.0010.4096 C:\WINDOWS\system32\Ati2evxx.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

svchost.exe pid: 984
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll

svchost.exe pid: 1040
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x71ec0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\wshisn.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

MsMpEng.exe pid: 1136
Command line: "C:\Programmi\Windows Defender\MsMpEng.exe"

Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Programmi\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Programmi\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Programmi\Windows Defender\MpClient.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5a100000 0x4d1000 1.01.5302.0000 C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{CDCC8775-CA5B-4A26-BEA6-FD844D1AFE27}\mpengine.dll
0x006f0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\mprtplug.dll
0x60800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\MpAsDesc.dll

svchost.exe pid: 1176
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x4cf40000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x745c0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76030000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x72960000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x014e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\System32\SCHANNEL.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76760000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x6ff20000 0x6b000 6.07.2600.5512 c:\windows\system32\qmgr.dll
0x74f20000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\System32\credui.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\System32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\System32\eappcfg.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\eappprxy.dll
0x776e0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74ed0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x665d0000 0x17000 5.01.2600.0000 c:\windows\system32\ipxsap.dll
0x5d780000 0x1c000 5.01.2600.0000 c:\windows\system32\rtm.dll
0x71fd0000 0x12000 5.01.2600.0000 c:\windows\system32\adptif.dll
0x76780000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f120000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x750e0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x742f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x58080000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x5b480000 0x16000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61ab0000 0x29000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x58100000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x580e0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58110000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58130000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58120000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x723c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x71f00000 0x9000 5.01.2600.5512 C:\WINDOWS\System32\ipxwan.dll
0x74910000 0x123000 8.100.1051.0000 C:\WINDOWS\system32\msxml3.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\System32\dssenh.dll
0x65000000 0x2e000 8.00.6001.18702 C:\WINDOWS\system32\advpack.dll
0x70040000 0x9e000 2001.12.4414.0700 C:\WINDOWS\System32\catsrvut.dll
0x70100000 0x3d000 2001.12.4414.0700 C:\WINDOWS\System32\catsrv.dll
0x61df0000 0x9000 2001.12.4414.0700 C:\WINDOWS\System32\MfcSubs.dll

svchost.exe pid: 1220
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

svchost.exe pid: 1276
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ab0000 0x12000 5.01.2600.5512 c:\windows\system32\regsvc.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

ati2evxx.exe pid: 1596
Command line: Ati2evxx.exe -Client

Base Size Version Path
0x00400000 0x67000 6.14.0010.4096 C:\WINDOWS\system32\Ati2evxx.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

explorer.exe pid: 1680
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x75f30000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSImg32.dll
0x5ba40000 0x72000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
0x74910000 0x123000 8.100.1051.0000 C:\WINDOWS\system32\msxml3.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x40260000 0xa93000 8.00.6001.18854 C:\WINDOWS\system32\ieframe.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x66b40000 0x17d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\wpdshserviceobj.dll
0x10000000 0x11000 4.00.0001.2303 C:\WINDOWS\system32\btncopy.dll
0x761e0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a80000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\portabledevicetypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\portabledeviceapi.dll
0x692e0000 0x8d000 5.02.2600.5512 C:\WINDOWS\system32\fxsst.dll
0x60270000 0x72000 5.02.2600.5512 C:\WINDOWS\system32\FXSAPI.dll
0x01910000 0x13000 4.00.0000.0344 C:\Programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
0x75f10000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x75f20000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x03290000 0x1a5000 12.00.4518.1014 C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x6c6b0000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x73b10000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
0x74a70000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll
0x040e0000 0x4c000 9.00.0000.0000 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
0x01ff0000 0xf000 C:\Programmi\D-Link\Software Bluetooth\btkeyind.dll
0x03d30000 0x4a000 1.02.0001.1551 C:\Programmi\File comuni\Adobe\Adobe Drive CS4\BIB.dll
0x61800000 0x15b000 4.00.0000.0344 C:\Programmi\File comuni\Adobe\Adobe Version Cue CS4\Client\4.0.0\VersionCue.DLL
0x05400000 0x54000 9.00.0005.0332 C:\Programmi\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.ita
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
0x04c80000 0x147000 4.00.0000.0344 C:\Programmi\File comuni\Adobe\Adobe Drive CS4\ADFSMenu.dll
0x01300000 0x18000 1.03.0000.0000 C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
0x04fd0000 0xa3000 C:\PROGRA~1\Ashampoo\ASHAMP~1\CONTEX~1.DLL
0x051c0000 0xd5000 12.00.0000.9769 C:\Programmi\Acronis\TrueImageHome\tishell.dll
0x03680000 0x41000 4.00.0000.0525 C:\Programmi\Acronis\TrueImageHome\timounter.dll
0x02060000 0x2e000 3.80.0000.0000 C:\Programmi\WinRAR\rarext.dll
0x02530000 0x17000 1.00.0000.0001 C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
0x78480000 0x8e000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll
0x78520000 0xa3000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
0x78e20000 0x2a000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\ATL90.DLL
0x22000000 0x31000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\shellExt.dll
0x03810000 0x45000 2.00.0001.0000 C:\Programmi\Epson Software\Easy Photo Print\EPPShell.dll
0x05e80000 0x209000 4.00.0005.0100 C:\Programmi\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x75df0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\MSVFW32.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL
0x69940000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll
0x73250000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RICHED32.DLL
0x74dc0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll
0x05770000 0xa8000 9.00.0005.0332 C:\Programmi\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\ddraw.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll
0x4f4b0000 0x61000 5.01.2600.5512 C:\WINDOWS\system32\wzcdlg.dll
0x05470000 0x1f7000 6.02.0010.0031 C:\Programmi\File comuni\Nero\SMC\NeroDigitalExt.dll
0x03c60000 0x5b000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x74b10000 0x8f000 5.01.2600.5512 C:\WINDOWS\system32\printui.dll

AAWService.exe pid: 1696
Command line: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"

Base Size Version Path
0x00400000 0x102000 8.00.0000.0000 C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
0x10000000 0x41000 C:\Programmi\Lavasoft\Ad-Aware\RPAPI.dll
0x78480000 0x8e000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll
0x78520000 0xa3000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
0x4dd50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\FLTLIB.DLL
0x00350000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00d00000 0x190000 C:\Programmi\Lavasoft\Ad-Aware\Resources.dll
0x73540000 0x47000 5.01.2600.5512 C:\WINDOWS\system32\mstask.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x013c0000 0x57000 7.01.0000.0012 C:\Programmi\Lavasoft\Ad-Aware\lavalicense.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x01d10000 0xa4000 8.00.0000.0000 C:\Programmi\Lavasoft\Ad-Aware\ceapi.dll
0x01dd0000 0x38000 3.80.0002.0166 C:\Programmi\Lavasoft\Ad-Aware\unrar.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x40260000 0xa93000 8.00.6001.18854 C:\WINDOWS\system32\ieframe.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x05180000 0x13000 4.00.0000.0344 C:\Programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
0x75f10000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x75f20000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll

spoolsv.exe pid: 1844
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\spoolsv.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x00980000 0xc000 9.00.0000.0000 C:\WINDOWS\system32\AdobePDF.dll
0x00990000 0x18000 2.09.0000.0000 C:\WINDOWS\system32\E_FLBFAE.DLL
0x00cc0000 0x14000 1.04.0000.0000 C:\WINDOWS\system32\E_FLBBGE.DLL
0x693f0000 0x9000 5.02.2600.5512 C:\WINDOWS\system32\FXSMON.DLL
0x69410000 0x12000 5.02.2600.5512 C:\WINDOWS\system32\FXSEVENT.dll
0x10000000 0x1c000 4.00.0001.2303 C:\WINDOWS\system32\bthcrp.dll
0x00ce0000 0xfa000 4.00.0001.2303 C:\WINDOWS\system32\WidcommSdk.dll
0x00de0000 0xca000 4.00.0001.2303 C:\WINDOWS\system32\wbtapi.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00ed0000 0x9000 0.03.4518.1014 C:\WINDOWS\system32\msonpmon.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x3f420000 0x1b000 6.01.2600.5635 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
0x00f50000 0x9000 0.03.4518.1014 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x68f00000 0x161000 0.03.0052.0012 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FUICFAE.DLL
0x73aa0000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x01120000 0x27000 0.03.0001.0026 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FMAIFAE.DLL

GrooveMonitor.exe pid: 680
Command line: "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

Base Size Version Path
0x00400000 0x8000 12.00.4518.1014 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
0x68ef0000 0xf1000 12.00.4518.1014 C:\Programmi\Microsoft Office\Office12\GrooveUtil.DLL
0x00350000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x68ff0000 0x7000 12.00.4518.1014 C:\Programmi\Microsoft Office\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSImg32.dll
0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x74910000 0x123000 8.100.1051.0000 C:\WINDOWS\system32\msxml3.dll

MSASCui.exe pid: 716
Command line: "C:\Programmi\Windows Defender\MSASCui.exe" -hide

Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Programmi\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Programmi\Windows Defender\MpClient.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9c000 1.01.1593.0000 C:\Programmi\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Programmi\Windows Defender\MpRtMon.DLL
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

acrotray.exe pid: 816
Command line: "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

Base Size Version Path
0x00400000 0x9f000 9.00.0000.0332 C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x7000 9.00.0000.0000 C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.ita
0x00a50000 0x7000 9.00.0000.0000 C:\Programmi\Adobe\Acrobat 9.0\Acrobat\AcroTray.ESP
0x00a70000 0x7000 9.00.0000.0000 C:\Programmi\Adobe\Acrobat 9.0\Acrobat\AcroTray.NLD
0x00a90000 0x7000 9.00.0000.0000 C:\Programmi\Adobe\Acrobat 9.0\Acrobat\AcroTray.PTB
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

carpserv.exe pid: 996
Command line: "C:\WINDOWS\system32\carpserv.exe"

Base Size Version Path
0x00400000 0x5000 1.00.0000.0001 C:\WINDOWS\system32\carpserv.exe

TrueImageMonitor.exe pid: 1088
Command line: "C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe"

Base Size Version Path
0x00400000 0x3aa000 12.00.0000.9769 C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x20300000 0x43000 1.00.0000.0009 C:\Programmi\Acronis\TrueImageHome\Common\resource.dll
0x20100000 0x10000 1.00.0000.0145 C:\Programmi\Acronis\TrueImageHome\Common\gc.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x3e000 3.05.0000.0423 C:\Programmi\File comuni\Acronis\SnapAPI\snapapi.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x20600000 0x7000 1.00.0000.0014 C:\Programmi\Acronis\TrueImageHome\Common\thread_pool.dll
0x019c0000 0xa000 1.00.0000.0123 C:\Programmi\Acronis\TrueImageHome\Common\rpc_client.dll
0x01c10000 0x2da000 1.00.0000.0228 C:\Programmi\File comuni\Acronis\TrueImageHome\tdrpapi.dll

TimounterMonitor.exe pid: 1128
Command line: "C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe"

Base Size Version Path
0x00400000 0xe7000 4.00.0000.0453 C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
0x10000000 0x1a0000 2.00.0000.0003 C:\Programmi\Acronis\TrueImageHome\fox.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x7e430000 0x89000 5.02.3790.4110 C:\WINDOWS\system32\hhctrl.ocx
0x68de0000 0x18000 4.74.9273.0000 C:\WINDOWS\system32\mui\0010\hhctrlui.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\msimg32.dll
0x20700000 0x151000 3.08.0001.0000 C:\Programmi\Acronis\TrueImageHome\Common\icu38.dll
0x00ad0000 0x183000 3.08.0001.0000 C:\Programmi\Acronis\TrueImageHome\Common\icudt38.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x20600000 0x7000 1.00.0000.0014 C:\Programmi\Acronis\TrueImageHome\Common\thread_pool.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

schedhlp.exe pid: 1240
Command line: "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"

Base Size Version Path
0x00400000 0x5d000 1.00.0000.0318 C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

MCCITR~1.EXE pid: 1256
Command line: "C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE"

Base Size Version Path
0x00400000 0xea000 5.00.0000.0055 C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x5b160000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\VDMDBG.DLL

jusched.exe pid: 1252
Command line: "C:\Programmi\Java\jre6\bin\jusched.exe"

Base Size Version Path
0x00400000 0x25000 6.00.0170.0004 C:\Programmi\Java\jre6\bin\jusched.exe
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

egui.exe pid: 1312
Command line: "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

Base Size Version Path
0x00400000 0x1f7000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
0x782e0000 0x10f000 8.00.50727.4053 C:\Programmi\ESET\ESET NOD32 Antivirus\MFC80U.DLL
0x78130000 0x9b000 8.00.50727.4053 C:\Programmi\ESET\ESET NOD32 Antivirus\MSVCR80.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x21c00000 0x49000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiScan.dll
0x21400000 0x21000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiAmon.dll
0x21600000 0x19000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiEmon.dll
0x23200000 0x17000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiDmon.dll
0x20400000 0xda000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
0x21200000 0x45000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
0x22b00000 0x16000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll

msmsgs.exe pid: 1348
Command line: "C:\Programmi\Messenger\msmsgs.exe" /background

Base Size Version Path
0x01000000 0x1a3000 4.07.0000.3001 C:\Programmi\Messenger\msmsgs.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6f000 5.01.2600.5512 C:\WINDOWS\system32\XPOB2RES.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x776e0000 0x44000 2001.12.4414.0706 C:\WINDOWS\system32\es.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll

btdna.exe pid: 1400
Command line: "C:\Programmi\DNA\btdna.exe"

Base Size Version Path
0x00400000 0xc9000 2.02.0004.16502 C:\Programmi\DNA\btdna.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll

ctfmon.exe pid: 1440
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\ctfmon.exe
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x60060000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\MSUTB.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

BTTray.exe pid: 1804
Command line: "C:\Programmi\D-Link\Software Bluetooth\BTTray.exe"

Base Size Version Path
0x00400000 0xc8000 4.00.0001.2303 C:\Programmi\D-Link\Software Bluetooth\BTTray.exe
0x10000000 0xca000 4.00.0001.2303 C:\WINDOWS\system32\wbtapi.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00340000 0x1f000 4.00.0001.2303 C:\WINDOWS\system32\btosif.dll
0x00360000 0x38000 4.00.0001.2303 C:\WINDOWS\system32\btwhidcs.DLL
0x74a70000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x003b0000 0xd000 4.00.0001.2303 C:\Programmi\D-Link\Software Bluetooth\BtBalloon.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x00a70000 0x2fb000 4.00.0001.2303 C:\WINDOWS\system32\btrez.dll
0x00d70000 0x10000 2.00.0039.0000 C:\WINDOWS\system32\CSH.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x00f30000 0xf000 C:\Programmi\D-Link\Software Bluetooth\btkeyind.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

svchost.exe pid: 308
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00950000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll

schedul2.exe pid: 524
Command line: "C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe"

Base Size Version Path
0x00400000 0x98000 1.00.0000.0318 C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

btwdins.exe pid: 456
Command line: "C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe"

Base Size Version Path
0x00400000 0x58000 4.00.0001.2303 C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

ekrn.exe pid: 1756
Command line: "C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe"

Base Size Version Path
0x00400000 0xb1000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
0x7c420000 0x87000 8.00.50727.4053 C:\Programmi\ESET\ESET NOD32 Antivirus\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.4053 C:\Programmi\ESET\ESET NOD32 Antivirus\MSVCR80.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x21e00000 0x34000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnScan.dll
0x21300000 0x46c000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
0x02e10000 0x1b000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
0x23400000 0x1a000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
0x20300000 0x65000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
0x21100000 0x25000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
0x21000000 0x35000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\updater.dll
0x22900000 0x19000 4.00.0468.0001 C:\Programmi\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll

E_S40ST7.EXE pid: 1592
Command line: "C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE"

Base Size Version Path
0x01000000 0x28000 4.00.0000.0000 C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
0x5dd60000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\RPCNS4.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

E_S40RP7.EXE pid: 1968
Command line: "C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE"

Base Size Version Path
0x01000000 0x20000 4.00.0002.0000 C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
0x5dd60000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\RPCNS4.dll

jqs.exe pid: 2140
Command line: "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"

Base Size Version Path
0x00400000 0x24000 6.00.0170.0004 C:\Programmi\Java\jre6\bin\jqs.exe
0x7c340000 0x56000 7.10.3052.0004 C:\Programmi\Java\jre6\bin\MSVCR71.dll
0x674c0000 0x6000 2000.85.1132.0000 C:\WINDOWS\system32\odbcbcp.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x79fd0000 0x8000 1.01.4322.0573 C:\WINDOWS\system32\netfxperf.dll
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x640d0000 0x16000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x00d40000 0x590000 2.00.50727.3603 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x60310000 0x17000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x7d9b0000 0x166000 5.01.2600.5847 C:\WINDOWS\System32\query.dll
0x693b0000 0x6000 5.02.2600.5512 C:\WINDOWS\system32\fxsperf.dll
0x610c0000 0x2b000 2001.12.4414.0706 C:\WINDOWS\system32\msdtcuiu.DLL
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL
0x6da30000 0x6d000 2001.12.4414.0706 C:\WINDOWS\system32\MSDTCPRX.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5ebe0000 0xd000 5.01.2600.5512 C:\WINDOWS\system32\perfctrs.dll
0x38ee0000 0x2d2000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\OLMAPI32.DLL
0x5ebd0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\perfdisk.dll
0x5ebc0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\perfnet.dll
0x5eba0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\perfos.dll
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x5e620000 0x6000 5.01.2600.0000 C:\WINDOWS\system32\pschdprf.dll
0x5e060000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\rasctrs.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x5d840000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\rsvpperf.dll
0x5bbf0000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\tapiperf.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x5eb80000 0x6000 5.01.2600.0000 C:\WINDOWS\system32\perfts.dll
0x5b1c0000 0xa000 5.01.2600.0000 C:\WINDOWS\system32\UTILDLL.dll
0x59d70000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wmiaprpl.dll
0x72ed0000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\loadperf.dll

NBService.exe pid: 2248
Command line: "C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe"

Base Size Version Path
0x00400000 0xe3000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x59e60000 0xa1000 5.01.2600.5512 C:\WINDOWS\system32\dbghelp.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x10000000 0x118000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NB.dll
0x69940000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll
0x00a30000 0x6d000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\LBFC.dll
0x73540000 0x47000 5.01.2600.5512 C:\WINDOWS\system32\mstask.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x011b0000 0x42000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBBurn.dll
0x01210000 0x27000 9.00.0000.0100 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll

StarWindService.exe pid: 2668
Command line: "C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"

Base Size Version Path
0x00400000 0x3a000 2.06.0000.1025 C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

svchost.exe pid: 2704
Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x75a20000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll
0x74a70000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll
0x73aa0000 0x15000 5.01.2600.5627 c:\windows\system32\mscms.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x73b10000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll

unsecapp.exe pid: 3428
Command line: C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding

Base Size Version Path
0x01000000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\wbem\unsecapp.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

alg.exe pid: 3832
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.5512 C:\WINDOWS\System32\alg.exe
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\System32\ATL.DLL
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

wmiprvse.exe pid: 4092
Command line: C:\WINDOWS\system32\wbem\wmiprvse.exe

Base Size Version Path
0x01000000 0x3a000 5.01.2600.5755 C:\WINDOWS\system32\wbem\wmiprvse.exe
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x46ea0000 0x151000 5.01.2600.5512 C:\WINDOWS\system32\wbem\cimwin32.dll
0x697b0000 0x30000 5.01.2600.5512 C:\WINDOWS\system32\wbem\framedyn.dll

AAWTray.exe pid: 3160
Command line: C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe

Base Size Version Path
0x00400000 0x82000 8.00.0000.0000 C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
0x78480000 0x8e000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll
0x78520000 0xa3000 9.00.30729.0001 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x190000 C:\Programmi\Lavasoft\Ad-Aware\Resources.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

iexplore.exe pid: 1672
Command line: "C:\Programmi\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x9c000 8.00.6001.18702 C:\Programmi\Internet Explorer\iexplore.exe
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x71600000 0x79000 5.01.2600.5906 C:\WINDOWS\AppPatch\AcLayers.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x40260000 0xa93000 8.00.6001.18854 C:\WINDOWS\system32\IEFRAME.dll
0x009b0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x01ef0000 0x2a000 8.00.6001.18702 C:\WINDOWS\system32\IEUI.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x4cf40000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\EapolQec.dll
0x745c0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\QUtil.dll
0x45210000 0x40000 8.00.6001.18854 C:\Programmi\Internet Explorer\ieproxy.dll
0x74680000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\oleacc.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x44f30000 0x94000 8.00.6001.18854 C:\WINDOWS\system32\msfeeds.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x74d20000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x10000000 0x1f7000 6.02.0010.0031 C:\Programmi\File comuni\Nero\SMC\NeroDigitalExt.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL
0x02b80000 0x5b000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
0x03c10000 0x4c000 9.00.0000.0000 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
0x3fac0000 0x5ae000 8.00.6001.18854 C:\WINDOWS\system32\mshtml.dll
0x00b80000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll

iexplore.exe pid: 3016
Command line: "C:\Programmi\Internet Explorer\iexplore.exe" SCODEF:1672 CREDAT:14337

Base Size Version Path
0x00400000 0x9c000 8.00.6001.18702 C:\Programmi\Internet Explorer\iexplore.exe
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x71600000 0x79000 5.01.2600.5906 C:\WINDOWS\AppPatch\AcLayers.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x40260000 0xa93000 8.00.6001.18854 C:\WINDOWS\system32\IEFRAME.dll
0x451f0000 0x6000 8.00.6001.18854 C:\Programmi\Internet Explorer\xpshims.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x45210000 0x40000 8.00.6001.18854 C:\Programmi\Internet Explorer\ieproxy.dll
0x01c40000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x53000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x02420000 0x21000 9.00.0000.0000 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.ITA
0x02470000 0x11000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
0x024a0000 0x10000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL
0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSImg32.dll
0x027a0000 0x1a5000 12.00.4518.1014 C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
0x66b40000 0x17d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL
0x74910000 0x123000 8.100.1051.0000 C:\WINDOWS\system32\msxml3.dll
0x6d440000 0xc000 6.00.0170.0004 C:\Programmi\Java\jre6\bin\jp2ssv.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Programmi\Java\jre6\bin\MSVCR71.dll
0x6dae0000 0x12000 6.00.0170.0004 C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
0x3fac0000 0x5ae000 8.00.6001.18854 C:\WINDOWS\system32\mshtml.dll
0x03560000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x6f000 8.00.6001.18669 C:\WINDOWS\system32\ieapfltr.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x42700000 0x2f000 8.00.6001.18854 C:\WINDOWS\system32\iepeers.dll
0x74680000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 8.00.6001.18702 C:\WINDOWS\system32\pngfilt.dll
0x35c50000 0x39000 8.00.6001.18702 C:\WINDOWS\system32\Dxtrans.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x6d950000 0xa000 5.03.2600.5512 C:\WINDOWS\system32\ddrawex.dll
0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll
0x35cb0000 0x57000 8.00.6001.18702 C:\WINDOWS\system32\Dxtmsft.dll
0x74d20000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x06a20000 0x4a4000 10.00.0042.0034 C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx
0x73aa0000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x12950000 0xa66000 11.00.5721.5268 C:\WINDOWS\system32\wmp.dll
0x75df0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\MSVFW32.dll
0x59e60000 0xa1000 5.01.2600.5512 C:\WINDOWS\system32\dbghelp.dll
0x13740000 0x7e8000 11.00.5721.5145 C:\WINDOWS\system32\wmploc.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x0bef0000 0x37000 11.00.5721.5145 C:\WINDOWS\system32\MFPlat.DLL
0x0a900000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll
0x738b0000 0xd0000 5.03.2600.5512 C:\WINDOWS\system32\D3DIM700.DLL
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
0x03720000 0xf000 C:\Programmi\D-Link\Software Bluetooth\btkeyind.dll

iexplore.exe pid: 2992
Command line: "C:\Programmi\Internet Explorer\iexplore.exe" SCODEF:1672 CREDAT:145410

Base Size Version Path
0x00400000 0x9c000 8.00.6001.18702 C:\Programmi\Internet Explorer\iexplore.exe
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x71600000 0x79000 5.01.2600.5906 C:\WINDOWS\AppPatch\AcLayers.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x40260000 0xa93000 8.00.6001.18854 C:\WINDOWS\system32\IEFRAME.dll
0x451f0000 0x6000 8.00.6001.18854 C:\Programmi\Internet Explorer\xpshims.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x45210000 0x40000 8.00.6001.18854 C:\Programmi\Internet Explorer\ieproxy.dll
0x01c40000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x53000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x020f0000 0x21000 9.00.0000.0000 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.ITA
0x02170000 0x10000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL
0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSImg32.dll
0x021f0000 0x1a5000 12.00.4518.1014 C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
0x66b40000 0x17d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL
0x74910000 0x123000 8.100.1051.0000 C:\WINDOWS\system32\msxml3.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x3fac0000 0x5ae000 8.00.6001.18854 C:\WINDOWS\system32\mshtml.dll
0x02f00000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x72ea0000 0x6f000 8.00.6001.18669 C:\WINDOWS\system32\ieapfltr.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x74680000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 8.00.6001.18702 C:\WINDOWS\system32\pngfilt.dll
0x35c50000 0x39000 8.00.6001.18702 C:\WINDOWS\system32\Dxtrans.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x6d950000 0xa000 5.03.2600.5512 C:\WINDOWS\system32\ddrawex.dll
0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll
0x35cb0000 0x57000 8.00.6001.18702 C:\WINDOWS\system32\Dxtmsft.dll
0x74d20000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x089a0000 0xf000 C:\Programmi\D-Link\Software Bluetooth\btkeyind.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x738b0000 0xd0000 5.03.2600.5512 C:\WINDOWS\system32\D3DIM700.DLL
0x00b50000 0x11000 9.00.0000.0332 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
0x6d440000 0xc000 6.00.0170.0004 C:\Programmi\Java\jre6\bin\jp2ssv.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Programmi\Java\jre6\bin\MSVCR71.dll
0x6dae0000 0x12000 6.00.0170.0004 C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
0x42700000 0x2f000 8.00.6001.18854 C:\WINDOWS\system32\iepeers.dll
0x04530000 0x4a4000 10.00.0042.0034 C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx
0x73aa0000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
0x06b10000 0x4c000 9.00.0000.0000 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x5f800000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll

ntvdm.exe pid: 2628
Command line: "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe

Base Size Version Path
0x0f000000 0xa7000 5.01.2600.5512 C:\WINDOWS\system32\ntvdm.exe
0x5f5a0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\NTVDMD.DLL
0x5f590000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\NWAPI16.DLL
0x5f570000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NWAPI32.dll
0x5f520000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\NWPROVAU.dll
0x5af90000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\VWIPXSPX.DLL
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71ec0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\wshisn.dll
0x0ffb0000 0x45000 5.01.2600.5512 C:\WINDOWS\system32\WOW32.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5b840000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\tsappcmp.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

wscntfy.exe pid: 2576
Command line: C:\WINDOWS\system32\wscntfy.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\wscntfy.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

sys84308.exe pid: 2604
Command line: "C:\Documents and Settings\Biagio\Desktop\sys84308.exe"

Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\Biagio\Desktop\sys84308.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

runme.exe pid: 3332
Command line: runme.exe

Base Size Version Path
0x00400000 0x5e000 3.06.0000.0007 C:\DOCUME~1\Biagio\IMPOST~1\Temp\nsw5DE.tmp\runme.exe
0x73390000 0x153000 6.00.0098.0002 C:\WINDOWS\system32\MSVBVM60.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll
0x01460000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18854 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x01ab0000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll

cmd.exe pid: 4040
Command line: cmd /c uuoywfrygn.exe > tempd.txt

Base Size Version Path
0x4ad00000 0x63000 5.01.2600.5512 C:\WINDOWS\system32\cmd.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

uuoywfrygn.exe pid: 2460
Command line: uuoywfrygn.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\Biagio\IMPOST~1\Temp\nsw5DE.tmp\uuoywfrygn.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

===================== NTFS ADS =====================

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\hpc:1358375374 72 bytes
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\hpc:2704092260 136 bytes
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\hpc:3898751835 113 bytes
C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DFC5A2B2 152 bytes
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documenti\TNTforum - Reaper Stagione 1 .url:favicon 22486 bytes
C:\Documents and Settings\Biagio:zylomtest 0 bytes
C:\Documents and Settings\Biagio:zylomtr{00013KEU-UKQE-K6V0-DNSL-22H2BN66GVVR} 17 bytes
C:\Documents and Settings\Biagio\Documenti\Immagini\Raccolta multimediale Microsoft\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Biagio\Preferiti\Accedi Facebook.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Aiutamici.com.url:favicon 2862 bytes
C:\Documents and Settings\Biagio\Preferiti\AliceCasa\ilpuntotecnicoeadsl.com - Indice.url:favicon 1078 bytes
C:\Documents and Settings\Biagio\Preferiti\AliceCasa\[Thread Ufficiale] Alice Gate VoIP 2 Plus Wi-Fi - Hardware Upgrade Forum.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\animedb Guarda tantissimi film, anime e cartoni in streaming « SMaNEttONi.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Auguri.it - Cartoline virtuali gratis per fare gli auguri.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Banca\ING DIRECT.url:favicon 0 bytes
C:\Documents and Settings\Biagio\Preferiti\Banca\Intesa Sanpaolo. Vicini a Voi..url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Repubblica.it.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\Servizi\ESSELUNGA - Homepage.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\Servizi\Monitoraggio Finanziaria 2008.url:favicon 4926 bytes
C:\Documents and Settings\Biagio\Preferiti\Servizi\Poste Italiane - Home page.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Servizi\Telecom Italia - 187.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Servizi\VcastCanali.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Software\DDL2.com - Latest Direct Downloads!.url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Software\Stai per scaricare CCleaner 2.01.507 Software Windows Download.HTML.it.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\Spettacolo\YouTube - Broadcast Yourself..url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Cartoline.net - cartoline virtuali animate e auguri da inviare gratis ad amici e conoscenti.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Collegamenti\Siti suggeriti.url:favicon 25214 bytes
C:\Documents and Settings\Biagio\Preferiti\Commercio\CHL - Acquisti online di Informatica, Audio Video, Telefonia, Fotografia, Elettrodomestici.url:favicon 1386 bytes
C:\Documents and Settings\Biagio\Preferiti\Corriere della Sera.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Cover\Darktown.to.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Cover\coverMegaSearch.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Cover\Le copertine di www.marcelloweb.it - search your cover.url:favicon 766 bytes
C:\Documents and Settings\Biagio\Preferiti\Discoveritalia.url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Divertimento, Curiosità, Web Cam, Suonerie Cellulari, Test.url:favicon 3262 bytes
C:\Documents and Settings\Biagio\Preferiti\F.C. INTERNAZIONALE MILANO - SITO UFFICIALE.url:favicon 4710 bytes
C:\Documents and Settings\Biagio\Preferiti\Hattrick.url:favicon 3126 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\... Il Portale Tributario della Regione Lombardia ....url:favicon 822 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\Agenzia delle Entrate - Home Page.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\Comune di Rivello (PZ) - Italia Informazioni.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\Comune di Vanzago (MI) - Italia Informazioni.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\Direzione Centrale per la Formazione Vigili del Fuoco - Home.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\Imprese, famiglie, mutui, fisco Decreto anti-crisi dalla A alla Z - Il Sole 24 ORE.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Istituzioni\Monitoraggio Finanziaria 2008.url:favicon 4926 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\HTML.it.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\Aiutamici.com.url:favicon 2862 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\Hardware Upgrade - Il sito italiano sulla tecnologia - www.hwupgrade.it.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\Libero - Assistenza.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\PC PRIMI PASSI,il portale italiano per i neofiti del computer,corsi,servizi gratuiti,articoli,aiu.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\SOFTWARE ZONE, il software che cerchi.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\Strumento recupero dati per Windows XP, Windows 2000-2003 e Windows NT.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\PC\WinTricks.it - Windows News Software.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\java.com Java + You.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\La Gazzetta dello Sport foto e video di calcio, formula 1, ciclismo, motomondiale.url:favicon 3262 bytes
C:\Documents and Settings\Biagio\Preferiti\Leopard\Bios.url:favicon 9062 bytes
C:\Documents and Settings\Biagio\Preferiti\Leopard\Chicche di Cala - Costruire un Hackintosh Mac con il sistema operativo Leopard [Guida passo passo].url:favicon 5430 bytes
C:\Documents and Settings\Biagio\Preferiti\Leopard\Il Mac costa troppo Fatti un “Hackintosh” - Geekissimo.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Leopard\Il modo più semplice per installare Mac Os X 10.5.1 sul proprio Pc senza Hack - Geekissimo.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Leopard\Installare Mac OS X Leopard sul tuo PC -2.url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Lonely Planet Italia.url:favicon 372 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\DivX DooR - Copiare DVD, Masterizzare DVD, DivX, AC3, Mp3, Mpeg.url:favicon 2238 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\Manuali.it - Manuali, Corsi online, Miniguide, Glossario.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\MondoDvd.net Dvd video , hd dvd, blu-ray disc, masterizzazione, backup dvd, video-editing.. GRATIS!.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\Sito Guida alla masterizzazione.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\Videomakers - Pagina 1-4 - Canopus Edius 2 Prova su Strada Part 2.url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\WebMasterPoint.org - DIVX Come aprire e masterizzare i file .bin, .cue, .iso.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Manuali Video\World Divx - Software e guide per divx e DVD.url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Moduli.it.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\ADSL HP Alice Adsl.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Area download Microsoft.url:favicon 3638 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Google Maps.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Google Translate.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Google.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Libero.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Mininova The ultimate BitTorrent source!.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Tiscali Italia.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\TorrentPump.com - torrent search engine.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Torrents Search Engine.url:favicon 894 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\VIRGILIO.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Windows Live.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\Motori\Yahoo! Italia.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\nardonardo.url:favicon 822 bytes
C:\Documents and Settings\Biagio\Preferiti\Suonerie gratis.url:favicon 1150 bytes
C:\Documents and Settings\Biagio\Preferiti\TNTforum - Reaper Stagione 1 .url:favicon 22486 bytes
C:\Documents and Settings\Biagio\Preferiti\Trasporti & Viaggi\Aurum Hotels.url:favicon 390 bytes
C:\Documents and Settings\Biagio\Preferiti\Trasporti & Viaggi\Ferrovie dello Stato - Homepage.url:favicon 1406 bytes
C:\Documents and Settings\Biagio\Preferiti\Wikipedia.url:favicon 318 bytes
C:\Documents and Settings\Biagio\Preferiti\YouTube - Broadcast Yourself..url:favicon 318 bytes

===================== ENCRYPTED FILES =====================

===================== HIDDEN OBJECTS =====================

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ec,46,62,75,df,6b,8a,11,87,05,08,e1,27,75,45,5e,44,27,5d,40,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,db,e9,a4,85,76,a0,81,6c,21,97,d2,f8,36,63,52,ca,..
"khjeh"=hex:15,61,0f,bd,d3,c9,39,e5,15,19,1f,46,dc,d9,a7,7f,28,e3,be,7a,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:14,39,e5,6b,db,d9,c0,b2,7a,0e,56,07,09,a0,f2,db,b5,b0,1f,8f,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,b0,e2,f2,0e,3e,b8,54,7c,18,b4,4d,99,80,7e,55,fa,0f,..
"ljej40"=hex:c8,98,0a,e2,b7,e9,5b,ed,9f,03,42,8e,9c,7b,47,c8,54,63,9c,59,bf,..
"ljej41"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
"ljej42"=hex:d1,36,9d,f9,be,58,a6,3e,a2,f0,44,0b,6b,5a,2d,be,3e,0b,9e,20,64,..
"ljej43"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
"ljej44"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
"ljej45"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
"ljej46"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
"ljej47"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
"ljej48"=hex:58,98,0a,e2,cf,e9,5b,ed,9e,03,43,8e,9d,7b,47,c8,54,63,9c,59,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ec,46,62,75,df,6b,8a,11,87,05,08,e1,27,75,45,5e,44,27,5d,40,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,db,e9,a4,85,76,a0,81,6c,21,97,d2,f8,36,63,52,ca,..
"khjeh"=hex:15,61,0f,bd,d3,c9,39,e5,15,19,1f,46,dc,d9,a7,7f,28,e3,be,7a,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:14,39,e5,6b,db,d9,c0,b2,7a,0e,56,07,09,a0,f2,db,b5,b0,1f,8f,fc,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

===================== MASTER BOOT RECORD =====================

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x94fe9bd size 0x1fd !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x094FE9BD !

===================== NETWORK SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\-----

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\System32\mswsock.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\System32\winrnr.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\System32\mswsock.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\System32\nwprovau.dll"

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000018]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000019]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000020]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000021]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000022]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000023]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000024]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000025]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000026]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~

-----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~

Connessioni attive
Proto Indirizzo locale Indirizzo esterno Stato PID
TCP biagio-1e59a061:epmap 0.0.0.0:0 LISTENING 1040
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]
TCP biagio-1e59a061:microsoft-ds 0.0.0.0:0 LISTENING 4
[Sistema]
TCP biagio-1e59a061:3260 0.0.0.0:0 LISTENING 2668
[StarWindService.exe]
TCP biagio-1e59a061:3261 0.0.0.0:0 LISTENING 2668
[StarWindService.exe]
TCP biagio-1e59a061:20342 0.0.0.0:0 LISTENING 1400
[btdna.exe]
TCP biagio-1e59a061:1035 0.0.0.0:0 LISTENING 3832
[alg.exe]
TCP biagio-1e59a061:5152 0.0.0.0:0 LISTENING 2140
[jqs.exe]
TCP biagio-1e59a061:30606 0.0.0.0:0 LISTENING 1756
[ekrn.exe]
TCP biagio-1e59a061:2995 localhost:30606 CLOSE_WAIT 3332
[runme.exe]
TCP biagio-1e59a061:5152 localhost:2952 CLOSE_WAIT 2140
[jqs.exe]
UDP biagio-1e59a061:isakmp *:* 812
[lsass.exe]
UDP biagio-1e59a061:20342 *:* 1400
[btdna.exe]
UDP biagio-1e59a061:4500 *:* 812
[lsass.exe]
UDP biagio-1e59a061:microsoft-ds *:* 4
[Sistema]
UDP biagio-1e59a061:1900 *:* 1276
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP biagio-1e59a061:2769 *:* 3016
[iexplore.exe]
UDP biagio-1e59a061:ntp *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP biagio-1e59a061:2880 *:* 2992
[iexplore.exe]
UDP biagio-1e59a061:1900 *:* 1400
[btdna.exe]

~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~

Nome cond. Risorsa Nota
D$ D:\ Condivisione predefinita
print$ C:\WINDOWS\system32\spool\drivers
Driver della stampante
ADMIN$ C:\WINDOWS Amministrazione remota
C$ C:\ Condivisione predefinita
IPC$ IPC remoto
ShareDocs C:\Documents and Settings\All Users\Documenti

EPSONS21 USB002 Spooler EPSON S21 Series

~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\

~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~

Nessuna connessione

~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~

-----C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Connections\Pbk\rasphone.pbk

[Alice ADSL]
Encoding=1
Type=5
AutoLogon=0
UseRasCredentials=1
DialParamsUID=96875960
Guid=214FF6313CC3EB4A8CEACA9E092355E5
BaseProtocol=1
VpnStrategy=0
ExcludedProtocols=3
LcpExtensions=1
DataEncryption=8
SwCompression=1
NegotiateMultilinkAlways=0
SkipNwcWarning=0
SkipDownLevelDialog=0
SkipDoubleDialDialog=0
DialMode=1
DialPercent=75
DialSeconds=120
HangUpPercent=10
HangUpSeconds=120
OverridePref=15
RedialAttempts=3
RedialSeconds=60
IdleDisconnectSeconds=1200
RedialOnLinkFailure=1
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=
AuthenticateServer=0
ShareMsFilePrint=1
BindMsNetClient=0
SharedPhoneNumbers=0
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=
PreferredDevice=
PreferredBps=0
PreferredHwFlow=0
PreferredProtocol=0
PreferredCompression=0
PreferredSpeaker=0
PreferredMdmProtocol=0
PreviewUserPw=1
PreviewDomain=0
PreviewPhoneNumber=0
ShowDialingProgress=1
ShowMonitorIconInTaskBar=1
CustomAuthKey=-1
AuthRestrictions=632
TypicalAuth=1
IpPrioritizeRemote=1
IpHeaderCompression=0
IpAddress=0.0.0.0
IpDnsAddress=0.0.0.0
IpDns2Address=0.0.0.0
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=1
IpFrameSize=1006
IpDnsFlags=0
IpNBTFlags=0
TcpWindowSize=0
UseFlags=1
IpSecFlags=0
IpDnsSuffix=

NETCOMPONENTS=
ms_server=1
ms_msclient=0
ms_psched=1
ms_nwsapagent=1

MEDIA=rastapi
Port=PPPoE6-0
Device=Miniport WAN (PPPOE)

DEVICE=PPPoE
PhoneNumber=
AreaCode=
CountryCode=39
CountryID=39
UseDialingRules=0
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1

===================== HOSTS FILE =====================

127.0.0.1 localhost

===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

C:\mbr.exe --> is compressed with UPX
C:\WINDOWS\MBR.exe --> is compressed with UPX
C:\WINDOWS\NIRCMD.exe --> is compressed with UPX
C:\WINDOWS\PEV.exe --> is compressed with PECompact
C:\WINDOWS\SWREG.exe --> is compressed with UPX
C:\WINDOWS\SWSC.exe --> is compressed with UPX

===================== UNINSTALL LIST =====================

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

[Uninstall]

[Uninstall\6194C28A8F62DD817EA1B918E6E46E806A21B452]
"UninstallString"="C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf"
"DisplayName"="Pacchetto driver Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)"
"DisplayIcon"=expand:"C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe,0"

[Uninstall\65B6FE5418CE28F4D72543FB2D964C3CEC83F161]
"UninstallString"="C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf"
"DisplayName"="Pacchetto driver Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)"
"DisplayIcon"=expand:"C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe,0"

[Uninstall\Ad-Aware]
"DisplayIcon"="C:\Documents and Settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe"
"DisplayName"="Ad-Aware"
"UninstallString"="\"C:\Documents and Settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe\" REMOVE=TRUE MODIFY=FALSE"

[Uninstall\AddressBook]

[Uninstall\Adobe AIR]
"DisplayIcon"="C:\PROGRA~1\FILECO~1\ADOBEA~1\Versions\1.0\RESOUR~1\ADOBEA~1.EXE"
"DisplayName"="Adobe AIR"
"UninstallString"="C:\Programmi\File comuni\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall"

[Uninstall\Adobe Flash Player ActiveX]
"DisplayName"="Adobe Flash Player 10 ActiveX"
"DisplayIcon"="C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
"UninstallString"="C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"

[Uninstall\Adobe Flash Player Plugin]
"DisplayName"="Adobe Flash Player 10 Plugin"
"DisplayIcon"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
"UninstallString"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"

[Uninstall\Adobe_faf656ef605427ee2f42989c3ad31b8]
"DisplayName"="Adobe Photoshop CS4"
"DisplayIcon"="C:\Programmi\File comuni\Adobe\\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe,0"
"UninstallString"="C:\Programmi\File comuni\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1"

[Uninstall\Ashampoo WinOptimizer 2010_is1]
"DisplayName"="Ashampoo WinOptimizer 2010"
"UninstallString"="\"C:\Programmi\Ashampoo\Ashampoo WinOptimizer 2010\unins000.exe\""

[Uninstall\ATI Display Driver]
"DisplayName"="ATI Display Driver"
"UninstallString"="rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean"

[Uninstall\Branding]

[Uninstall\C-Media Audio Driver]
"DisplayName"="C-Media WDM Audio Driver"
"UninstallString"="C:\WINDOWS\system32\cmirmdrv.exe"

[Uninstall\CDEdit 1.145_is1]
"DisplayName"="CDEdit version 1.145"
"UninstallString"="\"C:\Programmi\CDEdit 1.14\unins000.exe\""

[Uninstall\CloneCD]
"DisplayName"="CloneCD"
"UninstallString"="\"C:\Programmi\SlySoft\CloneCD\ccd-uninst.exe\" /D=\"C:\Programmi\SlySoft\CloneCD\""

[Uninstall\CNXT_MODEM_PCI_HSF]
"DisplayName"="PCI SoftV92 Modem"
"UninstallString"="C:\Programmi\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -IPSCRCSR5K.inf"

[Uninstall\Connection Manager]

[Uninstall\DirectAnimation]

[Uninstall\DirectDrawEx]

[Uninstall\DVD Shrink_is1]
"DisplayName"="DVD Shrink 3.2"
"UninstallString"="\"C:\Programmi\DVD Shrink\unins000.exe\""

[Uninstall\DXM_Runtime]

[Uninstall\eMule]
"DisplayName"="eMule"
"UninstallString"="\"C:\Programmi\eMule\Uninstall.exe\""

[Uninstall\ENTERPRISE]
"DisplayIcon"="C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\OSETUP.DLL,1"
"DisplayName"="Microsoft Office Enterprise 2007"
"UninstallString"="\"C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe\" /uninstall ENTERPRISE /dll OSETUP.DLL"

[Uninstall\EPSON Photo Print]
"UninstallString"="C:\WINDOWS\IsUn0410.exe -f\"C:\Programmi\EPSON\Photo Print\Uninst.isu\""
"DisplayName"="EPSON Photo Print"

[Uninstall\EPSON S21 Series]
"DisplayName"="EPSON S21 Series Printer Uninstall"
"UninstallString"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFAE.EXE /R /APD /P:\"EPSON S21 Series\""

[Uninstall\EPSON S21 Series\PrinterDrivers]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series\Files]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series\Files\Extension]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series\Files\Extension\101]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series\Files\Extension\102]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series\Settings]

[Uninstall\EPSON S21 Series\PrinterDrivers\EPSON S21 Series\Settings\HKEY_LOCAL_MACHINE]

[Uninstall\Epson Stylus S21_T21_T27 Guida utente]
"DisplayName"="Epson Stylus S21_T21_T27 Manuale"
"UninstallString"="C:\Programmi\EPSON\TPMANUAL\ESS21_T21_T27\ITA\USE_G\DOCUNINS.EXE"

[Uninstall\Fontcore]

[Uninstall\ICW]

[Uninstall\IDNMitigationAPIs]

[Uninstall\IE40]

[Uninstall\IE4Data]

[Uninstall\IE5BAKEX]

[Uninstall\ie7]

[Uninstall\ie8]
"DisplayName"="Windows Internet Explorer 8"
"UninstallString"="\"C:\WINDOWS\ie8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\Internet Explorer\iexplore.exe"

[Uninstall\IEData]

[Uninstall\InstallShield Uninstall Information]

[Uninstall\InstallShield Uninstall Information\{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}]

[Uninstall\InstallShield Uninstall Information\{3633BA28-67CE-4AC8-A677-3406CA84C3D8}]

[Uninstall\InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}]
"UninstallString"="C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL"
"DisplayName"="OpenMG AAC Add-on Module 1.0.00"
"InstallSource"="F:\common\omgaddon\"
"DisplayIcon"=expand:""

[Uninstall\InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}]
"UninstallString"="C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL"
"DisplayName"="OpenMG Secure Module 4.5.01"
"InstallSource"="F:\common\openmg\"
"DisplayIcon"=expand:""

[Uninstall\KB892130]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
"UninstallString"=""

[Uninstall\KB898461]
"DisplayName"="Aggiornamento per Windows XP (KB898461)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe\""

[Uninstall\KB915865]
"DisplayName"="Hotfix for Windows XP (KB915865)"
"UninstallString"=""

[Uninstall\KB923561]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB923561)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe\""

[Uninstall\KB936782_WMP11]
"DisplayName"="Aggiornamento della protezione per Windows Media Player 11 (KB936782)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB938127-v2-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB938464]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB938464)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe\""

[Uninstall\KB939683]
"DisplayName"="Aggiornamento rapido per Windows Media Player 11 (KB939683)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB941569]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB941569)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe\""

[Uninstall\KB946648]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB946648)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe\""

[Uninstall\KB950762]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB950762)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe\""

[Uninstall\KB950974]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB950974)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe\""

[Uninstall\KB951066]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951066)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe\""

[Uninstall\KB951376-v2]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951376-v2)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe\""

[Uninstall\KB951698]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951698)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe\""

[Uninstall\KB951748]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951748)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe\""

[Uninstall\KB951978]
"DisplayName"="Aggiornamento per Windows XP (KB951978)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe\""

[Uninstall\KB952004]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB952004)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe\""

[Uninstall\KB952069_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB952069)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB952287]
"DisplayName"="Aggiornamento rapido per Windows XP (KB952287)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe\""

[Uninstall\KB952954]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB952954)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe\""

[Uninstall\KB954154_WM11]
"DisplayName"="Aggiornamento della protezione per Windows Media Player 11 (KB954154)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB954155_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB954155)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB954211]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB954211)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe\""

[Uninstall\KB954459]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB954459)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe\""

[Uninstall\KB954550-v5]
"DisplayName"="Hotfix for Windows XP (KB954550-v5)"
"UninstallString"=""

[Uninstall\KB954600]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB954600)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe\""

[Uninstall\KB955069]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB955069)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe\""

[Uninstall\KB955759]
"DisplayName"="Aggiornamento per Windows XP (KB955759)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe\""

[Uninstall\KB955839]
"DisplayName"="Aggiornamento per Windows XP (KB955839)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe\""

[Uninstall\KB956391]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956391)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe\""

[Uninstall\KB956572]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956572)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe\""

[Uninstall\KB956744]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956744)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe\""

[Uninstall\KB956802]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956802)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe\""

[Uninstall\KB956803]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956803)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe\""

[Uninstall\KB956841]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956841)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe\""

[Uninstall\KB956844]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956844)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe\""

[Uninstall\KB957095]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB957095)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe\""

[Uninstall\KB957097]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB957097)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe\""

[Uninstall\KB958215-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB958644]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958644)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe\""

[Uninstall\KB958687]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958687)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe\""

[Uninstall\KB958690]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958690)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe\""

[Uninstall\KB958869]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958869)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe\""

[Uninstall\KB959426]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB959426)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe\""

[Uninstall\KB959772_WM11]
"DisplayName"="Aggiornamento critico per Windows Media Player 11 (KB959772)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB960225]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960225)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe\""

[Uninstall\KB960714-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB960715]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960715)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe\""

[Uninstall\KB960803]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960803)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe\""

[Uninstall\KB960859]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960859)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe\""

[Uninstall\KB961118]
"DisplayName"="Aggiornamento rapido per Windows XP (KB961118)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe\""

[Uninstall\KB961260-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB961371]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB961371)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe\""

[Uninstall\KB961373]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB961373)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe\""

[Uninstall\KB961501]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB961501)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe\""

[Uninstall\KB963027-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB967715]
"DisplayName"="Aggiornamento per Windows XP (KB967715)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe\""

[Uninstall\KB968389]
"DisplayName"="Aggiornamento per Windows XP (KB968389)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe\""

[Uninstall\KB968537]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB968537)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe\""

[Uninstall\KB968816_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB968816)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB969059]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB969059)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe\""

[Uninstall\KB969897-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB969897-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB969897)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB969898]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB969898)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe\""

[Uninstall\KB969947]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB969947)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe\""

[Uninstall\KB970238]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB970238)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe\""

[Uninstall\KB970430]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB970430)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe\""

[Uninstall\KB970653-v3]
"DisplayName"="Aggiornamento rapido per Windows XP (KB970653-v3)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe\""

[Uninstall\KB971180-IE8]
"DisplayName"="Aggiornamento per Windows Internet Explorer 8 (KB971180)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB971486]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971486)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe\""

[Uninstall\KB971557]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971557)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe\""

[Uninstall\KB971633]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971633)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe\""

[Uninstall\KB971657]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971657)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe\""

[Uninstall\KB971737]
"DisplayName"="Aggiornamento per Windows XP (KB971737)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe\""

[Uninstall\KB971961-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB972260-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB972260)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB973346]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973346)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe\""

[Uninstall\KB973354]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973354)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe\""

[Uninstall\KB973507]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973507)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe\""

[Uninstall\KB973525]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973525)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe\""

[Uninstall\KB973540_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB973540)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB973687]
"DisplayName"="Aggiornamento per Windows XP (KB973687)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe\""

[Uninstall\KB973815]
"DisplayName"="Aggiornamento per Windows XP (KB973815)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe\""

[Uninstall\KB973869]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973869)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe\""

[Uninstall\KB973904]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973904)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe\""

[Uninstall\KB974112]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB974112)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe\""

[Uninstall\KB974318]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB974318)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe\""

[Uninstall\KB974392]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB974392)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe\""

[Uninstall\KB974455-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB974571]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB974571)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe\""

[Uninstall\KB975025]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB975025)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe\""

[Uninstall\KB975467]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB975467)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe\""

[Uninstall\KB976098-v2]
"DisplayName"="Aggiornamento rapido per Windows XP (KB976098-v2)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe\""

[Uninstall\KB976325-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB976325)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KB976749-IE8]
"DisplayName"="Aggiornamento per Windows Internet Explorer 8 (KB976749)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"

[Uninstall\KLiteCodecPack_is1]
"DisplayName"="K-Lite Mega Codec Pack 4.1.7"
"UninstallString"="\"C:\Programmi\K-Lite Codec Pack\unins000.exe\""

[Uninstall\Malwarebytes' Anti-Malware_is1]
"DisplayName"="Malwarebytes' Anti-Malware"
"DisplayIcon"="C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe"
"UninstallString"="\"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe\""

[Uninstall\Microsoft .NET Framework 3.5 Language Pack - ita]
"DisplayIcon"="C:\WINDOWS\system32\msiexec.exe"
"DisplayName"="Microsoft .NET Framework 3.5 - Language Pack (italiano)"
"UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - ita\setup.exe"

[Uninstall\Microsoft .NET Framework 3.5 SP1]
"DisplayIcon"="C:\WINDOWS\system32\msiexec.exe"
"DisplayName"="Microsoft .NET Framework 3.5 SP1"
"UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe"

[Uninstall\MobileOptionPack]

[Uninstall\MPlayer2]

[Uninstall\MsJavaVM]

[Uninstall\NetMeeting]

[Uninstall\NLSDownlevelMapping]

[Uninstall\OpenMG HotFix4.5-06-05-10-01]
"UninstallString"="C:\Programmi\File comuni\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u"
"DisplayName"="OpenMG Limited Patch 4.5-06-05-12-01"

[Uninstall\OutlookExpress]

[Uninstall\PCHealth]
"UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf"

[Uninstall\SAMSUNG Mobile Composite Device]
"DisplayName"="SAMSUNG Mobile Composite Device Software"
"UninstallString"="C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe"

[Uninstall\SAMSUNG Mobile Modem]
"DisplayName"="SAMSUNG Mobile Modem Driver Set"
"UninstallString"="C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe"

[Uninstall\Samsung Mobile phone USB driver]
"DisplayName"="Samsung Mobile phone USB driver Software"
"UninstallString"="C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe"

[Uninstall\SAMSUNG Mobile USB Modem]
"DisplayName"="SAMSUNG Mobile USB Modem Software"
"UninstallString"="C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe"

[Uninstall\SAMSUNG Mobile USB Modem 1.0]
"DisplayName"="SAMSUNG Mobile USB Modem 1.0 Software"
"UninstallString"="C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe"

[Uninstall\SchedulingAgent]

[Uninstall\Total Uninstall 5_is1]
"DisplayName"="Total Uninstall 5.0.1"
"DisplayIcon"="C:\Programmi\Total Uninstall 5\Tu.exe"
"UninstallString"="\"C:\Programmi\Total Uninstall 5\unins000.exe\""

[Uninstall\UltraISO_is1]
"DisplayName"="UltraISO Premium V9.33"
"DisplayIcon"="C:\Programmi\UltraISO\UltraISO.exe"
"UninstallString"="\"C:\Programmi\UltraISO\unins000.exe\""

[Uninstall\Wdf01000]

[Uninstall\Wdf01001]

[Uninstall\Wdf01005]

[Uninstall\Wdf01007]

[Uninstall\Wdf01009]
"DisplayName"="Microsoft Kernel-Mode Driver Framework Feature Pack 1.9"
"UninstallString"="\"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe\""

[Uninstall\WGA]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"

[Uninstall\WgaNotify]
"DisplayName"="Windows Genuine Advantage Notifications (KB905474)"
"UninstallString"=""

[Uninstall\WIC]

[Uninstall\WinRAR archiver]
"DisplayName"="WinRAR gestione archivi"
"UninstallString"="C:\Programmi\WinRAR\uninstall.exe"
"DisplayIcon"="C:\Programmi\WinRAR\WinRAR.exe"

[Uninstall\XpsEPSC]
"DisplayName"="XML Paper Specification Shared Components Pack 1.0"
"UninstallString"=""

[Uninstall\XPSEPSCLP]
"DisplayName"="XML Paper Specification Shared Components Language Pack 1.0"
"UninstallString"="\"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe\""

[Uninstall\{02627ee5-eaca-4742-a9cc-e687631773e4}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_13\"
"DisplayName"="Nero ShowTime"

[Uninstall\{05308C4E-7285-4066-BAE3-6B50DA6ED755}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeAUM6.0All\"
"UninstallString"=expand:"MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}"
"DisplayName"="Adobe Update Manager CS4"

[Uninstall\{054EFA56-2AC1-48F4-A883-0AB89874B972}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeExtensionManager2All\"
"UninstallString"=expand:"MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}"
"DisplayName"="Adobe Extension Manager CS4"

[Uninstall\{086a7d8c-0a38-4c7f-819a-620275550d5c}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_4\"
"DisplayName"="Nero BurningROM"

[Uninstall\{098727E1-775A-4450-B573-3F441F1CA243}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\kuler2.0-mul\"
"UninstallString"=expand:"MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}"
"DisplayName"="kuler"

[Uninstall\{098A2A49-7CF3-4F08-A38D-FB879117152A}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeColorNA_ExtraSettings2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}"
"DisplayName"="Adobe Color NA Extra Settings CS4"

[Uninstall\{0D6013AB-A0C7-41DC-973C-E93129C9A29F}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeColorJA_ExtraSettings2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"
"DisplayName"="Adobe Color JA Extra Settings CS4"

[Uninstall\{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\"
"UninstallString"=expand:"MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}"
"DisplayName"="Adobe Setup"

[Uninstall\{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeColorEU_Recommended2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}"
"DisplayName"="Adobe Color EU Recommended Settings CS4"

[Uninstall\{0F723FC1-7606-4867-866C-CE80AD292DAF}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeCSIAll\"
"UninstallString"=expand:"MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}"
"DisplayName"="Adobe CSI CS4"

[Uninstall\{11E83B33-972B-4512-A447-FF0FD0246EE9}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe\" -l0x10 "

[Uninstall\{1618734A-3957-4ADD-8199-F973763109A8}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeALMAnchorService2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}"
"DisplayName"="Adobe Anchor Service CS4"

[Uninstall\{16E16F01-2E2D-4248-A42F-76261C147B6C}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeDriveAll\"
"UninstallString"=expand:"MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}"
"DisplayName"="Adobe Drive CS4"

[Uninstall\{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeColorCommonSetRGB2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"
"DisplayName"="AdobeColorCommonSetRGB"

[Uninstall\{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}]
"InstallSource"="d:\download\emule\adobe\adobe photoshop cs4 extended - italiano - (da provare)\payloads\adobeair1.0\"
"UninstallString"=expand:"MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"
"DisplayName"="Adobe AIR"

[Uninstall\{1c00c7c5-e615-4139-b817-7f4003de68c0}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_10\"
"DisplayName"="Nero PhotoSnap Help"

[Uninstall\{20400dbd-e6db-45b8-9b6b-1dd7033818ec}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_20\"
"DisplayName"="Nero InfoTool"

[Uninstall\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe\" -l0x10 "

[Uninstall\{2348b586-c9ae-46ce-936c-a68e9426e214}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_15\"
"DisplayName"="Nero StartSmart Help"

[Uninstall\{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}]
"InstallSource"="F:\common\omgaddon\"
"DisplayName"="OpenMG AAC Add-on Module 1.0.00"

[Uninstall\{23EFDB58-0874-4883-9810-EDA510B19FAE}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe\" -l0x10 "

[Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}]
"DisplayIcon"="C:\Programmi\Java\jre6\\bin\javaws.exe"
"InstallSource"="C:\Documents and Settings\Biagio\Dati applicazioni\Sun\Java\jre1.6.0_11\"
"UninstallString"=expand:"MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}"
"DisplayName"="Java(TM) 6 Update 17"

[Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FB}]
"DisplayIcon"="C:\Programmi\Java\jre6\\bin\javaws.exe"

[Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216015FB}]
"DisplayIcon"="C:\Programmi\Java\jre6\\bin\javaws.exe"

[Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}]
"DisplayIcon"="C:\Programmi\Java\jre6\\bin\javaws.exe"

[Uninstall\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe\" -l0x10 "

[Uninstall\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe\" -l0x10 "

[Uninstall\{2BFBC62A-3353-443D-93BE-7AC641D9F342}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe\" -l0x10 "

[Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}]
"DisplayIcon"="C:\Programmi\Java\jre1.6.0_07\\bin\javaws.exe"
"InstallSource"="C:\Documents and Settings\Biagio\Dati applicazioni\Sun\Java\jre1.6.0_07\"
"UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}"
"DisplayName"="Java(TM) 6 Update 7"

[Uninstall\{33cf58f5-48d8-4575-83d6-96f574e4d83a}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_19\"
"DisplayName"="Nero DriveSpeed"

[Uninstall\{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}]
"InstallSource"="C:\WINDOWS\system32\"
"DisplayName"="WebFldrs XP"

[Uninstall\{354052fb-cb7a-4ce9-8d7d-5b5483fb10e1}]
"DisplayName"="Blu-ray Disc Authoring Plug-in"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M13-0083-2710-5622-98W3-TL0A-THW4-9A0T\""

[Uninstall\{359cfc0a-beb1-440d-95ba-cf63a86da34f}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_12\"
"DisplayName"="Nero Recode"

[Uninstall\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobePDFSettings9-mul\"
"UninstallString"=expand:"MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"
"DisplayName"="PDF Settings CS4"

[Uninstall\{3633BA28-67CE-4AC8-A677-3406CA84C3D8}]
"InstallSource"="F:\common\openmg\"
"DisplayName"="OpenMG Secure Module 4.5.01"

[Uninstall\{368ba326-73ad-4351-84ed-3c0a7a52cc53}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_21\"
"DisplayName"="Nero Rescue Agent"

[Uninstall\{36cac872-5669-4610-9295-47828fc70fc5}]
"DisplayName"="Nero Move it"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M09-01AC-5TE3-KEU9-177W-C6E0-6KCT-2W4K\""

[Uninstall\{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeXMPPanelsAll\"
"UninstallString"=expand:"MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"
"DisplayName"="Adobe XMP Panels CS4"

[Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeColorPhotoshop2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"
"DisplayName"="Adobe Color - Photoshop Specific CS4"

[Uninstall\{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeWinSoftLinguisticsPluginAll\"
"UninstallString"=expand:"MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"
"DisplayName"="Adobe WinSoft Linguistics Plugin"

[Uninstall\{3e40958c-7902-4c0c-9209-f7716a871ddb}]
"DisplayName"="Nero 9"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A\""

[Uninstall\{3F4EC965-28EF-45C3-B063-04B25D4E9679}]
"InstallSource"="F:\Driver & Software\"
"UninstallString"=expand:"MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}"
"DisplayName"="D-Link Bluetooth Software"

[Uninstall\{43e39830-1826-415d-8bae-86845787b54b}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_16\"
"DisplayName"="Nero Vision"

[Uninstall\{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeServiceManager-mul\"
"UninstallString"=expand:"MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"
"DisplayName"="Adobe Service Manager Extension"

[Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_tpi_msxml-4\"
"UninstallString"=expand:"MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"
"DisplayName"="neroxml"

[Uninstall\{595a3116-40bb-4e0f-a2e8-d7951da56270}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_6\"
"DisplayName"="NeroExpress"

[Uninstall\{59EC5F32-D8D7-3909-B0CB-255AD09F5993}]
"InstallSource"="d:\17414968ed784d65bfedd40c6e7b3377\netfx30lp\"
"UninstallString"=expand:"MsiExec.exe /I{59EC5F32-D8D7-3909-B0CB-255AD09F5993}"
"DisplayName"="Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA"

[Uninstall\{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_16\"
"DisplayName"="Nero Vision"

[Uninstall\{5e08ecd1-c98e-4711-bf65-8fd736b3f969}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_21\"
"DisplayName"="Nero RescueAgent Help"

[Uninstall\{60c731fb-c951-41ce-ad41-8e54c8594609}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_50\"
"DisplayName"="Nero Disc Copy Gadget Help"

[Uninstall\{62ac81f6-bdd3-4110-9d36-3e9eaab40999}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_5\"
"DisplayName"="Nero CoverDesigner"

[Uninstall\{63C24A08-70F3-4C8E-B9FB-9F21A903801D}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeVideoProfilesCS2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"
"DisplayName"="Adobe Color Video Profiles CS CS4"

[Uninstall\{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobePhotoshop11-Support\"
"UninstallString"=expand:"MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"
"DisplayName"="Adobe Photoshop CS4 Support"

[Uninstall\{67F0E67A-8E93-4C2C-B29D-47C48262738A}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeDeviceCentral2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}"
"DisplayName"="Adobe Device Central CS4"

[Uninstall\{68243FF8-83CA-466B-B2B8-9F99DA5479C4}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeColorCommonSetCMYK2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"
"DisplayName"="AdobeColorCommonSetCMYK"

[Uninstall\{6C11D561-620B-47DA-A693-4C597F3CDF40}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe\" -l0x10 Uninstall"
"DisplayName"="EPSON Smart Panel"
"DisplayIcon"="C:\Programmi\EPSON\Smart Panel\SmaPanel.exe"

[Uninstall\{71CB2612-627C-3D58-8D82-B77444B27B6A}]
"InstallSource"="d:\17414968ed784d65bfedd40c6e7b3377\netfx20lp\"
"UninstallString"=expand:"MsiExec.exe /I{71CB2612-627C-3D58-8D82-B77444B27B6A}"
"DisplayName"="Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA"

[Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\IXP001.TMP\"
"UninstallString"=expand:"MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}"
"DisplayName"="Microsoft Visual C++ 2005 Redistributable"

[Uninstall\{7748ac8c-18e3-43bb-959b-088faea16fb2}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_15\"
"DisplayName"="Nero StartSmart"

[Uninstall\{77e33d87-255e-413e-9c8d-eed2a7f9bebf}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_71\"
"DisplayName"="Nero Live Help"

[Uninstall\{7829db6f-a066-4e40-8912-cb07887c20bb}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_22\"
"DisplayName"="Nero BurnRights"

[Uninstall\{7B694704-8D6C-4833-99E1-311A9788F61F}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{7B694704-8D6C-4833-99E1-311A9788F61F}\setup.exe\" -l0x10 UNINSTALL -removeonly"
"InstallSource"="F:\device\pdf manual\nw-s200 series\"
"DisplayName"="PDF Manual NW-S200 Series"

[Uninstall\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE\" -l0x10 -anything"
"DisplayName"="EPSON Web-To-Page"
"DisplayIcon"="C:\Programmi\EPSON\EPSON Web-To-Page\Setting.ico"

[Uninstall\{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeTypeSupport9-mul\"
"UninstallString"=expand:"MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"
"DisplayName"="Adobe Type Support CS4"

[Uninstall\{83202942-84b3-4c50-8622-b8c0aa2d2885}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_6\"
"DisplayName"="Nero Express"

[Uninstall\{83877DB1-8B77-45BC-AB43-2BAC22E093E0}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeBridge3All\"
"UninstallString"=expand:"MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"
"DisplayName"="Adobe Bridge CS4"

[Uninstall\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeSuiteSharedConfiguration-mul\"
"UninstallString"=expand:"MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"
"DisplayName"="Suite Shared Configuration CS4"

[Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
"InstallSource"="d:\035fb07c2cd0fb8de0265572\"
"UninstallString"=expand:"MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
"DisplayName"="MSXML 4.0 SP2 (KB954430)"

[Uninstall\{869200db-287a-4dc0-b02b-2b6787fbcd4c}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_57\"
"DisplayName"="Nero DiscSpeed"

[Uninstall\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}]
"UninstallString"="C:\Programmi\InstallShield Installation Information\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}\SETUP.EXE -runfromtemp -l0x0010 UNINST -removeonly"
"InstallSource"="E:\Easy Photo Print\"
"DisplayName"="Epson Easy Photo Print 2"
"DisplayIcon"="C:\Programmi\Epson Software\Easy Photo Print\EPQuicker.exe"

[Uninstall\{88E5FCB8-5F25-11D5-B16F-0800460222F0}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe\" -l0x10 UNINSTALL"

[Uninstall\{90120000-0010-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0010-0410-0000-0000000FF1CE}-C\"
"DisplayName"="Microsoft Software Update for Web Folders (Italian) 12"

[Uninstall\{90120000-0015-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0015-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Access MUI (Italian) 2007"

[Uninstall\{90120000-0016-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0016-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Excel MUI (Italian) 2007"

[Uninstall\{90120000-0018-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0018-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office PowerPoint MUI (Italian) 2007"

[Uninstall\{90120000-0019-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0019-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Publisher MUI (Italian) 2007"

[Uninstall\{90120000-001A-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-001A-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Outlook MUI (Italian) 2007"

[Uninstall\{90120000-001B-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-001B-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Word MUI (Italian) 2007"

[Uninstall\{90120000-001F-0407-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.de\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (German) 2007"

[Uninstall\{90120000-001F-0409-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.en\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (English) 2007"

[Uninstall\{90120000-001F-040C-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.fr\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (French) 2007"

[Uninstall\{90120000-001F-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.it\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (Italian) 2007"

[Uninstall\{90120000-002C-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proofing (Italian) 2007"

[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Enterprise 2007"

[Uninstall\{90120000-0044-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0044-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office InfoPath MUI (Italian) 2007"

[Uninstall\{90120000-006E-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-006E-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Shared MUI (Italian) 2007"

[Uninstall\{90120000-00A1-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-00A1-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office OneNote MUI (Italian) 2007"

[Uninstall\{90120000-00BA-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-00BA-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Groove MUI (Italian) 2007"

[Uninstall\{92524203-2dd3-4d16-85f6-cc2a21059962}]
"DisplayName"="Nero BackItUp 4"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M11-01CA-032E-01A5-AA9C-H44K-6T9U-X4HW\""

[Uninstall\{9311A75A-D83D-37B5-8D49-88E7F5AB2762}]
"InstallSource"="d:\17414968ed784d65bfedd40c6e7b3377\"
"UninstallString"=expand:"MsiExec.exe /I{9311A75A-D83D-37B5-8D49-88E7F5AB2762}"
"DisplayName"="Microsoft .NET Framework 3.5 Language Pack - ita"

[Uninstall\{931AB7EA-3656-4BB7-864D-022B09E3DD67}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeLinguisticsAll\"
"UninstallString"=expand:"MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}"
"DisplayName"="Adobe Linguistics CS4"

[Uninstall\{94D398EB-D2FD-4FD1-B8C4-592635E8A191}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeCMaps2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"
"DisplayName"="Adobe CMaps CS4"

[Uninstall\{9600B88C-BE14-4BEA-A529-F5F312900BA3}]
"InstallSource"="C:\Programmi\Samsung\Samsung PC Studio 3\{9600B88C-BE14-4BEA-A529-F5F312900BA3}\"
"DisplayName"="Samsung PC Studio 3"

[Uninstall\{982b26ad-ec19-487e-9145-c8a1d348d39b}]
"DisplayName"="mp3PRO Plug-in"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9C00-E0A2-98K1-294K-06XC-MX2C-X988\""

[Uninstall\{98a67610-a3b5-4098-a423-3708040026d3}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_14\"
"DisplayName"="\"Nero SoundTrax Help"

[Uninstall\{9A3EABC0-CA06-11D4-BF77-00104B130C19}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe\" -l0x10 UNINSTALL"
"DisplayName"="EPSON TWAIN 5"

[Uninstall\{9e82b934-9a25-445b-b8df-8012808074ac}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_10\"
"DisplayName"="Nero PhotoSnap"

[Uninstall\{A06275F4-324B-4E85-95E6-87B2CD729401}]
"InstallSource"="D:\Programmi Vari\Antivirus\Windows Defender\"
"UninstallString"=expand:"MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}"
"DisplayName"="Windows Defender"

[Uninstall\{a08cc3d3-4aec-4639-bfc4-009903389070}]
"DisplayName"="Nero MediaHome 4"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M06-019C-TTET-880Z-5PUM-6XA2-5MEC-35WM\""

[Uninstall\{a209525b-3377-43f4-b886-32f6b6e7356f}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_17\"
"DisplayName"="Nero WaveEditor"

[Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}]
"InstallSource"="d:\086351f3e98aa27c00\dotnetfx30\"
"UninstallString"=expand:"MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"
"DisplayName"="Microsoft .NET Framework 3.0 Service Pack 2"

[Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483]

[Uninstall\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_tpi_imagxpress-7.0.74.0\"
"DisplayName"="ImagXpress"

[Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource"="C:\Programmi\Google\Update\1.2.183.13\"
"UninstallString"=expand:"MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
"DisplayName"="Google Update Helper"

[Uninstall\{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}]
"InstallSource"="D:\Download\Emule\Nod\Nod 32 v4 Ita + patch\"
"DisplayName"="ESET NOD32 Antivirus"

[Uninstall\{AC76BA86-1040-7D70-7761-000000000004}]
"InstallSource"="E:\Adobe Acrobat 9 Pro Extended\Acrobat9\"
"DisplayName"="Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português"

[Uninstall\{AC76BA86-1040-7D70-7761-000000000004}{AC76BA86-1040-7D70-7761-000000000004}]
"DisplayIcon"="C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe,0"
"InstallSource"="E:\Adobe Acrobat 9 Pro Extended\Acrobat9\"
"DisplayName"="Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português"
"UninstallString"="msiexec /I {AC76BA86-1040-7D70-7761-000000000004}"

[Uninstall\{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_12\"
"DisplayName"="Nero Recode Help"

[Uninstall\{B100B05B-E290-41EF-9366-8BC4C76D7769}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe\" -l0x10 "

[Uninstall\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe\" -l0x10 "

[Uninstall\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_69\"
"DisplayName"="DolbyFiles"

[Uninstall\{B29AD377-CC12-490A-A480-1452337C618D}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeConnect-mul\"
"UninstallString"=expand:"MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}"
"DisplayName"="Connect"

[Uninstall\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_61\"
"DisplayName"="Advertising Center"

[Uninstall\{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobePhotoshop11-Core\"
"UninstallString"=expand:"MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"
"DisplayName"="Adobe Photoshop CS4"

[Uninstall\{B69CC1A5-0404-11D6-ABCB-005004C21D30}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe\" ADDREMOVEDLG"
"DisplayName"="EPSON Copy Utility"

[Uninstall\{b78120a0-cf84-4366-a393-4d0a59bc546c}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_62\"
"DisplayName"="Menu Templates - Starter Kit"

[Uninstall\{BB4E33EC-8181-4685-96F7-8554293DEC6A}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeOutputModuleAll\"
"UninstallString"=expand:"MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}"
"DisplayName"="Adobe Output Module"

[Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}]

[Uninstall\{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_63\"
"DisplayName"="Nero ControlCenter"

[Uninstall\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe\" -l0x10 "

[Uninstall\{C084BC61-E537-11DE-8616-005056806466}]
"InstallSource"="C:\WINDOWS\TEMP\7ZipSfx.000\"
"UninstallString"=expand:"MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}"
"DisplayName"="Google Earth"

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"InstallSource"="d:\086351f3e98aa27c00\dotnetfx20\"
"UninstallString"=expand:"MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"
"DisplayName"="Microsoft .NET Framework 2.0 Service Pack 2"

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043]

[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417]

[Uninstall\{C4A4722E-79F9-417C-BD72-8D359A090C97}]
"UninstallString"="\"C:\Programmi\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe\" -runfromtemp -l0x0010 -removeonly"
"InstallSource"="D:\Programmi Vari\Samsung PC Studio 3-1.1\Samsung_PC_Studio_322_HF1.exe"
"DisplayName"="Samsung PC Studio 3"
"DisplayIcon"="C:\Programmi\Samsung\Samsung PC Studio 3\Launcher.exe"

[Uninstall\{C52E3EC1-048C-45E1-8D53-10B0C6509683}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeDefaultLanguage2-mul\"
"UninstallString"=expand:"MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}"
"DisplayName"="Adobe Default Language CS4"

[Uninstall\{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_14\"
"DisplayName"="SoundTrax"

[Uninstall\{c884e85c-5611-404d-96e6-f5155a9152df}]
"DisplayName"="Gracenote Plug-in"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M0C-01A2-K817-3LK8-9X6M-WK3U-L942-3WE1\""

[Uninstall\{cc019e3f-59d2-4486-8d4b-878105b62a71}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_57\"
"DisplayName"="Nero DiscSpeed"

[Uninstall\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeCameraRaw5.0All\"
"UninstallString"=expand:"MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"
"DisplayName"="Photoshop Camera Raw"

[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]
"InstallSource"="C:\WINDOWS\TEMP\IXP052BF.tmp\dotnetfx35\x86\"
"UninstallString"=expand:"MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"
"DisplayName"="Microsoft .NET Framework 3.5 SP1"

[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003]

[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595]
"DisplayName"="Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\""

[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484]
"DisplayName"="Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\""

[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043]

[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707]
"DisplayName"="Update for Microsoft .NET Framework 3.5 SP1 (KB963707)"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\""

[Uninstall\{ce96f5a5-584d-4f8f-aa3e-9baed413db72}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_5\"
"DisplayName"="Nero CoverDesigner Help"

[Uninstall\{d025a639-b9c9-417d-8531-208859000af8}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_4\"
"DisplayName"="NeroBurningROM"

[Uninstall\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\D2F7DB6C-14D7-4748-8ED3-2CCF08C6CB9E\"
"UninstallString"=expand:"MsiExec.exe /X{D1E0E859-F46D-4708-A41D-ED90C0C1822A}"
"DisplayName"="Acronis True Image Home"

[Uninstall\{D3568156-59C3-42DF-A520-2C25B6706C91}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe\" -l0x9 "

[Uninstall\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe\" UNINSTALL"

[Uninstall\{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_13\"
"DisplayName"="Nero ShowTime"

[Uninstall\{dddf46cc-ee41-447b-aeaf-cc9d690676a1}]
"DisplayName"="DTS Plug-in"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9K00-0003-8M80-6320-5043-1458-XAA5\""

[Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\mia1\"
"DisplayName"="Ad-Aware"
"UninstallString"="C:\Documents and Settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe"

[Uninstall\{DF487E0B-8B2F-430B-A7F9-94DEF592555D}]
"InstallSource"="E:\sw_update\am\"
"UninstallString"=expand:"MsiExec.exe /I{DF487E0B-8B2F-430B-A7F9-94DEF592555D}"
"DisplayName"="RTC Client API v1.3 msm"

[Uninstall\{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_71\"
"DisplayName"="Nero Live"

[Uninstall\{E213C271-AEFA-481D-A9B4-914D88925B8D}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe\" -l0x10 "

[Uninstall\{E4848436-0345-47E2-B648-8B522FCDA623}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobePhotoshop11-Driver\"
"UninstallString"=expand:"MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}"
"DisplayName"="Adobe Photoshop CS4"

[Uninstall\{e498385e-1c51-459a-b45f-1721e37aa1a0}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_64\"
"DisplayName"="Movie Templates - Starter Kit"

[Uninstall\{e5c7d048-f9b4-4219-b323-8bdb01a2563d}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_19\"
"DisplayName"="Nero DriveSpeed"

[Uninstall\{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_17\"
"DisplayName"="Nero WaveEditor Help"

[Uninstall\{e8a80433-302b-4ff1-815d-fcc8eac482ff}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_30\"
"DisplayName"="Nero Installer"

[Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"InstallSource"="D:\Programmi Vari\Programmi per Masterizzare\Alcohol\Alcohol 120% v1.9.5.3105 + Crack\"
"UninstallString"=expand:"MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"
"DisplayName"="Alcohol 120%"

[Uninstall\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe\" ADDREMOVEDLG"
"DisplayName"="ScanToWeb"

[Uninstall\{F0E64E2E-3A60-40D8-A55D-92F6831875DA}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeSearchforHelp-mul\"
"UninstallString"=expand:"MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"
"DisplayName"="Adobe Search for Help"

[Uninstall\{f1861f30-3419-44db-b2a1-c274825698b3}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_50\"
"DisplayName"="Nero Disc Copy Gadget"

[Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\mia14E8.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mFileBagIDE.dll\bag\"
"UninstallString"=expand:"MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}"
"DisplayName"="Visual C++ 2008 x86 Runtime - (v9.0.30729)"

[Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01]
"DisplayName"="Visual C++ 2008 x86 Runtime - v9.0.30729.01"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=\"\""

[Uninstall\{f4041dce-3fe1-4e18-8a9e-9de65231ee36}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_63\"
"DisplayName"="Nero ControlCenter"

[Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
"InstallSource"="d:\cd1203da1da03402f35a20e99c43\"
"UninstallString"=expand:"MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}"
"DisplayName"="MSXML 4.0 SP2 (KB973688)"

[Uninstall\{f6bdd7c5-89ed-4569-9318-469aa9732572}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_hlp_22\"
"DisplayName"="Nero BurnRights"

[Uninstall\{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeExtendScriptToolkit3.0.0All\"
"UninstallString"=expand:"MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"
"DisplayName"="Adobe ExtendScript Toolkit CS4"

[Uninstall\{F93C84A6-0DC6-42AF-89FA-776F7C377353}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobePDFL9-mul\"
"UninstallString"=expand:"MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}"
"DisplayName"="Adobe PDF Library Files CS4"

[Uninstall\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe\" -l0x10 "

[Uninstall\{fbcdfd61-7dcf-4e71-9226-873ba0053139}]
"InstallSource"="C:\DOCUME~1\Biagio\IMPOST~1\Temp\NERO1002626\unit_app_20\"
"DisplayName"="Nero InfoTool"

[Uninstall\{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}]
"InstallSource"="D:\Download\Emule\Adobe\Adobe Photoshop CS4 Extended - Italiano - (da provare)\payloads\AdobeFontsAll\"
"UninstallString"=expand:"MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"
"DisplayName"="Adobe Fonts All"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

[Uninstall]

[Uninstall\BitTorrent]
"DisplayName"="BitTorrent"
"UninstallString"="C:\Programmi\BitTorrent\uninst.exe"
"DisplayIcon"="C:\Programmi\BitTorrent\bittorrent.exe"

[Uninstall\BitTorrent DNA]
"DisplayIcon"="C:\Programmi\DNA\btdna.exe,0"
"DisplayName"="DNA"
"UninstallString"="\"C:\Programmi\DNA\btdna.exe\" /UNINSTALL"

==========================================
Scan completed in 17,7 minutes
End of report

~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work

r16

Inviato: Tuesday, January 12, 2010 11:34:20 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Secondo il log, hai ancora l'MBR infetto.
E anche dei Rootkit.
Proviamo prima con Virit:
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)

autodidatta

Inviato: Wednesday, January 13, 2010 8:50:16 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ciao r16
Come mi hai suggerito ho fatto la scansione in modalita provvisoria con Virit il quale ha trovato un file infetto che non è riuscito ad eliminare

Problema dopo il PC non si è più avviato ne nel modo classico ne in modalita provvisoria ne nell'ultima versione funzionante.
cosa è successo?
Adesso ho ripristinato un backup del 29-12-09, pero mi dice che c'è ancora il virus Olmarik
Come faccio x ripulire il tutto?
Grazie

r16

Inviato: Wednesday, January 13, 2010 9:04:48 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Fai una nuova scansione con Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disabilita l'antivirus e chiudi la connessione.
Posta il log.

autodidatta

Inviato: Wednesday, January 13, 2010 9:13:48 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ok adesso lo faccio dopo ti posto il log

autodidatta

Inviato: Wednesday, January 13, 2010 9:50:28 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ciao r16 ecco il log

ComboFix 10-01-13.06 - Biagio 13/01/2010 21.38.20.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.522 [GMT 1:00]
Eseguito da: c:\documents and settings\Biagio\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Biagio\Dati applicazioni\Live Update.exe
c:\windows\box.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-13 al 2010-01-13 )))))))))))))))))))))))))))))))))))
.

2010-01-13 19:47 . 2010-01-13 19:47 -------- d-----w- c:\documents and settings\Biagio\Impostazioni locali\Dati applicazioni\ESET
2009-12-29 12:36 . 2009-12-29 12:36 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2009-12-29 11:59 . 2009-12-29 11:59 -------- d-----w- c:\programmi\ESET
2009-12-29 11:59 . 2009-12-29 11:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-12-29 11:14 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-12-29 11:14 . 2009-12-29 11:14 -------- d-----w- c:\programmi\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:33 . 2008-12-18 20:32 -------- d-----w- c:\documents and settings\Biagio\Dati applicazioni\DNA
2010-01-13 19:53 . 2008-12-18 20:32 -------- d-----w- c:\programmi\DNA
2009-12-29 11:42 . 2008-12-18 20:33 -------- d-----w- c:\documents and settings\Biagio\Dati applicazioni\BitTorrent
2009-12-29 11:42 . 2009-01-03 15:16 -------- d-----w- c:\programmi\eMule
2009-12-05 19:03 . 2009-01-19 19:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-05 19:03 . 2009-03-25 13:17 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-12-05 18:41 . 2009-12-05 18:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2009-12-05 18:41 . 2009-12-05 18:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-12-05 04:53 . 2009-12-05 04:53 9586784 ----a-w- c:\documents and settings\Biagio\Dati applicazioni\ashampoo_winoptimizer_2010_6.50_6585.exe
2009-12-05 04:53 . 2009-12-05 04:53 9586784 ----a-w- c:\documents and settings\Biagio\Dati applicazioni\ashampoo_winoptimizer_2010_6.50_6585.exe
2009-12-03 12:50 . 2009-06-02 13:42 -------- d-----w- c:\programmi\Google
2009-12-02 22:21 . 2009-09-22 17:10 3695616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-02 11:53 . 2001-08-31 11:00 80008 ----a-w- c:\windows\system32\perfc010.dat
2009-12-02 11:53 . 2001-08-31 11:00 480058 ----a-w- c:\windows\system32\perfh010.dat
2009-11-21 15:54 . 2008-04-13 17:13 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 11:41 . 2009-11-15 11:41 -------- d-----w- c:\programmi\UltraISO
2009-11-15 11:41 . 2009-11-15 11:41 -------- d-----w- c:\programmi\File comuni\EZB Systems
2009-11-04 18:48 . 2009-11-04 18:48 152576 ----a-w- c:\documents and settings\Biagio\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 19:42 . 2009-10-02 15:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 13:35 . 2009-10-29 13:35 2232 ----a-w- c:\windows\java\Packages\Data\NFBHFPB5.DAT
2009-10-29 13:35 . 2009-10-29 13:35 155995 ----a-w- c:\windows\java\Packages\5Z1BB7HV.ZIP
2009-10-29 13:35 . 2009-10-29 13:35 2678 ----a-w- c:\windows\java\Packages\Data\OVFR9BRT.DAT
2009-10-29 13:35 . 2009-10-29 13:35 2678 ----a-w- c:\windows\java\Packages\Data\VL7VFD77.DAT
2009-10-29 13:35 . 2009-10-29 13:35 2678 ----a-w- c:\windows\java\Packages\Data\O05V3HJN.DAT
2009-10-29 13:35 . 2009-10-29 13:35 2678 ----a-w- c:\windows\java\Packages\Data\MFJDBJDZ.DAT
2009-10-29 13:35 . 2009-10-29 13:35 2678 ----a-w- c:\windows\java\Packages\Data\KETFZ37T.DAT
2009-10-29 07:40 . 2008-11-14 11:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-13 17:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-13 17:13 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 09:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 15:52 . 2009-07-15 14:26 2353992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
.

------- Sigcheck -------

[-] 2008-04-13 09:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-11-14 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-11-13 323392]
"\\alicegate\EpsonStylusS21"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE" [2008-09-12 199680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"CARPService"="carpserv.exe" [2001-12-22 4608]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-05-19 4386216]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-05-19 961080]
"Servizio Acronis Scheduler2"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2009-05-19 377472]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\D-Link\Software Bluetooth\BTTray.exe [2005-7-26 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/07/2009 15.09.02 64160]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [28/07/2009 15.31.22 902592]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [06/02/2009 23.26.59 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [01/10/2009 15.06.40 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/10/2009 15.07.30 96408]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [01/10/2009 15.06.52 735960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22.34.37 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [01/01/2009 18.15.26 206096]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2009 17.56.57 717296]
S0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [06/02/2009 23.26.59 159616]
S2 EsetNod32Fix;Nod32 AV;c:\windows\regedit.exe [13/04/2008 18.14.18 151552]
S2 gupdate1c9e38bb56a2f10;Google Update Service (gupdate1c9e38bb56a2f10);c:\programmi\Google\Update\GoogleUpdate.exe [02/06/2009 15.09.10 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31/08/2001 12.00.00 3584]
S3 DfSdkS;Defragmentation-Service;c:\programmi\Ashampoo\Ashampoo WinOptimizer 2010\DfSdkS.exe [29/12/2009 12.14.14 406016]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [07/11/2009 23.01.40 167808]
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-02 14:08]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-02 14:08]

2010-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.msn.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\D-Link\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxp://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 21:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1708537768-2146663699-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2010-01-13 21:48:20
ComboFix-quarantined-files.txt 2010-01-13 20:48

Pre-Run: 59.345.952.768 byte disponibili
Post-Run: 59.347.173.376 byte disponibili

- - End Of File - - 871FE542762584F2C720355216DF2A1D

r16

Inviato: Wednesday, January 13, 2010 10:02:28 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Disistalla Ad-Aware .
Domanda:
il Nod32 è regolare?

autodidatta

Inviato: Wednesday, January 13, 2010 10:06:23 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

va bene distallo ad-aware, no non lo è
dopo cosa faccio

r16

Inviato: Wednesday, January 13, 2010 10:45:02 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Disistalla il Nod.
Finita la disistallazione fai girare questo tooll, che elimina eventuali "rimasugli":
http://www.nod32.nl/download/tool/nod32removal.exe

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica Avira:
http://www.aiutamici.com/software?ID=10908

Lo configuri esattamente come in questa guida, in formato PDF:

http://www.zeusnews.it/zz_upload/PSV/Guida%20completa%20di%20%20AVIRA%20Antivir%209.pdf

Le voci indicate nella prima immagine a pagina 11 della Guida, spuntale tutte (nell'immagine non lo sono).
Fai una scansione completa e posta il log

autodidatta

Inviato: Friday, January 15, 2010 7:13:25 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ciao r16, scusa il ritardo ma ieri ho avuto da fare, ho fatto come mi hai suggerito, Avira ha rilevato un infinita di virus di seguito ti invio il log.
Volevo chiederti in base alla tua esperienza e meglio nod 32 o avira?
Grazie

Avira AntiVir Personal
Data del file di report: giovedì 14 gennaio 2010 21:43

Ricerca di 1531014 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : BIAGIO-1E59A061

Informazioni sulla versione:
BUILD.DAT : 9.0.0.21 21699 Bytes 04/12/09 14:20:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/09 10:26:40
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/09 10:14:29
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/09 10:35:56
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/09 10:15:14
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/09 16:14:32
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/09 16:14:32
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/09 16:14:32
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/09 16:14:32
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/09 16:14:32
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/09 16:14:32
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/09 16:14:32
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/09 16:14:32
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/09 16:14:32
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/09 16:14:32
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/09 16:14:32
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/09 16:14:32
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/09 16:14:32
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/09 16:14:32
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/09 16:14:32
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/09 16:14:32
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/09 16:14:32
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/09 16:14:32
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/09 16:14:32
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/09 16:14:32
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/09 16:14:32
VBASE021.VDF : 7.10.2.131 201216 Bytes 07/01/10 16:14:32
VBASE022.VDF : 7.10.2.158 192000 Bytes 11/01/10 16:14:32
VBASE023.VDF : 7.10.2.186 200704 Bytes 14/01/10 16:14:32
VBASE024.VDF : 7.10.2.187 2048 Bytes 14/01/10 16:14:32
VBASE025.VDF : 7.10.2.188 2048 Bytes 14/01/10 16:14:32
VBASE026.VDF : 7.10.2.189 2048 Bytes 14/01/10 16:14:32
VBASE027.VDF : 7.10.2.190 2048 Bytes 14/01/10 16:14:32
VBASE028.VDF : 7.10.2.191 2048 Bytes 14/01/10 16:14:32
VBASE029.VDF : 7.10.2.192 2048 Bytes 14/01/10 16:14:32
VBASE030.VDF : 7.10.2.193 2048 Bytes 14/01/10 16:14:32
VBASE031.VDF : 7.10.2.195 30720 Bytes 14/01/10 16:14:32
Motore : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 14/01/10 16:14:32
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 14/01/10 16:14:32
AESCN.DLL : 8.1.3.1 127348 Bytes 14/01/10 16:14:32
AESBX.DLL : 8.1.1.1 246132 Bytes 14/01/10 16:14:32
AERDL.DLL : 8.1.3.4 479605 Bytes 14/01/10 16:14:32
AEPACK.DLL : 8.2.0.5 422262 Bytes 14/01/10 16:14:32
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 14/01/10 16:14:32
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 14/01/10 16:14:32
AEHELP.DLL : 8.1.10.0 237942 Bytes 14/01/10 16:14:32
AEGEN.DLL : 8.1.1.83 369014 Bytes 14/01/10 16:14:30
AEEMU.DLL : 8.1.1.0 393587 Bytes 14/01/10 16:14:30
AECORE.DLL : 8.1.9.5 184693 Bytes 14/01/10 16:14:30
AEBB.DLL : 8.1.0.3 53618 Bytes 14/01/10 16:14:30
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/08 07:48:02
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/09 14:14:06
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/09 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/08 14:25:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/09 14:05:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/09 09:37:12
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/09 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/09 07:21:38
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/08 14:41:28
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/09 13:11:50
RCTEXT.DLL : 9.0.73.0 87809 Bytes 03/11/09 07:16:42

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: elimina
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Avvio della scansione: giovedì 14 gennaio 2010 21:43

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Sono stati esaminati '32384' oggetti, sono stati rilevati '0' oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'alg.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'wuauclt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'StarWindService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'NBService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'McSACore.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jqs.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'E_S40RP7.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'E_S40ST7.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'btwdins.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'BTTray.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'schedul2.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ctfmon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'btdna.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'msmsgs.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'MCCITR~1.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'schedhlp.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TimounterMonitor.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'TrueImageMonitor.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'carpserv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'acrotray.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'acrobat_sl.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'MSASCui.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'GrooveMonitor.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'explorer.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ati2evxx.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'MsMpEng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ati2evxx.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '1' modulo(i) scansionato(i)
46 processi scansionati con '46' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!
Record master di avvio dell'Hard Disk 1
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'D:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 68 file ).

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\Qoobox\Quarantine\C\Documents and Settings\Biagio\Dati applicazioni\Live Update.exe.vir
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4bc58c95.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
C:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP599\A0086456.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/TDss.z.69120
[NOTA] È stato creato un backup con nome '4b7f8d7b.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
C:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP600\A0086478.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/TDss.z.69120
[NOTA] È stato creato un backup con nome '4b7f8d7d.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
C:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP602\A0087521.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4b7f8d80.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
C:\WINDOWS\system32\drivers\atapi.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Patched.Gen
[NOTA] È stato creato un backup con nome '4bb08fea.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
C:\WINDOWS\system32\drivers\sptd.sys
[AVVISO] Impossibile aprire il file!
Inizia con la scansione di 'D:\' <Disco locale>
D:\Biagio\circolare_migrzione ADSL.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc190a6.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Biagio\Floppy Vari\Vari Cri\mail\mailing.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb890b1.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Biagio\Manuali vari\dati_su_hard_disk.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc390b7.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Biagio\Manuali vari\harddisk.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc190b8.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Copertine\MXR0835 Pino Daniele.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4ba190b7.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\Cheavventura!!!\Che avventura!!!.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb490d2.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\uni-bios 1.3.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb890d9.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\bstars2.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc390de.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\goalx3.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb090db.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\gpilots.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb890dd.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\mslug.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbb90e1.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\mslug2.zip
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbb90e5.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\mslug3.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbb90ef.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\mslug4.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbb90f6.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\mslugx.zip
[0] Tipo di archivio: ZIP
--> keygen/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbb90ff.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\neogeo.zip
[0] Tipo di archivio: ZIP
--> keygen/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbe90f4.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\tturf.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc49104.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\NEOGEO\ROMs\turfmast.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc19105.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\Università\Macro_lezione19\macro_lez19.ZIP
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb290f5.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\Università\Matecomark\Temi d'esame\TEMI_D_ESAME_2005-2006.zip
[0] Tipo di archivio: ZIP
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4b9c90db.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Cri\Università\Matecomark\Temi d'esame\Prova 19-12\TEMI_19_DIC_06.zip
[0] Tipo di archivio: ZIP
--> patch/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4afb6dec.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Documenti C\File ricevuti\Pvauthor 3.3.1 + serial by shenmu - Convierte videos avi o mpg a formato 3gp o mp4 para ver en 62.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb0911d.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Documenti C\pendrive\chat1\conquerchat31.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbd9121.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Documenti C\pendrive\Forum\forum_app.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc19121.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Documenti C\pendrive\mail\mailing.zip
[0] Tipo di archivio: ZIP
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb89113.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Documenti C\pendrive\news\announce.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbd9120.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Nod 32 v 3.0.684 + Fix 1.2.rar
[0] Tipo di archivio: RAR
--> Nod 32 v 3.0.684 (Installato su C80 il 03-05-09)\Fix\TemDono FiX v1.2.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PSW.Delf.CRW
[NOTA] È stato creato un backup con nome '4bb3912a.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Realtek AC97 Audio CodecsDrivers v.6305 (6305_Vista_Win7_PG537.zip Windows x86 x64).zip
[0] Tipo di archivio: ZIP
--> setup.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Swizzor.IM.1
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb09146.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\EvID4226Patch223d-en(velocizzare emule).zip
[0] Tipo di archivio: ZIP
--> EvID4226Patch.exe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/Tool.EvID4226.A
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4b98915b.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\iTunes v7.0.0.70 Mac + Windows + QuickTime v7.1.3.90 + Pro Serial Key.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc4913d.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Convertitori\Convertitore File Videoper telefonini (Mp4-3Gp)\WinAvi\[Appl. - ITA] WinAVI - Convertitore Video (Il migliore in circolazione)(anche 3gp ed mp4)\WinAVI 3GP MP4 PSP iPod Video Converter v2.0\Crack\keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.93184.S
[NOTA] È stato creato un backup con nome '4bc8949c.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Driver\Realtek AC97 Audio CodecsDrivers v.6305 (6305_Vista_Win7_PG537.zip Windows x86 x64).zip
[0] Tipo di archivio: ZIP
--> setup.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Swizzor.IM.1
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb0949d.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Incompleti\003.part
[0] Tipo di archivio: RAR
--> ESET_Nod 32 v4.0.314 Smart Security 2009 (Patch a vita+Guide) By J4cK\Eset_Login_Viewer_v1.3.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Clicker.FV
[NOTA] È stato creato un backup con nome '4b8294fd.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Nero\Nero 9.4.13.2 Ultra Edition 2009 + Working Keygen [h33t]+%5B].rar
[0] Tipo di archivio: RAR
--> Keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen
[NOTA] È stato creato un backup con nome '4bc195a2.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Nokia N73\Telecomando Nokia n80 n73 n93 n70.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbb95ea.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Nokia N73\Temi Nokia N73.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbc95ef.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\powerquest_partition.magic_8.0.1_updater_it.zip
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc6965a.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Roxio\(Multilanguage) pro landscape 12 keygen.rar
[0] Tipo di archivio: RAR
--> Setup.exe
[1] Tipo di archivio: RSRC
--> Object
[2] Tipo di archivio: CAB (Microsoft)
--> NETPUM~1.EXE
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Agent.xyt
--> Install.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Genome.bjgv
[NOTA] È stato creato un backup con nome '4bc4964a.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Download\Emule\Roxio\Roxio Easy Media Creator 10 Suite Genuine iso + Keygen\CR-EMC10.EXE
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Delf.129024
[NOTA] È stato creato un backup con nome '4b7c964f.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\MP3\Senza Respiro\SR\07_Se penso a te.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bae9924.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Musica\24 Grana - Loop.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4b6f99da.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Musica\Blur.-.The.Best.of..zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc49a23.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Musica\[Hip Hop - Ita] Neffa - Neffa & I Messaggeri Della Dopa.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb89a4f.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Antivirus\registrycleaner_en.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb6a0a7.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Antivirus\Nod 32\Nod 32 AntiVirus 2009 + SERIAL.rar
[0] Tipo di archivio: RAR
--> Nod 32 AntiVirus 2009.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4bb3a0d2.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Antivirus\Nod 32\Nod 32 v4.rar
[0] Tipo di archivio: RAR
--> Nod 32 v 3.0.684\Fix\NOD32_v3_FiX_1.1-TemDono.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PSW.Delf.CRW
[NOTA] È stato creato un backup con nome '4bb3a0da.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Antivirus\RegCleaner 5.2\Regcleaner 5.2 2.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb6a0e5.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Pinnacle\Hollywood FX\All you need to activate Studio plus 10 & HFX 6\UnlockExtraFX.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbba1e6.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Pinnacle\Studio 10\Keygen+Patch\Pinnacle Studio 10 Generatore Chiavi Sblocco Effetti Funzionante.rar
[0] Tipo di archivio: RAR
--> keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Horse.CCN
[NOTA] È stato creato un backup con nome '4bbda271.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Creare File Cell\IntelliScore Polyphonic 6.3-full.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc3a308.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Duplicare DVD\Dvd fab platinum y gold 3.1.0.8 + crack\Gold\Res\DVDFabGold.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.dfcj
[NOTA] È stato creato un backup con nome '4b93a315.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Alcohol\Alcohol 120% v1.9.5.3105 + Crack\Patch3105.rar
[0] Tipo di archivio: RAR
--> Patch\patch_3105.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.69632.O
[NOTA] È stato creato un backup con nome '4bc3a323.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Dvd fab platinum y gold 3.1.0.8 + crack\Gold\Res\DVDFabGold.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.dfcj
[NOTA] È stato creato un backup con nome '4b93a31e.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Nero v9.4.26.0 + Keymake + Nero General Cleantool + Istruzioni.rar
[0] Tipo di archivio: RAR
--> Nero 9 Keymaker.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4bc1a341.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroBurningRom_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a352.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroBurnRights_Ita.zip
[0] Tipo di archivio: ZIP
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06dd3.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroControlCenter_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a354.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroCoverDesigner_Ita.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a353.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroDiscCopy_Ita.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06dd4.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroDriveSpeed_Ita.zip
[0] Tipo di archivio: ZIP
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a355.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroExpress_Ita.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06dd5.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroInfoTool_Ita.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a356.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroLive_Ita.zip
[0] Tipo di archivio: ZIP
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06dd7.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroPhotoSnap_Ita.zip
[0] Tipo di archivio: ZIP
--> keygen/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a358.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroRecode_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06dd9.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroRescueAgent_Ita.zip
[0] Tipo di archivio: ZIP
--> patch/patch.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a357.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroShowTime_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06dd8.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroSoundTrax_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a35a.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroStartSmart_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4aa06ddb.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroVision_Ita.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a359.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Manuali Nero 9\NeroWaveEditor_Ita.zip
[0] Tipo di archivio: ZIP
--> patch/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bc1a35c.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Programmi per Masterizzare\Nero\Nero v9.4.26.0 + Keymaker + Nero General Cleantool + Istruzioni (C20 03-01-10)\Nero 9 Keymaker.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4bc1a503.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Pulizia\Ashampoo WinOptimizer 2010 6.50.6585.rar
[0] Tipo di archivio: RAR
--> Ashampoo WinOptimizer 2010 6.50.6585 Multilanguage + SERIAL [h33t] [zwinxkie]\ ashampoo_winoptimizer_2010_6.50_6585.exe
[1] Tipo di archivio: NSIS
--> [UnknownShellDir]/Live Update.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4bb7a517.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Pulizia\Ashampoo WinOptimizer 2010 6.50.6585\ ashampoo_winoptimizer_2010_6.50_6585.exe
[0] Tipo di archivio: NSIS
--> [UnknownShellDir]/Live Update.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4bc2a50c.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\Pulizia\CCleaner\ccleaner.zip
[0] Tipo di archivio: ZIP
--> crack/crack.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbba50f.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\XP\Boot\boot_files.zip
[0] Tipo di archivio: ZIP
--> crack/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bbea538.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\Programmi Vari\XP\Boot\Ita - Bootsector Winxp (Boot Bin) Per Masterizzare Iso.zip
[0] Tipo di archivio: ZIP
--> keygen/keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Bagle.cez
[NOTA] È stato creato un backup con nome '4bb0a53d.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP49\A0009427.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4b7fa522.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP52\A0009861.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \Data\ENG\DhtmlEd.msi
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP52\A0009903.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \data1.hdr
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP52\A0009907.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \Data\ENG\DhtmlEd.msi
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP55\A0010054.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \Acrobat\AcrobatReader8.exe
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP55\A0010055.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \Data\ENG\DhtmlEd.msi
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP55\A0010056.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \Installs\pi11-en.exe
[1] Tipo di archivio: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
--> \PerfectImage.dbd
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{5BBCCFE9-9F84-416C-9293-B7EA8DE76CE8}\RP55\A0010060.exe
[0] Tipo di archivio: CAB SFX (self extracting)
--> \data1.hdr
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
[AVVISO] Nessun file ulteriore può essere estratto da questo archivio. L'archivio verrà chiuso
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP580\A0077736.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Swizzor.IM.1
[NOTA] È stato creato un backup con nome '4b7fa5a8.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP580\A0077746.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.Swizzor.IM.1
[NOTA] È stato creato un backup con nome '4b7fa5a9.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP594\A0084816.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.286505.A
[NOTA] È stato creato un backup con nome '4b7fa5ab.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP594\A0084817.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/HackAV.CU
[NOTA] È stato creato un backup con nome '48299c54.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP598\A0086450.exe
[0] Tipo di archivio: RSRC
--> Object
[1] Tipo di archivio: CAB (Microsoft)
--> codec.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PCK.Tdss.Z.496
[NOTA] È stato creato un backup con nome '4b7fa5b0.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP599\A0086462.exe
[0] Tipo di archivio: RAR SFX (self extracting)
--> keygen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/TDss.z.69120
--> Activation KeyGen.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/TDss.z.69120
[NOTA] È stato creato un backup con nome '4b7fa5b2.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP600\A0086474.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4b7fa5b8.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP603\A0088181.exe
[0] Tipo di archivio: NSIS
--> [UnknownShellDir]/setup.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
[NOTA] È stato creato un backup con nome '4b7fa5bf.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP603\A0088182.exe
[0] Tipo di archivio: NSIS
--> [UnknownShellDir]/setup.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.XPACK.Gen
[NOTA] È stato creato un backup con nome '4b7fa5c3.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086706.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
[NOTA] È stato creato un backup con nome '4b7fa5e3.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086707.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
[NOTA] È stato creato un backup con nome '4b7fa5e4.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086708.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Drop.Softomat.AN
[NOTA] È stato creato un backup con nome '48299c1d.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086709.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
[NOTA] È stato creato un backup con nome '4b7fa5e6.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086710.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
[NOTA] È stato creato un backup con nome '48299c1f.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086711.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
[NOTA] È stato creato un backup con nome '4b7fa5d8.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP606\A0086712.EXE
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Trash.Gen
[NOTA] È stato creato un backup con nome '48299c21.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP608\A0087942.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.93184.S
[NOTA] È stato creato un backup con nome '4b7fa5eb.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP608\A0087943.EXE
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Delf.129024
[NOTA] È stato creato un backup con nome '48299c14.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP608\A0087945.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.dfcj
[NOTA] È stato creato un backup con nome '4b7fa5ed.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP608\A0087946.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.dfcj
[NOTA] È stato creato un backup con nome '48299c16.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP608\A0087947.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4b7fa5ef.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP608\A0087948.exe
[0] Tipo di archivio: NSIS
--> [UnknownShellDir]/Live Update.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[NOTA] È stato creato un backup con nome '4b7fa5f0.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP609\A0087393.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.69632.O
[NOTA] È stato creato un backup con nome '48299c09.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP609\A0087396.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PSW.Delf.CRW
[NOTA] È stato creato un backup con nome '4b7fa5f2.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP609\A0087397.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PSW.Delf.CRW
[NOTA] È stato creato un backup con nome '48299c0b.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{6086BDFD-627A-4FC9-89EF-9AA61B0C2F13}\RP609\A0087398.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PSW.Delf.CRW
[NOTA] È stato creato un backup con nome '4b7fa5f4.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{F965E2F1-6F43-438A-B63B-221C4613CB60}\RP97\A0004423.exe
[0] Tipo di archivio: RSRC
--> Object
[1] Tipo di archivio: CAB (Microsoft)
--> IRWRNE~1.EXE
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PWS.1372160.8
--> NPNGWKUZ.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.128000
[NOTA] È stato creato un backup con nome '4b7faace.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.
D:\System Volume Information\_restore{F965E2F1-6F43-438A-B63B-221C4613CB60}\RP97\A0004424.exe
[0] Tipo di archivio: RSRC
--> Object
[1] Tipo di archivio: CAB (Microsoft)
--> IRWRNE~1.EXE
[RILEVAMENTO] Si tratta del cavallo di Troia TR/PWS.1372160.8
--> NPNGWKUZ.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.128000
[NOTA] È stato creato un backup con nome '4b7faacf.qua' ( QUARANTENA )
[NOTA] Il file è stato eliminato.

Fine della scansione: venerdì 15 gennaio 2010 00:38
Tempo impiegato: 2:55:10 Ora(e)

La scansione è stata completamente eseguita.

11117 Directory scansionate
1023150 I file sono stati scansionati
118 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
111 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
111 File spostati in quarantena
0 File rinominati
2 Impossibile scansionare i file
1023030 File non infetti
13917 Archivi scansionati
17 Avvisi
112 Note
32384 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

r16

Inviato: Friday, January 15, 2010 10:29:58 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

in base alla tua esperienza e meglio nod 32 o avira?

Nessun dubbio: meglio Avira.

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Scarica Findykill:
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
installa FindyKill .
chiudi tutte le eventuali applicazioni aperte (antivirus, firewall e programmi "residenti")
disconnettiti da Internet
sconnetti, fisicamente, il modem dal computer.
avvia il tool e digita F per impostare la lingua;
clicca su 2 - Suppression des fichiers infectieux (Eliminazione dei file infetti)
al termine dell'operazione verrà rilasciato un log: salvalo sul Desktop, e postalo qui.
P.S:
Potranno esserci dei riavvii, non preoccuparti, è il programma che stà lavorando.

Fai anche questa:
Scarica elibagla : http://www.zonavirus.com/datos/descargas/95/elibagla.asp scorri a fondo pagina e clicca su "descargar elibagla".
Salva il file sul desktop
IMPORTANTE: Disconnettiti da internet e disattiva il tuo antivirus.
Doppio click sull'icona Elibagla.exe per avviare il programma.
Assicurati che la casella "Eliminar Ficheros Automaticamente" sia spuntata, e clicca sul pulsante "Explorar".
Posta il log che troverai in C:\InfoSat.txt

autodidatta

Inviato: Saturday, January 16, 2010 10:37:24 AM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ciao r16
ho eseguito le istruzioni che mi hai suggerito, di seguito ci sono i 2 log.
Ti volevo chiedere cosa ne pensi della protezione antivirus che offre Alice?
Grazie

############################## | FindyKill V5.024 |

# User : Biagio (Administrators) # BIAGIO-1E59A061
# Update on 09/01/2010 by El Desaparecido
# Start at: 9.37.06 | 16/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 74,5 Go (55,63 Go free) # NTFS
# D:\ # Disco rigido locale # 298,09 Go (70,61 Go free) [Disco locale] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM
# G:\ # Disco CD-ROM
# I:\ # Disco CD-ROM

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

################## | C: |

################## | C:\WINDOWS |

################## | C:\WINDOWS\Prefetch |

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Biagio\Dati applicazioni |

################## | Other deleting ... |

################## | Temporary Internet Files |

################## | Registry |

################## | State |

# Safe boot mode : OK

# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH |

################## | Cracks > Keygens > Serials |

"C:\Programmi\WinZip\Keygen.Exe"
19/07/2001 03.00 |Size 9216 |Crc32 e2f9a203 |Md5 e3d94e0ef33835fe3b54cd6f5e64a245

"D:\Download\Emule\Ad-Aware 2009 Pro v8\cracked\lavalicense.dll"
28/09/2009 20.47 |Size 643435 |Crc32 9a274dd7 |Md5 989393221c9a8a037d74bd14333adeff

"D:\Download\Emule\Ad-Aware 2009 Pro v8\cracked\lavalicense.exe"
28/09/2009 20.48 |Size 372646 |Crc32 ec520045 |Md5 d627e6f0a7516f8bd660ee373139d76d

"D:\Download\Emule\Adobe\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso)\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL)\AutoPlay.exe"
06/05/2008 13.23 |Size 189808 |Crc32 43452456 |Md5 35eebdd7b2b6f6f331bb8f38085c8c04

"D:\Download\Emule\Adobe\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso)\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL)\Adobe Acrobat 9 Pro Extended\Setup.exe"
12/06/2008 10.10 |Size 308584 |Crc32 25d71a9d |Md5 ddaa49896b115fc3ec9af8b1b66bc52a

"D:\Download\Emule\Adobe\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso)\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL)\Adobe Acrobat 9 Pro Extended\Acrobat9\Setup.exe"
12/06/2008 10.10 |Size 341352 |Crc32 5c72761f |Md5 e5b38b9828293047f0352f7a38a22fb1

"D:\Download\Emule\Adobe\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso)\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL)\Adobe Acrobat 9 Pro Extended\Acrobat9\WindowsInstaller-KB893803-v2-x86.exe"
21/09/2005 22.01 |Size 2585872 |Crc32 58b8154b |Md5 342f79337765760ad4e392eb67d5ed2c

"D:\Download\Emule\Adobe\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso)\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL)\_crack\FormDesigner.exe"
25/06/2008 18.13 |Size 3601408 |Crc32 2f0b284c |Md5 7669b3601f866150759d61d57cc60d96

"D:\Download\Emule\Convertitori\Convertitore File Videoper telefonini (Mp4-3Gp)\WinAvi\WinAVI Video Converter 8.0 FINAL Incl. Serials [25-05-07]\WinAVI_Video_Converter.exe"
25/05/2007 10.36 |Size 4526458 |Crc32 6b6de3c9 |Md5 f02ed492754a365a0158daa6d0de33ad

"D:\Download\Emule\Convertitori\WinAVI Video Converter 9.0+ Serial - Last Version\quicktimealt147.exe"
09/12/2007 13.06 |Size 8981779 |Crc32 74ee2d2e |Md5 879930c8134727d6942be475f3c4d83d

"D:\Download\Emule\Google\Google Earth Pro 2009 Gold+Google Earth 5 + crack__by_chucky\Google Earth Pro 2009 Gold+Google Earth 5 + crack__by_chucky\Google Earth 5\Google_Earth_CZXV.exe"
16/03/2009 21.57 |Size 512600 |Crc32 d26e3acd |Md5 ca0fde32f0a7b333949335cfe533027d

"D:\Download\Emule\Google\Google.Earth.Pro.Original.2008.+.Crack (installato)\GoogleEarthWinProSetup.exe"
29/08/2007 10.42 |Size 20904672 |Crc32 963ede26 |Md5 ca1e22f162e2b6823de4f47918af013a

"D:\Download\Emule\Google\Google_Earth_Pro_2008+Crack\GoogleEarthWinProSetup.exe"
06/02/2008 08.57 |Size 20904672 |Crc32 963ede26 |Md5 ca1e22f162e2b6823de4f47918af013a

"D:\Download\Emule\Google\Google_Earth_Pro_2008+Crack\Google_Earth_BZXV.exe"
06/02/2008 08.57 |Size 13413048 |Crc32 7acc31e8 |Md5 2c06c0ab3e6839c6686e32cc712011df

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\Setup.exe"
11/08/2000 04.17 |Size 165888 |Crc32 801bf200 |Md5 c63ed941cf9d3ddb78f2b8b7ea9f1eb8

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\CHKDSK.EXE"
30/03/2001 13.38 |Size 59471 |Crc32 4cabf4c7 |Md5 53545bed66d627e5403c6a34c090c6ed

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\EMM386.EXE"
30/03/2001 13.38 |Size 179583 |Crc32 19be7158 |Md5 da5fd1ab76171ca857d76df1ccf748db

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE"
30/03/2001 13.38 |Size 32768 |Crc32 796d1df6 |Md5 d4a997aca446bd7e58827002888587a5

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE"
30/03/2001 13.38 |Size 57344 |Crc32 1e7d5e09 |Md5 09edb7b5c7961da474555e763d80529f

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE"
30/03/2001 13.38 |Size 57856 |Crc32 2eb70a00 |Md5 341b379b0508949603af82ea59bd821d

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\NWCDEX.EXE"
30/03/2001 13.38 |Size 21756 |Crc32 1a99ba16 |Md5 c9c13316344a1c0645f21de0184ec1c7

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\PQBOOT.EXE"
16/09/2002 00.45 |Size 94642 |Crc32 7153784e |Md5 7dc532ec2becaed20196f17b4846e741

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE"
20/07/2001 14.27 |Size 501760 |Crc32 ccd983ed |Md5 27c4a902e350258d381ca6748a106862

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\restrmbr.exe"
30/03/2001 13.39 |Size 41150 |Crc32 fe10449c |Md5 e79856db39d11a1b563cf6505392442d

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Rescueme\DOSYSTEM\WRPROG.EXE"
16/09/2002 00.45 |Size 70768 |Crc32 fbee0387 |Md5 8138f4af0a56d4914a05c6d80d401894

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Setup\instmsia.exe"
11/03/2002 08.45 |Size 1708856 |Crc32 3ccaccf9 |Md5 43f7305c2e5dd4a8f3c5abeb2ffe4833

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Setup\instmsiw.exe"
11/03/2002 09.06 |Size 1822520 |Crc32 be716ace |Md5 61a5fb191ae2ae876db31dcce75e4183

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\BTMagic\Setup\setup.exe"
16/09/2002 02.32 |Size 217088 |Crc32 f65c3c22 |Md5 398e59f9d5ef35a05d2e19481db3ae25

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\DKeeper\instmsia.exe"
11/03/2002 08.45 |Size 1708856 |Crc32 3ccaccf9 |Md5 43f7305c2e5dd4a8f3c5abeb2ffe4833

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\DKeeper\instmsiw.exe"
11/03/2002 09.06 |Size 1822520 |Crc32 be716ace |Md5 61a5fb191ae2ae876db31dcce75e4183

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\DKeeper\setup.exe"
15/09/2002 22.03 |Size 217088 |Crc32 ecbf0d49 |Md5 77fe479fbca5d138bd726b9a8718e963

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\Setup.exe"
11/08/2000 04.17 |Size 165888 |Crc32 801bf200 |Md5 c63ed941cf9d3ddb78f2b8b7ea9f1eb8

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\CHKDSK.EXE"
30/03/2001 13.38 |Size 59471 |Crc32 4cabf4c7 |Md5 53545bed66d627e5403c6a34c090c6ed

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\EMM386.EXE"
30/03/2001 13.38 |Size 179583 |Crc32 19be7158 |Md5 da5fd1ab76171ca857d76df1ccf748db

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\FLOPPY.EXE"
30/03/2001 13.38 |Size 32768 |Crc32 796d1df6 |Md5 d4a997aca446bd7e58827002888587a5

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\FLOPPY9x.EXE"
30/03/2001 13.38 |Size 57344 |Crc32 1e7d5e09 |Md5 09edb7b5c7961da474555e763d80529f

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\FLOPPYME.EXE"
30/03/2001 13.38 |Size 57856 |Crc32 2eb70a00 |Md5 341b379b0508949603af82ea59bd821d

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\NWCDEX.EXE"
30/03/2001 13.38 |Size 21756 |Crc32 1a99ba16 |Md5 c9c13316344a1c0645f21de0184ec1c7

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Rescueme\DOSYSTEM\PTEDIT32.EXE"
16/09/2002 01.24 |Size 503808 |Crc32 aa3e7496 |Md5 7f7f39b5b57971f17291dfd10f01207b

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Setup\instmsia.exe"
11/03/2002 08.45 |Size 1708856 |Crc32 3ccaccf9 |Md5 43f7305c2e5dd4a8f3c5abeb2ffe4833

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Setup\instmsiw.exe"
11/03/2002 09.06 |Size 1822520 |Crc32 be716ace |Md5 61a5fb191ae2ae876db31dcce75e4183

"D:\Download\Emule\Partition\Partition Magic 8.01+ seriale ITA\Setup\setup.exe"
16/09/2002 17.51 |Size 217088 |Crc32 eb640fc5 |Md5 057f8a8b8db789bfc4164dd4cfc1b3c5

"D:\Download\Emule\Pro Landscape V11.2key\keygen.exe"
29/04/2005 13.12 |Size 48128 |Crc32 b91e572e |Md5 c35287e75ac274081f4ad597cf4e534e

"D:\Download\Emule\Winrar\WinRAR.v3.90.Keyfile.Maker.Only-FFF\Keygen.exe"
20/08/2009 10.02 |Size 202240 |Crc32 9469bdab |Md5 19514e0615731fddc85fb79e08ab216a

"D:\Giochi\crack gta vice city\gta-vc.exe"
16/05/2003 20.27 |Size 3088896 |Crc32 e103192e |Md5 16094566bdaac10c7f9cc10beeac7ae8

"D:\Natale\3D Merry Christmas Screensaver + Crack\merrychristmas.exe"
06/12/2006 21.16 |Size 12339511 |Crc32 c7abe63d |Md5 de3502909363a34c9a8b2fb80e9a1176

"D:\Programmi Vari\Adobe\Acrobat Professional 7\KeyGen.exe"
27/12/2003 18.23 |Size 332288 |Crc32 43c328e1 |Md5 3b8dc85d087f509f8ca4dd726a4a91a2

"D:\Programmi Vari\Adobe\Acrobat Professional 9\_crack\FormDesigner.exe"
25/06/2008 18.13 |Size 3601408 |Crc32 2f0b284c |Md5 7669b3601f866150759d61d57cc60d96

"D:\Programmi Vari\Antivirus\Ad-Aware\Ad aware Pro Anniversary Edition 2009\Crack+adware+2009\Ad-AwareAE.exe"
19/01/2009 14.58 |Size 34543112 |Crc32 d75c5cd9 |Md5 6ef4f650afdc2468907a5a2d9868c316

"D:\Programmi Vari\Antivirus\Spyware Doctor\Crack\Update.exe"
01/05/2008 03.45 |Size 1794048 |Crc32 6fe390b6 |Md5 3ac5ae179c32df28c24c709cbc1dda85

"D:\Programmi Vari\Antivirus\Zone Alarm\keygen.exe"
01/09/2006 13.27 |Size 68096 |Crc32 d7a5f135 |Md5 e7a169e1e6af9d5fb9277b169b8dd4ce

"D:\Programmi Vari\Converitori\Any Video Converter Professional v2.2.3+crack\any-video-converter.exe"
27/08/2007 09.30 |Size 15735792 |Crc32 5e70bf05 |Md5 55ab514cda955593b72fe64e2da7a9aa

"D:\Programmi Vari\Converitori\Converter PDF to DOC 3.0 + Keygen\Solid.Convert PDF 3.0 Installato\solidconverterpdf.exe"
01/12/2005 05.44 |Size 14790152 |Crc32 a419ec93 |Md5 5284ab85bcd9c5d889e2151bb92cff24

"D:\Programmi Vari\Daemon Tools\Daemon Tools 4.0 + crack\Daemon Tools 4.0 + crack\Daemon.Tools.v.4.0.exe"
21/11/2005 11.43 |Size 1466776 |Crc32 812c140b |Md5 bf51e181e1c1321d426e9dca7fd4378f

"D:\Programmi Vari\Microangelo v.5.58 ITA+Crack\mike558.exe"
07/01/2004 18.32 |Size 3533195 |Crc32 fcbae231 |Md5 b84a60e6caaf91e5c8de9f8aa1b57ec2

"D:\Programmi Vari\Microangelo v.5.58 ITA+Crack\crack\animator.exe"
01/05/2003 16.33 |Size 380928 |Crc32 f8433812 |Md5 a0e28d2401bc8f9dcd699d75a6919c58

"D:\Programmi Vari\Microangelo v.5.58 ITA+Crack\crack\librarian.exe"
01/05/2003 16.33 |Size 221184 |Crc32 b66af26d |Md5 b9b127b56877b2a18181bdd12200ba81

"D:\Programmi Vari\Microangelo v.5.58 ITA+Crack\crack\muapanel.exe"
01/05/2003 16.33 |Size 225280 |Crc32 c7808306 |Md5 a4d7aa01e067a1341c46f6f325347d09

"D:\Programmi Vari\Microangelo v.5.58 ITA+Crack\crack\muexplor.exe"
01/05/2003 16.33 |Size 118784 |Crc32 e61c6d49 |Md5 1d2285aa149e28e364c185f94c456548

"D:\Programmi Vari\Microangelo v.5.58 ITA+Crack\crack\studio.exe"
01/05/2003 16.34 |Size 528384 |Crc32 2ada9ef0 |Md5 28f8786d02a198df47f26da4ec71d80a

"D:\Programmi Vari\Pinnacle\Studio 10\Keygen+Patch\Patch Studio 10\StudioPatch10_1.exe"
23/11/2005 08.22 |Size 62746758 |Crc32 9037082e |Md5 a545d279f9e117ac7585df696adb5f22

"D:\Programmi Vari\Pinnacle\Studio 10\Keygen+Patch\Patch Studio 10\StudioPatch10_1_2_2150d.exe"
13/02/2006 00.05 |Size 63710427 |Crc32 c87a6a15 |Md5 d6eabbf39dd52beb88fc3834710da519

"D:\Programmi Vari\Pinnacle\Studio 10\Keygen+Patch\Patch Studio 10\Studiopatch10_7_0.exe"
25/11/2006 15.47 |Size 95664832 |Crc32 965d51e7 |Md5 eb79ffe939c10bccfd9ea2ab14eaf7f1

"D:\Programmi Vari\Programmi per Etichette\CDEdit\CDEdit 1.14+Keygen\CDEdit114.exe"
06/11/2002 12.58 |Size 979374 |Crc32 0cf909e3 |Md5 b2cae824e917298b86654c9999baaf91

"D:\Programmi Vari\Programmi per Etichette\CDEdit\CDEdit 1.14+Keygen\Keygen.exe"
27/06/2002 19.06 |Size 80896 |Crc32 a3c5a70e |Md5 750ab0cb18fd960a436cf295f1b02f90

"D:\Programmi Vari\Programmi per Etichette\CDEdit\CDEdit 114 Ita\Keygen.exe"
27/06/2002 19.06 |Size 80896 |Crc32 a3c5a70e |Md5 750ab0cb18fd960a436cf295f1b02f90

"D:\Programmi Vari\Programmi per Backup\Ghost\Norton Ghost14 ita + seriale\NGH140_AllWin_ItalianTryBuy30.exe"
07/06/2008 08.15 |Size 93589480 |Crc32 8f88e878 |Md5 61d24a1c4e011536fc5a4b29301f446f

"D:\Programmi Vari\Programmi per Creare File Cell\Magix Melody Maker 100 ITA\keygen.exe"
15/04/2005 16.26 |Size 75264 |Crc32 190a4f14 |Md5 bce281c07cefc119fa909dcee74bf032

"D:\Programmi Vari\Programmi per Creare File Cell\Melody Maker\keygen.exe"
15/04/2005 17.26 |Size 75264 |Crc32 190a4f14 |Md5 bce281c07cefc119fa909dcee74bf032

"D:\Programmi Vari\Programmi per Disinstallare\Total Uninstall 5.1.0 Inc Serial\Total-Uninstall-Setup-5.1.0.exe"
18/01/2009 09.59 |Size 4555232 |Crc32 ff53d8eb |Md5 259e961978ca7ebf68b140eee287312a

"D:\Programmi Vari\Programmi per Duplicare DVD\Any DVD\AnyDVD 5.3.2.1\crack\Slysoft.exe"
14/07/2005 02.41 |Size 126976 |Crc32 e44412e4 |Md5 a9ea0204d9895d709c865a4b55f090b2

"D:\Programmi Vari\Programmi per Duplicare DVD\Any DVD\AnyDVD 6.3.0.3.Final\Crack\AnyDVD.exe"
21/12/2007 04.34 |Size 1649600 |Crc32 b59705c7 |Md5 8fa3f1f56abc805de1da05857dbf0ec3

"D:\Programmi Vari\Programmi per Duplicare DVD\Dvd fab platinum y gold 3.1.0.8 + crack\Gold\DVDFabGold3108.exe"
04/05/2007 16.41 |Size 3361964 |Crc32 e5055e52 |Md5 c351d62a8955421a8bf0ce8a0528e68d

"D:\Programmi Vari\Programmi per Duplicare DVD\Dvd fab platinum y gold 3.1.0.8 + crack\Platinium\DVDFabPlatinum3108.exe"
04/05/2007 16.41 |Size 6271066 |Crc32 8afab868 |Md5 1903abc3c42b1a02c52a6a55aefc19ea

"D:\Programmi Vari\Programmi per Masterizzare\Any DVD\AnyDVD 6.3.0.3.Final\Crack\AnyDVD.exe"
21/12/2007 04.34 |Size 1649600 |Crc32 b59705c7 |Md5 8fa3f1f56abc805de1da05857dbf0ec3

"D:\Programmi Vari\Programmi per Masterizzare\Clone CD\Clone CD 5.0.3.1 + Crack\SetupCloneCD.exe"
15/10/2004 10.24 |Size 2298866 |Crc32 3b0a6389 |Md5 38ee2f0f3a6f9e4eedd2245316935e3f

"D:\Programmi Vari\Programmi per Masterizzare\Clone CD\Clone CD 5.0.3.1 + Crack\Crack 5.0.3.1\CloneCD.exe"
12/10/2004 18.51 |Size 1273344 |Crc32 ee2b86c0 |Md5 f02b4b89c0a320d16125569d53667969

"D:\Programmi Vari\Programmi per Masterizzare\Clone CD\Clone CD 5.4.0.5 Italiano + Crack + tutti i Profili (C20 il 04-01-10)\Clone CD 5.4.0.5\SetupCloneCD5045.exe"
10/12/2004 10.22 |Size 2302405 |Crc32 ffb2258a |Md5 0ed983e1a26d2362e09ddbeb9c919d9d

"D:\Programmi Vari\Programmi per Masterizzare\Clone CD\Clone CD 5.4.0.5 Italiano + Crack + tutti i Profili (C20 il 04-01-10)\Clone CD 5.4.0.5\Cura\CloneCD.exe"
10/12/2004 16.40 |Size 1277440 |Crc32 398bde5d |Md5 ea88f7d4ec188d7fe198670f32b020a3

"D:\Programmi Vari\Programmi per Masterizzare\Dvd fab platinum y gold 3.1.0.8 + crack\Gold\DVDFabGold3108.exe"
04/05/2007 16.41 |Size 3361964 |Crc32 e5055e52 |Md5 c351d62a8955421a8bf0ce8a0528e68d

"D:\Programmi Vari\Programmi per Masterizzare\Dvd fab platinum y gold 3.1.0.8 + crack\Platinium\DVDFabPlatinum3108.exe"
04/05/2007 16.41 |Size 6271066 |Crc32 8afab868 |Md5 1903abc3c42b1a02c52a6a55aefc19ea

"D:\Programmi Vari\Programmi per Masterizzare\Nero\Nero 7.5.1.1 Premium Suite\keygen.exe"
21/09/2006 13.29 |Size 123904 |Crc32 8012df48 |Md5 c3383f89424824170a4fa4413e74e44d

"D:\Programmi Vari\Programmi per Recupero dati\File Scavenger Ita v3.2. l +Crack\32fsit32.exe"
14/07/2008 12.15 |Size 930888 |Crc32 83508af7 |Md5 cd3a243fd4101ed2f2af9f1a9d5bc660

"D:\Programmi Vari\Quick Time\Quick Time Pro 7.0.3.25 multilingual + serial\QuickTimeInstaller.exe"
27/10/2005 08.40 |Size 20221720 |Crc32 0bad6fff |Md5 cc7b6886a81837e3cc23d6c56e3a4784

"D:\Programmi Vari\Windows Internet Explorer\Internet Explorer 7 Ita + crack\IE7-WindowsXP-x86-ita.exe"
01/01/2002 06.50 |Size 14776112 |Crc32 a43ff040 |Md5 b03393b214f0e1b954185e07fb2c39a3

"D:\Programmi Vari\Winrar\WinRar 3.7.1 Final Ita. + Crack\WRar371it.exe"
24/09/2007 10.25 |Size 1256386 |Crc32 98ea9dfb |Md5 2f723a82d20ee67b88025ef2d8564a84

################## | End of Report # FindyKill V5.024 ! |

(16-1-2010 9:20:51)
EliBagle v13.42 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 15 de Enero del 2010)

Lista de Acciones (por Acción Directa):

(16-1-2010 9:22:13)
EliBagle v13.42 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 15 de Enero del 2010)

Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 7843
Nº Total de Ficheros: 76655
Nº de Ficheros Analizados: 12873
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

r16

Inviato: Saturday, January 16, 2010 2:02:05 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

Ti volevo chiedere cosa ne pensi della protezione antivirus che offre Alice?

Nessun antivirus ti può proteggere con quello che scarichi. Sick

Sick

Tieniti stretto Avira, che ha già fatto il lavoro, che non ha fatto il Nod.

Poi fai una scansione con Kaspersky:
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
Installa KASPERSKY VIRUS REMOVAL TOOL sul Desktop:
Doppio click sul Setup.exe.
verrà creata una apposta cartella sul Desktop e comparirà la schermata iniziale del Tool.
imposta le aree che intendi scansionare (Startup Objects e Disk boot sector sono impostate di default) e clicca "SCAN"
al termine della scansione ti verrà chiesto di eliminare i file infetti.
Clicca sì.
salva il log che verrà rilasciato.

Clicca "Reports" poi - "Save to file" e per comodità salvalo sul Desktop.
Sarà un filelog lungo, per cui postalo così:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

autodidatta

Inviato: Saturday, January 16, 2010 9:56:54 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Ciao r16, dopo oltre 7 ore Kaspersky ha finito il suo lavoro, il log non era molto lungo, comunque ho fatto come mi hai detto tu e di seguito ti mando il log.
Senti a questo punto dici che il pc è stato ripulito o c'è ancora qualcosa xkè vorrei fare un backup
Un'altra cosa tutti i tool che ho usato posso disinstallarli o devo lasciarli insatallati?
Grazie

Log Kaspersky.txt

r16

Inviato: Saturday, January 16, 2010 10:05:20 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.

Commenta:

o c'è ancora qualcosa xkè vorrei fare un backup

backup di cosa......dei crack e Keygen, perchè hai paura di perderli?

Cos'è la lettera D:\
E' una partizione , un HD esterno, oppure una chiavetta?

autodidatta

Inviato: Saturday, January 16, 2010 10:30:47 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

la lettera D è un HD interno usato come archivio
Il backup lo faccio solo del disco C con i programmi e il SO

r16

Inviato: Saturday, January 16, 2010 10:36:43 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

la lettera D è un HD interno usato come archivio

Beh, sembra che quel HD sia pieno di schifezze.
Per cui, è consigliabile, che se vuoi fare il backup, di farlo solo in C:
Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
Postami un log di HJT, per una verifica.
Ma....il pc và così bene, da fare un backup?

autodidatta

Inviato: Saturday, January 16, 2010 10:46:11 PM

Rank: AiutAmico

Iscritto dal : 2/20/2005
Posts: 191

Sicuramente il backup lo faccio solo del disco C
ma adesso come adesso il disco C è pulito oppure c'è ancora qualcosa?
Cosa vuoi dire ma il PC va cosi bene da fare un backup?
Senti io ho un'altro HD con un'altro SO operativo se lo metto al posto di questo rischio di infetterlo?

r16

Inviato: Saturday, January 16, 2010 10:59:56 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

I backup, di solito si fanno, quando si è sicuri al 100% che il pc sia libero da virus.
E di solito, per essere sicuri, il backup, si fà dopo una formattazione con relativa reistallazione del S.O.
Adesso, visto, che saltano fuori, ogni tanto, infezioni, (a mio avviso da imputare all'HD interno) nuove, penso che sia più sensato formattare l'HD interno. (D:)
E' perfettamente inutile continuare a ripulire il disco C: se poi quando ti colleghi al disco D:, cominciano a partire fetecchie a tutto spiano.
Posta un log di HJT.

Utenti presenti in questo topic

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Olmarik.RF

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded