Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus/2

3 pages: 1 2 [3]

Virus/2

Opzioni

Topic Precedente · Topic Sucessivo

r16

Inviato: Wednesday, December 02, 2009 10:19:32 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

faccio una scansione con combo o ti posto i file sospetti?

Sì.

Torna in alto

icollaboratore

Inviato: Wednesday, December 02, 2009 10:42:14 PM

Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50

ecco Radix, poi ti posto combo.

USEC Radix V1, 0, 0, 9 [2009/11/29] at your service.
---- Check started at 2.12.2009 21:11:26 ----
Running on: Microsoft Windows NT 5.1 Build 2600 Service Pack 3
Number of Processors: 1, Active Processor Mask: 00000001
Processor: Intel Level 6 Revision 0D06
Allocation granularity: 00010000, Page granularity: 00001000
Application space: 00010000-7FFEFFFF
[X] Filter common false alarms.
21:11:26 - Performing check: "Alternate Data Streams":
This check can take some time depending on your harddisk size. You can interrupt it with the ESC key.

C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CB0AACC9:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\All Users\Documenti\Firefox\res\html\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\All Users\Documenti\Firefox\res\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\Pier Luigi\Dati applicazioni\Skype\Pictures\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Operazione completata.

C:\Documents and Settings\Pier Luigi\Desktop\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Documents and Settings\User\Documenti\File ricevuti\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.
[-] Error scanning file C:\hiberfil.sys: 0x05::0x06: Impossibile accedere al file. Il file è utilizzato da un altro processo.

[-] Error scanning file C:\pagefile.sys: 0x05::0x06: Impossibile accedere al file. Il file è utilizzato da un altro processo.

C:\Programmi\Microsoft Office\MEDIA\CAGCAT10\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Programmi\Skype\Toolbars\Internet Explorer\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Programmi\Windows Media Connect 2\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Programmi\Windows Media Player\Network Sharing\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\Programmi\Windows Media Player\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\ServicePackFiles\i386\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\SHELLNEW\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\system32\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\Web\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

C:\WINDOWS\Web\Wallpaper\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Accesso negato.

21 streams found.
21:16:59 - Performing check: "IRP hooks":
00 \Driver\Beep 84F5E030 Beep.SYS
01 \Driver\NDIS 85B30CE8 NDIS.sys
02 \Driver\KSecDD 85B31E78 KSecDD.sys
03 \Driver\eabfiltr 85029F38 EABFiltr.sys
04 \Driver\Mouclass 85A39968 mouclass.sys
05 \Driver\Raspti 85980030 raspti.sys
06 \Driver\avgio 850313C8 avgio.sys
07 \Driver\Fips 84F3E558 Fips.SYS
08 \Driver\Kbdclass 85AAE8D8 kbdclass.sys
09 \Driver\VgaSave 84F5EDC8 vga.sys
10 \Driver\NDProxy 85905B20 NDProxy.SYS
11 \Driver\Compbatt 85B49718 compbatt.sys
12 \Driver\wdmaud 850601E8 wdmaud.sys
13 \Driver\Ptilink 85981AA8 ptilink.sys
14 \Driver\MountMgr 85BE19C8 MountMgr.sys
15 \Driver\ohci1394 85BCB640 ohci1394.sys
15 >\Driver\NIC13944 85A89698 nic1394.sys
17 \Driver\isapnp 85BE13B0 isapnp.sys
18 \Driver\redbook 85A05B78 redbook.sys
19 \Driver\ialm 85A8F030 ialmnt5.sys
19 >\Driver\ACPI 85BAEA30 ACPI.sys
21 \Driver\atapi 85B4E460 atapi.sys
21 >\Driver\ACPIi 85BAEA30 ACPI.sys
20 >\Driver\Imapi 85A384C8 imapi.sys
22 >\Driver\PxHelp20 85B31030 PxHelp20.sys
23 >\Driver\Cdromp20 85A05F38 cdrom.sys
24 >\Driver\redbook0 85A05B78 redbook.sys
25 \Driver\HSF_DP 85A3CF38 HSF_DP.sys
25 >\Driver\winachsf 85A955F0 HSF_CNXT.sys
26 >\Driver\Modemhsf 859EC670 Modem.SYS
28 \Driver\RasAcd 84F5BF38 rasacd.sys
29 \Driver\{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} 85905C60 ialmkchw.sys
30 \Driver\PSched 859E2468 psched.sys
31 \Driver\RTL8023 85A842A0 Rtlnic51.sys
32 \Driver\IpNat 84F5F2E0 ipnat.sys
33 \Driver\SDTHelper 859DF598 sdthlpr.sys
34 \Driver\audstub 859E6D58 audstub.sys
35 \Driver\usbuhci 85B25DA0 usbuhci.sys
35 >\Driver\usbhubi 858FA6B0 usbhub.sys
37 \Driver\Win32k 859432E0 win32k.sys
36 \Driver\usbhub 858FA6B0 usbhub.sys
38 \Driver\swenum 85979208 swenum.sys
38 >\Driver\sysaudio 85A411E8 sysaudio.sys
26 \Driver\winachsf 85A955F0 HSF_CNXT.sys
26 >\Driver\Modemhsf 859EC670 Modem.SYS
40 \Driver\WudfPf 85B31748 WudfPf.sys
41 \Driver\HTTP 8593A520 HTTP.sys
42 \Driver\RDPCDD 8591B7B8 RDPCDD.sys
43 \Driver\Update 8597AA00 update.sys
44 \Driver\RasPppoe 859E38A0 raspppoe.sys
45 \Driver\HWiNFO32 85BD0DA0 HWiNFO32.SYS
39 \Driver\sysaudio 85A411E8 sysaudio.sys
46 \Driver\TermDD 85980450 termdd.sys
46 >\Driver\Mouclass 85A39968 mouclass.sys
27 \Driver\Modem 859EC670 Modem.SYS
47 \Driver\Ftdisk 85BE1640 ftdisk.sys
47 >\Driver\VolSnap 85B4E770 VolSnap.sys
49 \Driver\WmiAcpi 859E6030 wmiacpi.sys
50 \Driver\Rasl2tp 859E6278 rasl2tp.sys
51 \Driver\ACPIEC 85B48468 ACPIEC.sys
52 \Driver\PptpMiniport 859EC8D8 raspptp.sys
53 \Driver\WMIxWDM 85BE8AD0 ntoskrnl.exe
54 \Driver\ACPI_HAL 85BE8E18 hal.dll
54 >\Driver\ACPI_HAL 85BAEA30 ACPI.sys
55 \Driver\Arp1394 85919838 arp1394.sys
56 \Driver\NetBT 8591A828 netbt.sys
24 \Driver\Cdrom 85A05F38 cdrom.sys
24 >\Driver\redbook 85A05B78 redbook.sys
57 \Driver\mssmbios 85978030 mssmbios.sys
58 \Driver\PCIIde 85B73160 pciide.sys
58 >\Driver\ACPIde 85BAEA30 ACPI.sys
20 >\Driver\atapie 85B4E460 atapi.sys
59 \Driver\Pcmcia 85B48F38 pcmcia.sys
60 \Driver\Wanarp 859186A0 wanarp.sys
61 \Driver\Tcpip 84F59930 tcpip.sys
62 \Driver\mnmdd 84F5E160 mnmdd.SYS
48 \Driver\VolSnap 85B4E770 VolSnap.sys
63 \Driver\intelppm 85A94880 intelppm.sys
16 \Driver\NIC1394 85A89698 nic1394.sys
22 \Driver\Imapi 85A384C8 imapi.sys
22 >\Driver\PxHelp20 85B31030 PxHelp20.sys
23 >\Driver\Cdromp20 85A05F38 cdrom.sys
24 >\Driver\redbook0 85A05B78 redbook.sys
64 \Driver\Null 85005E68 Null.SYS
65 \Driver\{6080A529-897E-4629-A488-ABA0C29B635E} 85903770 ialmsbw.sys
66 \Driver\usbehci 85A8DF38 usbehci.sys
66 >\Driver\usbhubi 858FA6B0 usbhub.sys
67 \Driver\IPSec 84F5B698 ipsec.sys
68 \Driver\Disk 85B89030 disk.sys
69 \Driver\PCI 85B9D218 pci.sys
69 >\Driver\ACPI 85BAEA30 ACPI.sys
20 >\Driver\ohci1394 85BCB640 ohci1394.sys
70 \Driver\NdisTapi 859E5F38 ndistapi.sys
71 \Driver\NdisWan 859E5B88 ndiswan.sys
72 \Driver\Serial 85B30708 Serial.sys
73 \Driver\PartMgr 85B481D8 PartMgr.sys
74 \Driver\Gpc 85A3DE68 msgpc.sys
75 \Driver\HSFHWICH 859FC270 HSFHWICH.sys
75 >\Driver\HSF_DPCH 85A3CF38 HSF_DP.sys
25 >\Driver\winachsf 85A955F0 HSF_CNXT.sys
26 >\Driver\Modemhsf 859EC670 Modem.SYS
76 \Driver\{E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} 85AB0260 wA301a.sys
20 \Driver\ACPI 85BAEA30 ACPI.sys
77 \Driver\ip6fw 84FE5DA0 ip6fw.sys
78 \Driver\mdmxsdk 8597B250 mdmxsdk.sys
79 \Driver\CAMCAUD 85A95880 camcaud.sys
80 \Driver\PnpManager 85BEE480 ntoskrnl.exe
80 >\Driver\mssmbioser 85978030 mssmbios.sys
81 \Driver\AFD 84F40D28 afd.sys
82 \Driver\Ndisuio 85026F38 ndisuio.sys
83 \Driver\CAMCHALA 85A05180 camchal.sys
84 \Driver\SynTP 85A39618 SynTP.sys
84 >\Driver\eabfiltr 85029F38 EABFiltr.sys
85 \Driver\w29n51 85A94DA0 w29n51.sys
86 \Driver\VIRAGTLT 85B4EE70 VIRAGTLT.SYS
87 \Driver\avipbb 850653C8 avipbb.sys
88 \Driver\ssmdrv 84F40430 ssmdrv.sys
89 \Driver\i8042prt 85A8F6C0 i8042prt.sys
89 >\Driver\SynTPprt 85A39618 SynTP.sys
84 >\Driver\Mouclass 85A39968 mouclass.sys
23 \Driver\PxHelp20 85B31030 PxHelp20.sys
23 >\Driver\Cdromp20 85A05F38 cdrom.sys
24 >\Driver\redbook0 85A05B78 redbook.sys
90 \Driver\CmBatt 85A8F1A0 CmBatt.sys
91 \Driver\IntelIde 85B48030 intelide.sys
92 \FileSystem\Ntfs 85B313C0 Ntfs.sys
92 >\FileSystem\srfs 85B322A8 sr.sys
93 >\FileSystem\FltMgr 85B329D0 fltmgr.sys
95 \FileSystem\NetBIOS 84F41958 netbios.sys
93 \FileSystem\sr 85B322A8 sr.sys
93 >\FileSystem\FltMgr 85B329D0 fltmgr.sys
96 \FileSystem\Rdbss 84F40F38 rdbss.sys
97 \FileSystem\avgntflt 859B4AC8 avgntflt.sys
98 \FileSystem\Msfs 84F5ECD0 Msfs.SYS
99 \FileSystem\MRxSmb 8591A500 mrxsmb.sys
100 \FileSystem\Srv 85A73248 srv.sys
101 \FileSystem\Mup 85B30550 Mup.sys
102 \FileSystem\RAW 85BE82F8 ntoskrnl.exe
103 \FileSystem\Npfs 84F5DA90 Npfs.SYS
104 \FileSystem\Fs_Rec 85B7B928 Fs_Rec.SYS
105 \FileSystem\Cdfs 859C6A18 Cdfs.SYS
105 >\FileSystem\FltMgr 85B329D0 fltmgr.sys
94 \FileSystem\FltMgr 85B329D0 fltmgr.sys
106 \FileSystem\MpFilter 85007A58 MpFilter.sys
21:17:38 - Performing check: "Patched modules":
Module information:

Idx Base Size Module Service Pre Sig Patched
000 804D7000 00217600 ntoskrnl.exe YES NO
001 806EF000 00013D00 hal.dll YES NO
002 F7BAF000 00002000 KDCOM.DLL YES NO
003 F7ABF000 00003000 BOOTVID.dll YES NO
004 F7660000 0002E000 ACPI.sys ACPI YES NO
005 F7BB1000 00002000 WMILIB.SYS YES NO
006 F764F000 00011000 pci.sys PCI YES NO
007 F76AF000 0000A000 isapnp.sys isapnp YES NO
008 F76BF000 00010000 ohci1394.sys ohci1394 YES NO
009 F76CF000 0000E000 1394BUS.SYS YES NO
010 F7AC3000 00003000 compbatt.sys Compbatt YES NO
011 F7AC7000 00004000 BATTC.SYS BattC YES NO
012 F7C77000 00001000 pciide.sys PCIIde YES NO
013 F792F000 00007000 PCIIDEX.SYS YES NO
014 F7BB3000 00002000 intelide.sys IntelIde YES NO
015 F7631000 0001E000 pcmcia.sys Pcmcia YES NO
016 F76DF000 0000B000 MountMgr.sys MountMgr YES NO
017 F7612000 0001F000 ftdisk.sys Ftdisk YES NO
018 F7ACB000 00003000 ACPIEC.sys ACPIEC YES NO
019 F7C78000 00001000 OPRGHDLR.SYS YES NO
020 F7937000 00005000 PartMgr.sys PartMgr YES NO
021 F76EF000 0000B000 VIRAGTLT.SYS VIRAGTLT YES NO
022 F76FF000 0000E000 VolSnap.sys VolSnap YES NO
023 F75FA000 00018000 atapi.sys atapi YES NO
024 F770F000 00009000 disk.sys Disk YES NO
025 F771F000 0000D000 CLASSPNP.SYS YES NO
026 F75DA000 00020000 fltmgr.sys FltMgr YES NO
027 F75C8000 00012000 sr.sys sr YES NO
028 F772F000 00009000 PxHelp20.sys PxHelp20 YES YES
029 F75B1000 00017000 KSecDD.sys KSecDD YES NO
030 F759E000 00013000 WudfPf.sys WudfPf YES NO
031 F7511000 0008D000 Ntfs.sys Ntfs YES NO
032 F74E4000 0002D000 NDIS.sys NDIS YES NO
033 F74D3000 00011000 Serial.sys Serial YES NO
034 F74B9000 0001A000 Mup.sys Mup YES NO
035 F789F000 0000A000 intelppm.sys intelppm YES NO
036 F7B7B000 00004000 CmBatt.sys CmBatt YES NO
037 F7438000 00017000 ialmnt5.sys ialm YES NO
038 F7424000 00014000 VIDEOPRT.SYS YES NO
039 F79D7000 00006000 usbuhci.sys usbuhci YES NO
040 F7400000 00024000 USBPORT.SYS YES NO
041 F79DF000 00008000 usbehci.sys usbehci YES NO
042 F73EF000 00011000 Rtlnic51.sys RTL8023 YES NO
043 F71D3000 0021C000 w29n51.sys w29n51 YES NO
044 F78AF000 00010000 nic1394.sys NIC1394 YES NO
045 F78BF000 0000D000 i8042prt.sys i8042prt YES NO
046 F79E7000 00007000 kbdclass.sys Kbdclass YES NO
047 F719E000 00035000 SynTP.sys SynTP YES NO
048 F7BC9000 00002000 USBD.SYS YES NO
049 F79EF000 00006000 mouclass.sys Mouclass YES NO
050 F78CF000 0000B000 imapi.sys Imapi YES NO
051 F78DF000 00010000 cdrom.sys Cdrom YES NO
052 F78EF000 0000F000 redbook.sys redbook YES NO
053 F717B000 00023000 ks.sys YES NO
054 F7136000 00045000 camchal.sys CAMCHALA YES NO
055 F70EE000 00048000 camcaud.sys CAMCAUD YES NO
056 F70CA000 00024000 portcls.sys YES NO
057 F78FF000 0000F000 drmk.sys YES NO
058 F7097000 00033000 HSFHWICH.sys HSFHWICH YES NO
059 F6F99000 000FE000 HSF_DP.sys HSF_DP YES NO
060 F6EED000 000AC000 HSF_CNXT.sys winachsf YES NO
061 F79F7000 00008000 Modem.SYS Modem YES NO
062 F7B83000 00003000 wmiacpi.sys WmiAcpi YES NO
063 F7CA9000 00001000 audstub.sys audstub YES NO
064 F790F000 0000D000 rasl2tp.sys Rasl2tp YES NO
065 F7B87000 00003000 ndistapi.sys NdisTapi YES NO
066 F6ED6000 00017000 ndiswan.sys NdisWan YES NO
067 F791F000 0000B000 raspppoe.sys RasPppoe YES NO
068 F774F000 0000C000 raspptp.sys PptpMiniport YES NO
069 F79FF000 00005000 TDI.SYS YES NO
070 F6EC5000 00011000 psched.sys PSched YES NO
071 F775F000 00009000 msgpc.sys Gpc YES NO
072 F7A07000 00005000 ptilink.sys Ptilink YES NO
073 F7A0F000 00005000 raspti.sys Raspti YES NO
074 F776F000 0000A000 termdd.sys TermDD YES NO
075 F7BCB000 00002000 swenum.sys swenum YES NO
076 F6DC7000 0005E000 update.sys Update YES NO
077 F7B97000 00004000 mssmbios.sys mssmbios YES NO
078 F777F000 0000A000 NDProxy.SYS NDProxy YES NO
079 EED06000 00019000 ialmkchw.sys {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} YES NO
080 EECE8000 0001E000 ialmsbw.sys {6080A529-897E-4629-A488-ABA0C29B635E} YES NO
081 F77BF000 0000F000 usbhub.sys usbhub YES NO
082 EEACE000 00022000 MpFilter.sys MpFilter YES YES
083 F77FF000 0000C000 wA301a.sys {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} YES NO
084 F7C21000 00002000 Fs_Rec.SYS Fs_Rec YES NO
085 F7D15000 00001000 Null.SYS Null YES NO
086 F7C23000 00002000 Beep.SYS Beep YES NO
087 F7957000 00006000 vga.sys VgaSave YES NO
088 F7C25000 00002000 mnmdd.SYS mnmdd YES NO
089 F7C27000 00002000 RDPCDD.sys RDPCDD YES NO
090 F795F000 00005000 Msfs.SYS Msfs YES NO
091 F7967000 00008000 Npfs.SYS Npfs YES NO
092 F7B4B000 00003000 rasacd.sys RasAcd YES NO
093 EEA9B000 00013000 ipsec.sys IPSec YES NO
094 EEA42000 00059000 tcpip.sys Tcpip YES NO
095 EEA1A000 00028000 netbt.sys NetBT YES NO
096 EE9F8000 00022000 afd.sys AFD YES NO
097 F780F000 00009000 netbios.sys NetBIOS YES NO
098 F796F000 00006000 ssmdrv.sys ssmdrv YES YES
099 EE9CD000 0002B000 rdbss.sys Rdbss YES NO
100 EE935000 00070000 mrxsmb.sys MRxSmb YES NO
101 F782F000 0000B000 Fips.SYS Fips YES NO
102 EE90F000 00026000 ipnat.sys IpNat YES NO
103 F783F000 00009000 wanarp.sys Wanarp YES NO
104 F784F000 0000F000 arp1394.sys Arp1394 YES NO
105 F7C29000 00002000 EABFiltr.sys eabfiltr YES NO
106 EE853000 0001C000 avipbb.sys avipbb YES YES
107 F7C2D000 00002000 avgio.sys avgio YES YES
108 F6E45000 00010000 Cdfs.SYS Cdfs YES NO
109 EE83B000 00018000 dump_atapi.sys NO NO
110 F7C41000 00002000 dump_WMILIB.SYS NO NO
111 BF800000 001C4000 win32k.sys YES NO
112 F7467000 00003000 Dxapi.sys YES NO
113 F79B7000 00005000 watchdog.sys YES NO
114 BF9C4000 00012000 dxg.sys YES NO
115 F7D3F000 00001000 dxgthk.sys YES NO
116 BF9E4000 00022000 ialmdnt5.dll YES NO
117 BF9D6000 0000E000 ialmrnt5.dll YES NO
118 BFA06000 00031000 ialmdev5.DLL YES NO
119 BFA37000 0007C000 ialmdd5.DLL YES NO
120 BFFA0000 00046000 ATMFD.DLL YES NO
121 EE6E7000 00014000 avgntflt.sys avgntflt YES YES
122 EE6B3000 00004000 ndisuio.sys Ndisuio YES NO
123 F7C0D000 00002000 HWiNFO32.SYS HWiNFO32 YES NO
124 EE75B000 00009000 ip6fw.sys ip6fw YES NO
125 EE407000 00038000 tcpip6.sys YES NO
126 EE597000 00003000 mdmxsdk.sys mdmxsdk YES NO
127 EE2ED000 00052000 srv.sys Srv YES NO
128 EE030000 00015000 wdmaud.sys wdmaud YES NO
129 EE18D000 0000F000 sysaudio.sys sysaudio YES NO
130 EDD41000 00041000 HTTP.sys HTTP YES NO
131 EE9B1000 00004000 sdthlpr.sys SDTHelper YES NO
132 7C910000 000B8000 ntdll.dll YES NO

Number of Module Table entries patched = 0
21:18:28 - Performing check: "SDT hooks":
Found KiServiceTable @ 8055A220

0 ZwAcceptConnectPort 8058FDF3
1 ZwAccessCheck 805756D8
2 ZwAccessCheckAndAuditAlarm 80588D69
3 ZwAccessCheckByType 8059112E
4 ZwAccessCheckByTypeAndAuditAlarm 8058EE53
5 ZwAccessCheckByTypeResultList 806380EC
6 ZwAccessCheckByTypeResultListAndAuditAlarm 8063A27D
7 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 8063A2C6
8 ZwAddAtom 80573BFE
9 ZwAddBootEntry 806490BB
10 ZwAdjustGroupsToken 806378A7
11 ZwAdjustPrivilegesToken 8058E471
12 ZwAlertResumeThread 8062F9E8
13 ZwAlertThread 8057A76F
14 ZwAllocateLocallyUniqueId 80589CF8
15 ZwAllocateUserPhysicalPages 8062694D
16 ZwAllocateUuids 805DD3C1
17 ZwAllocateVirtualMemory 80569153
18 ZwAreMappedFilesTheSame 805D975F
19 ZwAssignProcessToJobObject 805A24CA
20 ZwCallbackReturn 804E2CB4
21 ZwCancelDeviceWakeupRequest 806490CF
22 ZwCancelIoFile 805C9B16
23 ZwCancelTimer 804ECFAC
24 ZwClearEvent 805697FF
25 ZwClose 80567A6D
26 ZwCloseObjectAuditAlarm 8058E8DF
27 ZwCompactKeys 8064E9B0
28 ZwCompareTokens 8058AAE8
29 ZwCompleteConnectPort 80590B3B
30 ZwCompressKey 8064EC1D
31 ZwConnectPort 80588DBB
32 ZwContinue 804E1FF2
33 ZwCreateDebugObject 8065A0C8
34 ZwCreateDirectoryObject 805A2892
35 ZwCreateEvent 8056FDBA
36 ZwCreateEventPair 806491C0
37 ZwCreateFile 8056F600
38 ZwCreateIoCompletion 80591387
39 ZwCreateJobObject 805AB1C0
40 ZwCreateJobSet 8062FE91
41 ZwCreateKey --[HOOKED]-- F7D3A656 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys

Information for module avipbb.sys:

Index: 106
Base address: EE853000
Size: 0001C000
Flags: 09104000
Load count: 1
Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys
Name: (null)
Version: 9.00.00.00
Company: Avira GmbH
File Version: 1.0.2.86
Description: Avira Driver for RootKit Detection
Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Signed: YES

258 ZwTerminateThread 8057B496
259 ZwTestAlert 8057BED4
260 ZwTraceEvent 80545B10
261 ZwTranslateFilePath 80648B5B
262 ZwUnloadDriver 80619C2E
263 ZwUnloadKey 8064DA6E
264 ZwUnloadKeyEx 8064DC97
265 ZwUnlockFile 8058999B
266 ZwUnlockVirtualMemory 80627225
267 ZwUnmapViewOfSection 80578606
268 ZwVdmControl 805B79C7
269 ZwWaitForDebugEvent 8065AA02
270 ZwWaitForMultipleObjects 805666C6
271 ZwWaitForSingleObject 8056617C
272 ZwWaitHighEventPair 806493F3
273 ZwWaitLowEventPair 80649387
274 ZwWriteFile 80576F4D
275 ZwWriteFileGather 805DA45D
276 ZwWriteRequestData 8058AA86
277 ZwWriteVirtualMemory 8057F198
278 ZwYieldExecution 804F0EA6
279 ZwCreateKeyedEvent 805CBD85
280 ZwOpenKeyedEvent 805829FC
281 ZwReleaseKeyedEvent 8064A1CB
282 ZwWaitForKeyedEvent 8064A466
283 ZwQueryPortInformationProcess 8062D52B

Number of Service Table entries hooked = 11
Number of Service Table entries patched = 0
21:18:54 - Performing check: "IDT hooks":
IDT offset in kernel: 0x0264D5A0
IDT address: 0x8003F400 (phys.: 0x01E4F400)

INT# SegType DPL ISR
000(00) IntG32 00 0008:804DF350
001(01) IntG32 00 0008:804DF4CB
002(02) TaskG32 00 0058:805523A6
003(03) IntG32 03 0008:804DF89D
004(04) IntG32 03 0008:804DFA20
005(05) IntG32 00 0008:804DFB81
006(06) IntG32 00 0008:804DFD02
007(07) IntG32 00 0008:804E036A
008(08) TaskG32 00 0050:80552398
009(09) IntG32 00 0008:804E078F
010(0A) IntG32 00 0008:804E08AC
011(0B) IntG32 00 0008:804E09E9
012(0C) IntG32 00 0008:804E0C42
013(0D) IntG32 00 0008:804E0F38
014(0E) IntG32 00 0008:804E164F
015(0F) IntG32 00 0008:804E197C
016(10) IntG32 00 0008:804E1A99
017(11) IntG32 00 0008:804E1BCE
018(12) TaskG32 00 00A0:060A2C7C (hooked)
019(13) IntG32 00 0008:804E1D34
020(14) IntG32 00 0008:804E197C
021(15) IntG32 00 0008:804E197C
022(16) IntG32 00 0008:804E197C
023(17) IntG32 00 0008:804E197C
024(18) IntG32 00 0008:804E197C
025(19) IntG32 00 0008:804E197C
026(1A) IntG32 00 0008:804E197C
027(1B) IntG32 00 0008:804E197C
028(1C) IntG32 00 0008:804E197C
029(1D) IntG32 00 0008:804E197C
030(1E) IntG32 00 0008:804E197C
031(1F) IntG32 00 0008:804E197C
032(20) Not present
033(21) Not present
034(22) Not present
035(23) Not present
036(24) Not present
037(25) Not present
038(26) Not present
039(27) Not present
040(28) Not present
041(29) Not present
042(2A) IntG32 03 0008:804DEB92
043(2B) IntG32 03 0008:804DEC95
044(2C) IntG32 03 0008:804DEE34
045(2D) IntG32 03 0008:804DF77C
046(2E) IntG32 03 0008:804DE631
047(2F) IntG32 00 0008:804E197C
048(30) IntG32 00 0008:806F5D54
049(31) IntG32 00 0008:857D9DD4 (hooked)
050(32) IntG32 00 0008:804DDD04
051(33) IntG32 00 0008:804DDD0E
052(34) IntG32 00 0008:804DDD18
053(35) IntG32 00 0008:85966334 (hooked)
054(36) IntG32 00 0008:804DDD2C
055(37) IntG32 00 0008:804DDD36
056(38) IntG32 00 0008:806EFEF0
057(39) IntG32 00 0008:85BCC044 (hooked)
058(3A) IntG32 00 0008:85903DD4 (hooked)
059(3B) IntG32 00 0008:85B73954 (hooked)
060(3C) IntG32 00 0008:857D9044 (hooked)
061(3D) IntG32 00 0008:804DDD72
062(3E) IntG32 00 0008:85B89DD4 (hooked)
063(3F) IntG32 00 0008:85B89204 (hooked)
064(40) IntG32 00 0008:804DDD90
065(41) IntG32 00 0008:804DDD9A
066(42) IntG32 00 0008:804DDDA4
067(43) IntG32 00 0008:804DDDAE
068(44) IntG32 00 0008:804DDDB8
069(45) IntG32 00 0008:804DDDC2
070(46) IntG32 00 0008:804DDDCC
071(47) IntG32 00 0008:804DDDD6
072(48) IntG32 00 0008:804DDDE0
073(49) IntG32 00 0008:804DDDEA
074(4A) IntG32 00 0008:804DDDF4
075(4B) IntG32 00 0008:804DDDFE
076(4C) IntG32 00 0008:804DDE08
077(4D) IntG32 00 0008:804DDE12
078(4E) IntG32 00 0008:804DDE1C
079(4F) IntG32 00 0008:804DDE26
080(50) IntG32 00 0008:804DDE30
081(51) IntG32 00 0008:804DDE3A
082(52) IntG32 00 0008:804DDE44
083(53) IntG32 00 0008:804DDE4E
084(54) IntG32 00 0008:804DDE58
085(55) IntG32 00 0008:804DDE62
086(56) IntG32 00 0008:804DDE6C
087(57) IntG32 00 0008:804DDE76
088(58) IntG32 00 0008:804DDE80
089(59) IntG32 00 0008:804DDE8A
090(5A) IntG32 00 0008:804DDE94
091(5B) IntG32 00 0008:804DDE9E
092(5C) IntG32 00 0008:804DDEA8
093(5D) IntG32 00 0008:804DDEB2
094(5E) IntG32 00 0008:804DDEBC
095(5F) IntG32 00 0008:804DDEC6
096(60) IntG32 00 0008:804DDED0
097(61) IntG32 00 0008:804DDEDA
098(62) IntG32 00 0008:804DDEE4
099(63) IntG32 00 0008:804DDEEE
100(64) IntG32 00 0008:804DDEF8
101(65) IntG32 00 0008:804DDF02
102(66) IntG32 00 0008:804DDF0C
103(67) IntG32 00 0008:804DDF16
104(68) IntG32 00 0008:804DDF20
105(69) IntG32 00 0008:804DDF2A
106(6A) IntG32 00 0008:804DDF34
107(6B) IntG32 00 0008:804DDF3E
108(6C) IntG32 00 0008:804DDF48
109(6D) IntG32 00 0008:804DDF52
110(6E) IntG32 00 0008:804DDF5C
111(6F) IntG32 00 0008:804DDF66
112(70) IntG32 00 0008:804DDF70
113(71) IntG32 00 0008:804DDF7A
114(72) IntG32 00 0008:804DDF84
115(73) IntG32 00 0008:804DDF8E
116(74) IntG32 00 0008:804DDF98
117(75) IntG32 00 0008:804DDFA2
118(76) IntG32 00 0008:804DDFAC
119(77) IntG32 00 0008:804DDFB6
120(78) IntG32 00 0008:804DDFC0
121(79) IntG32 00 0008:804DDFCA
122(7A) IntG32 00 0008:804DDFD4
123(7B) IntG32 00 0008:804DDFDE
124(7C) IntG32 00 0008:804DDFE8
125(7D) IntG32 00 0008:804DDFF2
126(7E) IntG32 00 0008:804DDFFC
127(7F) IntG32 00 0008:804DE006
128(80) IntG32 00 0008:804DE010
129(81) IntG32 00 0008:804DE01A
130(82) IntG32 00 0008:804DE024
131(83) IntG32 00 0008:804DE02E
132(84) IntG32 00 0008:804DE038
133(85) IntG32 00 0008:804DE042
134(86) IntG32 00 0008:804DE04C
135(87) IntG32 00 0008:804DE056
136(88) IntG32 00 0008:804DE060
137(89) IntG32 00 0008:804DE06A
138(8A) IntG32 00 0008:804DE074
139(8B) IntG32 00 0008:804DE07E
140(8C) IntG32 00 0008:804DE088
141(8D) IntG32 00 0008:804DE092
142(8E) IntG32 00 0008:804DE09C
143(8F) IntG32 00 0008:804DE0A6
144(90) IntG32 00 0008:804DE0B0
145(91) IntG32 00 0008:804DE0BA
146(92) IntG32 00 0008:804DE0C4
147(93) IntG32 00 0008:804DE0CE
148(94) IntG32 00 0008:804DE0D8
149(95) IntG32 00 0008:804DE0E2
150(96) IntG32 00 0008:804DE0EC
151(97) IntG32 00 0008:804DE0F6
152(98) IntG32 00 0008:804DE100
153(99) IntG32 00 0008:804DE10A
154(9A) IntG32 00 0008:804DE114
155(9B) IntG32 00 0008:804DE11E
156(9C) IntG32 00 0008:804DE128
157(9D) IntG32 00 0008:804DE132
158(9E) IntG32 00 0008:804DE13C
159(9F) IntG32 00 0008:804DE146
160(A0) IntG32 00 0008:804DE150
161(A1) IntG32 00 0008:804DE15A
162(A2) IntG32 00 0008:804DE164
163(A3) IntG32 00 0008:804DE16E
164(A4) IntG32 00 0008:804DE178
165(A5) IntG32 00 0008:804DE182
166(A6) IntG32 00 0008:804DE18C
167(A7) IntG32 00 0008:804DE196
168(A8) IntG32 00 0008:804DE1A0
169(A9) IntG32 00 0008:804DE1AA
170(AA) IntG32 00 0008:804DE1B4
171(AB) IntG32 00 0008:804DE1BE
172(AC) IntG32 00 0008:804DE1C8
173(AD) IntG32 00 0008:804DE1D2
174(AE) IntG32 00 0008:804DE1DC
175(AF) IntG32 00 0008:804DE1E6
176(B0) IntG32 00 0008:804DE1F0
177(B1) IntG32 00 0008:804DE1FA
178(B2) IntG32 00 0008:804DE204
179(B3) IntG32 00 0008:804DE20E
180(B4) IntG32 00 0008:804DE218
181(B5) IntG32 00 0008:804DE222
182(B6) IntG32 00 0008:804DE22C
183(B7) IntG32 00 0008:804DE236
184(B8) IntG32 00 0008:804DE240
185(B9) IntG32 00 0008:804DE24A
186(BA) IntG32 00 0008:804DE254
187(BB) IntG32 00 0008:804DE25E
188(BC) IntG32 00 0008:804DE268
189(BD) IntG32 00 0008:804DE272
190(BE) IntG32 00 0008:804DE27C
191(BF) IntG32 00 0008:804DE286
192(C0) IntG32 00 0008:804DE290
193(C1) IntG32 00 0008:804DE29A
194(C2) IntG32 00 0008:804DE2A4
195(C3) IntG32 00 0008:804DE2AE
196(C4) IntG32 00 0008:804DE2B8
197(C5) IntG32 00 0008:804DE2C2
198(C6) IntG32 00 0008:804DE2CC
199(C7) IntG32 00 0008:804DE2D6
200(C8) IntG32 00 0008:804DE2E0
201(C9) IntG32 00 0008:804DE2EA
202(CA) IntG32 00 0008:804DE2F4
203(CB) IntG32 00 0008:804DE2FE
204(CC) IntG32 00 0008:804DE308
205(CD) IntG32 00 0008:804DE312
206(CE) IntG32 00 0008:804DE31C
207(CF) IntG32 00 0008:804DE326
208(D0) IntG32 00 0008:804DE330
209(D1) IntG32 00 0008:804DE33A
210(D2) IntG32 00 0008:804DE344
211(D3) IntG32 00 0008:804DE34E
212(D4) IntG32 00 0008:804DE358
213(D5) IntG32 00 0008:804DE362
214(D6) IntG32 00 0008:804DE36C
215(D7) IntG32 00 0008:804DE376
216(D8) IntG32 00 0008:804DE380
217(D9) IntG32 00 0008:804DE38A
218(DA) IntG32 00 0008:804DE394
219(DB) IntG32 00 0008:804DE39E
220(DC) IntG32 00 0008:804DE3A8
221(DD) IntG32 00 0008:804DE3B2
222(DE) IntG32 00 0008:804DE3BC
223(DF) IntG32 00 0008:804DE3C6
224(E0) IntG32 00 0008:804DE3D0
225(E1) IntG32 00 0008:804DE3DA
226(E2) IntG32 00 0008:804DE3E4
227(E3) IntG32 00 0008:804DE3EE
228(E4) IntG32 00 0008:804DE3F8
229(E5) IntG32 00 0008:804DE402
230(E6) IntG32 00 0008:804DE40C
231(E7) IntG32 00 0008:804DE416
232(E8) IntG32 00 0008:804DE420
233(E9) IntG32 00 0008:804DE42A
234(EA) IntG32 00 0008:804DE434
235(EB) IntG32 00 0008:804DE43E
236(EC) IntG32 00 0008:804DE448
237(ED) IntG32 00 0008:804DE452
238(EE) IntG32 00 0008:804DE459
239(EF) IntG32 00 0008:804DE460
240(F0) IntG32 00 0008:804DE467
241(F1) IntG32 00 0008:804DE46E
242(F2) IntG32 00 0008:804DE475
243(F3) IntG32 00 0008:804DE47C
244(F4) IntG32 00 0008:804DE483
245(F5) IntG32 00 0008:804DE48A
246(F6) IntG32 00 0008:804DE491
247(F7) IntG32 00 0008:804DE498
248(F8) IntG32 00 0008:804DE49F
249(F9) IntG32 00 0008:804DE4A6
250(FA) IntG32 00 0008:804DE4AD
251(FB) IntG32 00 0008:804DE4B4
252(FC) IntG32 00 0008:804DE4BB
253(FD) IntG32 00 0008:804DE4C2
254(FE) IntG32 00 0008:804DE4C9
255(FF) IntG32 00 0008:804DE4D0
21:19:39 - Performing check: "SYSENTER hook":
SYSENTER offset in kernel: 0x004076F0 (=0x804DE6F0)
SYSENTER EIP: 0008:804DE6F0 [OK]
21:19:39 - Performing check: "IAT hooks":

PID 448 - C:\WINDOWS\System32\smss.exe

ntdll.dll (7C910000 - 7C9C8000)

PID 496 - C:\WINDOWS\system32\csrss.exe

ntdll.dll (7C910000 - 7C9C8000)
CSRSRV.dll (75AF0000 - 75AFB000)
basesrv.dll (75B00000 - 75B10000)
winsrv.dll (75B10000 - 75B5B000)
GDI32.dll (77E40000 - 77E89000)
KERNEL32.dll (7C800000 - 7C901000)
USER32.dll (7E390000 - 7E421000)
sxs.dll (7E6A0000 - 7E750000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)

PID 520 - C:\WINDOWS\system32\winlogon.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
AUTHZ.dll (77690000 - 776A2000)
msvcrt.dll (77BE0000 - 77C38000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
NDdeApi.dll (758F0000 - 758F8000)
PROFMAP.dll (758E0000 - 758EA000)
NETAPI32.dll (5BC70000 - 5BCC5000)
USERENV.dll (76980000 - 76A35000)
PSAPI.DLL (76BB0000 - 76BBB000)
REGAPI.dll (76B80000 - 76B8F000)
SETUPAPI.dll (778F0000 - 779E7000)
VERSION.dll (77BD0000 - 77BD8000)
WINSTA.dll (76310000 - 76320000)
WINTRUST.dll (76BF0000 - 76C1E000)
IMAGEHLP.dll (76C50000 - 76C78000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
IMM32.DLL (76340000 - 7635D000)
MSGINA.dll (75920000 - 75A19000)
COMCTL32.dll (5D4D0000 - 5D56A000)
ODBC32.dll (745E0000 - 7461D000)
comdlg32.dll (76360000 - 763AA000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
comctl32.dll (773A0000 - 774A3000)
odbcint.dll (1F840000 - 1F858000)
SHSVCS.dll (776B0000 - 776D3000)
sfc.dll (76B70000 - 76B75000)
sfc_os.dll (76C20000 - 76C4A000)
ole32.dll (774B0000 - 775ED000)
Apphelp.dll (77B10000 - 77B32000)
msctfime.ime (752E0000 - 7530E000)
WINSCARD.DLL (72360000 - 7237C000)
WTSAPI32.dll (76F10000 - 76F18000)
sxs.dll (7E6A0000 - 7E750000)
uxtheme.dll (5B180000 - 5B1B8000)
WINMM.dll (76B00000 - 76B2E000)
cscdll.dll (765B0000 - 765CD000)
dimsntfy.dll (47190000 - 47198000)
WlNotify.dll (75900000 - 7591B000)
MPR.dll (71AA0000 - 71AB2000)
WINSPOOL.DRV (72F70000 - 72F96000)
rsaenh.dll (68000000 - 68036000)
SAMLIB.dll (71B80000 - 71B93000)
msv1_0.dll (77C40000 - 77C65000)
cryptdll.dll (76750000 - 7675C000)
iphlpapi.dll (76D20000 - 76D39000)
cscui.dll (779F0000 - 77A45000)
xpsp2res.dll (01570000 - 01845000)
COMRes.dll (77010000 - 770E2000)
OLEAUT32.dll (770F0000 - 7717B000)
CLBCATQ.DLL (76F90000 - 7700F000)
NTMARTA.DLL (77660000 - 77681000)
WLDAP32.dll (76F20000 - 76F4D000)
wdmaud.drv (72C90000 - 72C99000)
msacm32.drv (72C80000 - 72C88000)
MSACM32.dll (77BB0000 - 77BC5000)
midimap.dll (77BA0000 - 77BA7000)

PID 568 - C:\WINDOWS\system32\services.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
msvcrt.dll (77BE0000 - 77C38000)
NCObjAPI.DLL (5FBB0000 - 5FBBC000)
MSVCP60.dll (76030000 - 76095000)
SCESRV.dll (77B40000 - 77B94000)
AUTHZ.dll (77690000 - 776A2000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
USERENV.dll (76980000 - 76A35000)
umpnpmgr.dll (7DBB0000 - 7DBD1000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcAdProc.dll (474B0000 - 474BF000)
IMM32.DLL (76340000 - 7635D000)
Apphelp.dll (77B10000 - 77B32000)
VERSION.dll (77BD0000 - 77BD8000)
eventlog.dll (772D0000 - 772E1000)
PSAPI.DLL (76BB0000 - 76BBB000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
wtsapi32.dll (76F10000 - 76F18000)

PID 580 - C:\WINDOWS\system32\lsass.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
LSASRV.dll (753E0000 - 75496000)
MPR.dll (71AA0000 - 71AB2000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
MSASN1.dll (77AF0000 - 77B02000)
msvcrt.dll (77BE0000 - 77C38000)
NETAPI32.dll (5BC70000 - 5BCC5000)
NTDSAPI.dll (76760000 - 76773000)
DNSAPI.dll (76EE0000 - 76F07000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
WLDAP32.dll (76F20000 - 76F4D000)
SAMLIB.dll (71B80000 - 71B93000)
SAMSRV.dll (743D0000 - 7443E000)
cryptdll.dll (76750000 - 7675C000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
msprivs.dll (4D200000 - 4D20E000)
kerberos.dll (71C80000 - 71CCC000)
msv1_0.dll (77C40000 - 77C65000)
iphlpapi.dll (76D20000 - 76D39000)
netlogon.dll (74440000 - 744A5000)
w32time.dll (76780000 - 767AD000)
MSVCP60.dll (76030000 - 76095000)
schannel.dll (767B0000 - 767D8000)
CRYPT32.dll (77A50000 - 77AE6000)
wdigest.dll (7E8C0000 - 7E8D1000)
rsaenh.dll (68000000 - 68036000)
setupapi.dll (778F0000 - 779E7000)
scecli.dll (7D520000 - 7D551000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
ipsecsvc.dll (74360000 - 74390000)
AUTHZ.dll (77690000 - 776A2000)
oakley.DLL (756D0000 - 757A0000)
WINIPSEC.DLL (742F0000 - 742FB000)
pstorsvc.dll (74320000 - 7432B000)
dssenh.dll (68100000 - 68126000)
psbase.dll (74340000 - 7435B000)

PID 744 - C:\WINDOWS\system32\svchost.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
msvcrt.dll (77BE0000 - 77C38000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
NTMARTA.DLL (77660000 - 77681000)
SAMLIB.dll (71B80000 - 71B93000)
WLDAP32.dll (76F20000 - 76F4D000)
xpsp2res.dll (00630000 - 00905000)
shsvcs.dll (776B0000 - 776D3000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
rsaenh.dll (68000000 - 68036000)
dhcpcsvc.dll (7D4C0000 - 7D4E2000)
DNSAPI.dll (76EE0000 - 76F07000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
iphlpapi.dll (76D20000 - 76D39000)
wzcsvc.dll (7DB20000 - 7DBAC000)
rtutils.dll (76E40000 - 76E4E000)
WMI.dll (76CF0000 - 76CF4000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
EapolQec.dll (4CF40000 - 4CF4B000)
ATL.DLL (76AE0000 - 76AF1000)
QUtil.dll (745C0000 - 745D6000)
MSVCP60.dll (76030000 - 76095000)
dot3api.dll (72960000 - 7296A000)
WTSAPI32.dll (76F10000 - 76F18000)
ESENT.dll (5E270000 - 5E37F000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
rastls.dll (7D4F0000 - 7D517000)
CRYPTUI.dll (76890000 - 76913000)
WININET.dll (3F9D0000 - 3FAA1000)
Normaliz.dll (014A0000 - 014A9000)
iertutil.dll (40070000 - 400B5000)
WINTRUST.dll (76BF0000 - 76C1E000)
IMAGEHLP.dll (76C50000 - 76C78000)
MPRAPI.dll (76D00000 - 76D18000)
ACTIVEDS.dll (77C90000 - 77CC2000)
adsldpc.dll (76DD0000 - 76DF5000)
SETUPAPI.dll (778F0000 - 779E7000)
RASAPI32.dll (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
SCHANNEL.dll (767B0000 - 767D8000)
WinSCard.dll (72360000 - 7237C000)
PSAPI.DLL (76BB0000 - 76BBB000)
raschap.dll (76CA0000 - 76CB6000)
msv1_0.dll (77C40000 - 77C65000)
cryptdll.dll (76750000 - 7675C000)
WZCSAPI.DLL (72FA0000 - 72FB0000)
schedsvc.dll (76840000 - 76874000)
NTDSAPI.dll (76760000 - 76773000)
MSIDLE.DLL (74EE0000 - 74EE5000)
audiosrv.dll (70DE0000 - 70DED000)
wkssvc.dll (76E00000 - 76E23000)
qmgr.dll (6FF20000 - 6FF8B000)
MPR.dll (71AA0000 - 71AB2000)
SHFOLDER.dll (76740000 - 76749000)
WINHTTP.dll (4D530000 - 4D589000)
cryptsvc.dll (76CD0000 - 76CE2000)
certcli.dll (76B30000 - 76B62000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
netman.dll (77CD0000 - 77D03000)
netshell.dll (763B0000 - 76558000)
credui.dll (76BC0000 - 76BEE000)
dot3dlg.dll (73640000 - 73646000)
OneX.DLL (5AD00000 - 5AD28000)
eappcfg.dll (71680000 - 716A2000)
eappprxy.dll (73B40000 - 73B4E000)
srvsvc.dll (75020000 - 7503A000)
pchsvc.dll (74ED0000 - 74EDC000)
es.dll (776E0000 - 77724000)
ersvc.dll (74F10000 - 74F19000)
seclogon.dll (73C90000 - 73C98000)
trkwks.dll (75000000 - 75019000)
srsvc.dll (75130000 - 7515E000)
POWRPROF.dll (74A60000 - 74A68000)
sens.dll (72260000 - 7226D000)
wmisvc.dll (4F120000 - 4F148000)
VSSAPI.DLL (75370000 - 753DD000)
w32time.dll (76780000 - 767AD000)
browser.dll (772F0000 - 77306000)
wuauserv.dll (50000000 - 50005000)
wuaueng.dll (50040000 - 50219000)
WINSPOOL.DRV (72F70000 - 72F96000)
Cabinet.dll (750E0000 - 750F3000)
mspatcha.dll (604F0000 - 604FB000)
ipnathlp.dll (66910000 - 66966000)
AUTHZ.dll (77690000 - 776A2000)
wscsvc.dll (4C0E0000 - 4C0F7000)
msi.dll (7D1F0000 - 7D4AC000)
wbemcomn.dll (75220000 - 75257000)
wbemcore.dll (76630000 - 766B5000)
esscli.dll (752A0000 - 752DF000)
FastProx.dll (75630000 - 756A6000)
SXS.DLL (7E6A0000 - 7E750000)
comsvcs.dll (760A0000 - 761DC000)
colbact.DLL (750C0000 - 750D4000)
MTXCLU.DLL (75080000 - 75093000)
WSOCK32.dll (71A50000 - 71A5A000)
CLUSAPI.DLL (76D60000 - 76D72000)
RESUTILS.DLL (75040000 - 75052000)
wmiutils.dll (74FB0000 - 74FCC000)
repdrvfs.dll (75190000 - 751BF000)
sfc.dll (76B70000 - 76B75000)
sfc_os.dll (76C20000 - 76C4A000)
wmiprvsd.dll (41280000 - 412F2000)
NCObjAPI.DLL (5FBB0000 - 5FBBC000)
wbemess.dll (75320000 - 75366000)
Apphelp.dll (77B10000 - 77B32000)
ncprov.dll (5FB80000 - 5FB8E000)
wups2.dll (50F00000 - 50F0D000)
upnp.dll (76DA0000 - 76DC4000)
SSDPAPI.dll (74E90000 - 74E9C000)
netcfgx.dll (75590000 - 7562C000)
rasmans.dll (7DEE0000 - 7DF12000)
WINIPSEC.DLL (742F0000 - 742FB000)
RASDLG.dll (754E0000 - 75588000)
upnphost.dll (67370000 - 673A2000)
msxml3.dll (74910000 - 74A33000)
urlmon.dll (45010000 - 45138000)
winrnr.dll (76F70000 - 76F78000)
rasadhlp.dll (76F80000 - 76F86000)
advpack.dll (435B0000 - 435DE000)
dssenh.dll (68100000 - 68126000)
wbemsvc.dll (74E60000 - 74E6E000)
wuapi.dll (506A0000 - 5072E000)
catsrvut.dll (70040000 - 700DE000)
catsrv.dll (70100000 - 7013D000)
MfcSubs.dll (61DF0000 - 61DF9000)
wups.dll (50640000 - 5064A000)
mlang.dll (75D50000 - 75DE1000)
xmlprovi.dll (4CBD0000 - 4CBE0000)

PID 904 - C:\WINDOWS\system32\svchost.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
msvcrt.dll (77BE0000 - 77C38000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
SPOOLSS.DLL (74260000 - 74275000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
DNSAPI.dll (76EE0000 - 76F07000)
iphlpapi.dll (76D20000 - 76D39000)
rasadhlp.dll (76F80000 - 76F86000)
localspl.dll (75B60000 - 75BB8000)
sfc_os.dll (76C20000 - 76C4A000)
WINTRUST.dll (76BF0000 - 76C1E000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
IMAGEHLP.dll (76C50000 - 76C78000)
winspool.drv (72F70000 - 72F96000)
netapi32.dll (5BC70000 - 5BCC5000)
cnbjmon.dll (74210000 - 7421F000)
mdimon.dll (00990000 - 00998000)
msi.dll (7D1F0000 - 7D4AC000)
pjlmon.dll (741F0000 - 741F7000)
tcpmon.dll (72390000 - 7239F000)
usbmon.dll (72380000 - 72387000)
mdippr.dll (009A0000 - 009A8000)
filterpipelineprintproc.dll(00D40000 - 00D4A000)
mswsock.dll (719D0000 - 71A10000)
winrnr.dll (76F70000 - 76F78000)
WLDAP32.dll (76F20000 - 76F4D000)
win32spl.dll (76210000 - 76234000)
NETRAP.dll (71C10000 - 71C17000)
NTDSAPI.dll (76760000 - 76773000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
xpsp2res.dll (01010000 - 012E5000)
inetpp.dll (74280000 - 74295000)

PID 1332 - C:\Programmi\Avira\AntiVir Desktop\sched.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
IPHLPAPI.DLL (76D20000 - 76D39000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
msvcrt.dll (77BE0000 - 77C38000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
MSVCR90.dll (78520000 - 785C3000)
MSVCP90.dll (78480000 - 7850E000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
schedr.dll (10000000 - 10004000)
WTSAPI32.DLL (76F10000 - 76F18000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
rasapi32.dll (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
rtutils.dll (76E40000 - 76E4E000)
WINMM.dll (76B00000 - 76B2E000)
avevtlog.dll (00B80000 - 00BAE000)
sqlite3.dll (00CC0000 - 00D13000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
xpsp2res.dll (01430000 - 01705000)
rsaenh.dll (68000000 - 68036000)
uxtheme.dll (5B180000 - 5B1B8000)
userenv.dll (76980000 - 76A35000)
cryptnet.dll (76590000 - 765A3000)
PSAPI.DLL (76BB0000 - 76BBB000)
SensApi.dll (72240000 - 72245000)
WINHTTP.dll (4D530000 - 4D589000)
WLDAP32.dll (76F20000 - 76F4D000)
Apphelp.dll (77B10000 - 77B32000)

PID 1396 - C:\WINDOWS\system32\netdde.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
msvcrt.dll (77BE0000 - 77C38000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
NDdeApi.dll (758F0000 - 758F8000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
NETAPI32.dll (5BC70000 - 5BCC5000)
NDDENB32.dll (5FB40000 - 5FB49000)
msctfime.ime (752E0000 - 7530E000)

PID 1436 - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
MSVCR90.dll (78520000 - 785C3000)
MSVCP90.dll (78480000 - 7850E000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
msvcrt.dll (77BE0000 - 77C38000)
SHLWAPI.dll (77E90000 - 77F06000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
WTSAPI32.DLL (76F10000 - 76F18000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
AVEvtLog.dll (10000000 - 1002E000)
guardmsg.dll (00C20000 - 00C29000)
sqlite3.dll (00C30000 - 00C83000)
AVPREF.DLL (00DA0000 - 00DAD000)
SMTPLIB.DLL (00DC0000 - 00DCB000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
wintrust.dll (76BF0000 - 76C1E000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
IMAGEHLP.dll (76C50000 - 76C78000)
AVGIO.DLL (011E0000 - 011F6000)
FLTLIB.DLL (4DD50000 - 4DD58000)
avipc.dll (019D0000 - 019E2000)
aecore.dll (01310000 - 0133E000)
aevdf.dll (01350000 - 0136B000)
aescript.dll (01380000 - 01410000)
aescn.dll (01420000 - 01440000)
aesbx.dll (01450000 - 0148D000)
aerdl.dll (014A0000 - 01517000)
aepack.dll (01530000 - 0159C000)
unacev2.dll (015B0000 - 015FB000)
aeoffice.dll (01610000 - 01642000)
aeheur.dll (01660000 - 0186D000)
aehelp.dll (01880000 - 018BC000)
aegen.dll (018D0000 - 0192A000)
aeemu.dll (01940000 - 019A1000)
aebb.dll (019C0000 - 019CE000)

PID 1460 - C:\WINDOWS\System32\svchost.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
ole32.dll (774B0000 - 775ED000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
msvcrt.dll (77BE0000 - 77C38000)
OLEAUT32.dll (770F0000 - 7717B000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
VERSION.dll (77BD0000 - 77BD8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
mdmui.dll (51810000 - 51816000)
psapi.dll (76BB0000 - 76BBB000)
xpsp2res.dll (00B70000 - 00E45000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
MSDBG2.DLL (51580000 - 515AB000)

PID 1576 - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

ntdll.dll (7C910000 - 7C9C8000)
mscoree.dll (79000000 - 79046000)
Cannot read memory @000085E0: 8000000D
System.Servic_CorDllMain --[HOOKED]-- @000085E0
KERNEL32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
SHLWAPI.dll (77E90000 - 77F06000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
msvcrt.dll (77BE0000 - 77C38000)
IMM32.DLL (76340000 - 7635D000)
mscorwks.dll (79E70000 - 7A400000)
MSVCR80.dll (78130000 - 781CB000)
shell32.dll (7C9D0000 - 7D1EE000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
mscorlib.ni.dll (790C0000 - 79BB7000)
ole32.dll (774B0000 - 775ED000)
System.ni.dll (7A440000 - 7ABC5000)
SMSvcHost.ni.exe (30000000 - 3005D000)
SMDiagnostics.ni.dll(009E0000 - 00A22000)
System.ServiceProcess.ni.dll(67A20000 - 67A57000)
System.ServiceModel.ni.dll(03030000 - 040B7000)
System.IdentityModel.ni.dll(00A30000 - 00B36000)
System.Configuration.ni.dll(64890000 - 64981000)
System.Xml.ni.dll (637A0000 - 63CD6000)
System.Runtime.Serialization.ni.dll(00DA0000 - 00FDE000)
System.Web.ni.dll (65F20000 - 66A63000)
System.ServiceProcess.resources.dll(04340000 - 0434E000)

PID 192 - C:\WINDOWS\Explorer.EXE

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
Explorer.EXE:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address: 5CF90000
Size: 00026000
Flags: 8000400C
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5512
Company: Microsoft Corporation
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Description: Shim Engine DLL
Location: C:\WINDOWS\system32\ShimEng.dll
Signed: > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address: 5CF90000
Size: 00026000
Flags: 8000400C
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5512
Company: Microsoft Corporation
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Description: Shim Engine DLL
Location: C:\WINDOWS\system32\ShimEng.dll
Signed: > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
Secur32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
BROWSEUI.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
GDI32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
USER32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
msvcrt.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
ole32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
SHLWAPI.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
OLEAUT32.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
SHDOCVW.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
CRYPT32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MSASN1.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
CRYPTUI.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
NETAPI32.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
VERSION.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WININET.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
iertutil.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WINTRUST.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
IMAGEHLP.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WLDAP32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
SHELL32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
UxTheme.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WINMM.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MSACM32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
USERENV.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
IMM32.DLL :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
msctfime.ime:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
appHelp.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
CLBCATQ.DLL :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
cscui.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
CSCDLL.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
themeui.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
urlmon.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MSCTF.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
ntshrui.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
ATL.DLL :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
msi.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
LINKINFO.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
ieframe.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
PSAPI.DLL :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MLANG.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
webcheck.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
stobject.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
BatMeter.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
SETUPAPI.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WTSAPI32.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WPDShServiceOGetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WINHTTP.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
mydocs.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
PortableDevicGetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
PortableDevicGetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
wdmaud.drv :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
NETSHELL.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
credui.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
eappcfg.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
iphlpapi.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WS2_32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WS2HELP.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
WZCSAPI.DLL :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
wzcdlg.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
xmlprovi.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MPR.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
rsaenh.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
ntlanman.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
NETUI0.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
davclnt.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
DUSER.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MSVCR80.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
MSNLNamespaceGetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
cryptnet.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
mswsock.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
hnetcfg.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
RASAPI32.DLL:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
rasman.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
TAPI32.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
DNSAPI.dll :GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
rasadhlp.dll:GetProcAddress --[HOOKED]-- @5CF97774 by C:\WINDOWS\system32\ShimEng.dll
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
BROWSEUI.dll (75F30000 - 7602D000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
msvcrt.dll (77BE0000 - 77C38000)
ole32.dll (774B0000 - 775ED000)
SHLWAPI.dll (77E90000 - 77F06000)
OLEAUT32.dll (770F0000 - 7717B000)
SHDOCVW.dll (7E210000 - 7E381000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
CRYPTUI.dll (76890000 - 76913000)
NETAPI32.dll (5BC70000 - 5BCC5000)
VERSION.dll (77BD0000 - 77BD8000)
WININET.dll (3F9D0000 - 3FAA1000)
Normaliz.dll (00400000 - 00409000)
iertutil.dll (40070000 - 400B5000)
WINTRUST.dll (76BF0000 - 76C1E000)
IMAGEHLP.dll (76C50000 - 76C78000)
WLDAP32.dll (76F20000 - 76F4D000)
SHELL32.dll (7C9D0000 - 7D1EE000)
UxTheme.dll (5B180000 - 5B1B8000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
MSACM32.dll (77BB0000 - 77BC5000)
USERENV.dll (76980000 - 76A35000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
msctfime.ime (752E0000 - 7530E000)
appHelp.dll (77B10000 - 77B32000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
cscui.dll (779F0000 - 77A45000)
CSCDLL.dll (765B0000 - 765CD000)
themeui.dll (5BA40000 - 5BAB2000)
MSIMG32.dll (76330000 - 76335000)
xpsp2res.dll (011D0000 - 014A5000)
urlmon.dll (45010000 - 45138000)
MSCTF.dll (746B0000 - 746FC000)
ntshrui.dll (76950000 - 76976000)
ATL.DLL (76AE0000 - 76AF1000)
msi.dll (7D1F0000 - 7D4AC000)
LINKINFO.dll (76940000 - 76948000)
ieframe.dll (40260000 - 4082D000)
PSAPI.DLL (76BB0000 - 76BBB000)
MLANG.dll (75D50000 - 75DE1000)
WINSTA.dll (76310000 - 76320000)
webcheck.dll (43530000 - 4356C000)
stobject.dll (761E0000 - 76201000)
BatMeter.dll (74A80000 - 74A8A000)
POWRPROF.dll (74A60000 - 74A68000)
SETUPAPI.dll (778F0000 - 779E7000)
WTSAPI32.dll (76F10000 - 76F18000)
WPDShServiceObj.dll (164A0000 - 164C3000)
WINHTTP.dll (4D530000 - 4D589000)
mydocs.dll (723A0000 - 723BA000)
PortableDeviceTypes.dll(109C0000 - 109EC000)
PortableDeviceApi.dll(10930000 - 10979000)
wdmaud.drv (72C90000 - 72C99000)
msacm32.drv (72C80000 - 72C88000)
midimap.dll (77BA0000 - 77BA7000)
NETSHELL.dll (763B0000 - 76558000)
credui.dll (76BC0000 - 76BEE000)
dot3api.dll (72960000 - 7296A000)
rtutils.dll (76E40000 - 76E4E000)
dot3dlg.dll (73640000 - 73646000)
OneX.DLL (5AD00000 - 5AD28000)
eappcfg.dll (71680000 - 716A2000)
MSVCP60.dll (76030000 - 76095000)
eappprxy.dll (73B40000 - 73B4E000)
iphlpapi.dll (76D20000 - 76D39000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
WZCSAPI.DLL (72FA0000 - 72FB0000)
wzcdlg.dll (4F4B0000 - 4F511000)
xpsp3res.dll (20000000 - 200BE000)
xmlprovi.dll (4CBD0000 - 4CBE0000)
MPR.dll (71AA0000 - 71AB2000)
PDFShell.ITA (01770000 - 017BC000)
rsaenh.dll (68000000 - 68036000)
drprov.dll (75F10000 - 75F17000)
ntlanman.dll (71BA0000 - 71BAE000)
NETUI0.dll (71C60000 - 71C77000)
NETUI1.dll (71C20000 - 71C60000)
NETRAP.dll (71C10000 - 71C17000)
SAMLIB.dll (71B80000 - 71B93000)
davclnt.dll (75F20000 - 75F2A000)
browselc.dll (71600000 - 71613000)
DUSER.dll (6C6B0000 - 6C6FD000)
PDFShell.dll (10000000 - 1005B000)
MSVCR80.dll (78130000 - 781CB000)
MSNLNamespaceMgr.dll(02EE0000 - 02F2D000)
cryptnet.dll (76590000 - 765A3000)
SensApi.dll (72240000 - 72245000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
RASAPI32.DLL (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
DNSAPI.dll (76EE0000 - 76F07000)
rasadhlp.dll (76F80000 - 76F86000)

PID 348 - C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
VERSION.dll (77BD0000 - 77BD8000)
WINMM.dll (76B00000 - 76B2E000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
PSAPI.DLL (76BB0000 - 76BBB000)
comdlg32.dll (76360000 - 763AA000)
COMCTL32.dll (5D4D0000 - 5D56A000)
SHELL32.dll (7C9D0000 - 7D1EE000)
msvcrt.dll (77BE0000 - 77C38000)
SHLWAPI.dll (77E90000 - 77F06000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
uxtheme.dll (5B180000 - 5B1B8000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
SynCOM.dll (10000000 - 10028000)
msctfime.ime (752E0000 - 7530E000)
MSCTF.dll (746B0000 - 746FC000)
SynTPAPI.dll (63010000 - 63036000)

PID 368 - C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
mfc90u.dll (789E0000 - 78D81000)
MSVCR90.dll (78520000 - 785C3000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
SHLWAPI.dll (77E90000 - 77F06000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
msvcrt.dll (77BE0000 - 77C38000)
COMCTL32.dll (773A0000 - 774A3000)
MSIMG32.dll (76330000 - 76335000)
SHELL32.dll (7C9D0000 - 7D1EE000)
cclib.dll (10000000 - 10038000)
VERSION.dll (77BD0000 - 77BD8000)
MSVCP90.dll (78480000 - 7850E000)
IMM32.DLL (76340000 - 7635D000)
UxTheme.dll (5B180000 - 5B1B8000)
MFC90ITA.DLL (5D360000 - 5D36F000)
MSCTF.dll (746B0000 - 746FC000)
msctfime.ime (752E0000 - 7530E000)
ole32.dll (774B0000 - 775ED000)
ccgen.dll (00B50000 - 00BC0000)
ccgenrc.dll (00BE0000 - 00BE9000)
ccguard.dll (00BF0000 - 00C2A000)
ccgrdrc.dll (00C50000 - 00C57000)
avipc.dll (00C60000 - 00C72000)
ccupdate.dll (00C90000 - 00CBC000)
ccupdrc.dll (00CE0000 - 00CE5000)
cclic.dll (00E30000 - 00E41000)
cclicrc.dll (00E50000 - 00E53000)
ccmsg.dll (00E60000 - 00E8D000)
wtsapi32.dll (76F10000 - 76F18000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
OLEAUT32.DLL (770F0000 - 7717B000)
SETUPAPI.dll (778F0000 - 779E7000)
appHelp.dll (77B10000 - 77B32000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
urlmon.dll (45010000 - 45138000)
iertutil.dll (40070000 - 400B5000)

PID 376 - C:\WINDOWS\system32\ctfmon.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
msvcrt.dll (77BE0000 - 77C38000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
MSCTF.dll (746B0000 - 746FC000)
MSUTB.dll (60060000 - 60093000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
msctfime.ime (752E0000 - 7530E000)

PID 1000 - C:\WINDOWS\System32\alg.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
msvcrt.dll (77BE0000 - 77C38000)
ATL.DLL (76AE0000 - 76AF1000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
WSOCK32.dll (71A50000 - 71A5A000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
MSWSOCK.DLL (719D0000 - 71A10000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
xpsp2res.dll (00680000 - 00955000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)

PID 1936 - C:\WINDOWS\System32\svchost.exe

ntdll.dll (7C910000 - 7C9C8000)
The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff:
Address New-Original
7C9263C3: E9 - 68
7C9263C4: 28 - 6C
7C9263C5: B0 - 02
7C9263C6: AD - 00
7C9263C7: 83 - 00
--> JMP DWORD PTR DS:[004013F0]
Patched by C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe+0xFFC00000

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe+0xFFC00000:
Base address: 00400000
Size: 000E0000
Flags: 00005000
Load count: 65535
Name: Firefox
Prod. Version: 3.6b4
Company: Mozilla Corporation
File Version: 1.9.2b4
Description: Firefox
Location: C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
kernel32.dll (7C800000 - 7C901000)
xul.dll (10000000 - 10B32000)
sqlite3.dll (00280000 - 002F3000)
MOZCRT19.dll (78130000 - 781E0000)
msvcrt.dll (77BE0000 - 77C38000)
js3250.dll (00300000 - 003F8000)
nspr4.dll (004E0000 - 00509000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
WSOCK32.dll (71A50000 - 71A5A000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
WINMM.dll (76B00000 - 76B2E000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
smime3.dll (00510000 - 00528000)
nss3.dll (00530000 - 005CB000)
nssutil3.dll (005D0000 - 005E4000)
plc4.dll (005F0000 - 005F7000)
plds4.dll (00600000 - 00607000)
ssl3.dll (00610000 - 00630000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
ole32.dll (774B0000 - 775ED000)
VERSION.dll (77BD0000 - 77BD8000)
WINSPOOL.DRV (72F70000 - 72F96000)
COMDLG32.dll (76360000 - 763AA000)
COMCTL32.dll (773A0000 - 774A3000)
IMM32.dll (76340000 - 7635D000)
MSIMG32.dll (76330000 - 76335000)
USP10.dll (74D20000 - 74D8B000)
OLEAUT32.dll (770F0000 - 7717B000)
xpcom.dll (00630000 - 00637000)
uxtheme.dll (5B180000 - 5B1B8000)
dbghelp.dll (59E60000 - 59F01000)
MSCTF.dll (746B0000 - 746FC000)
SETUPAPI.dll (778F0000 - 779E7000)
msctfime.ime (752E0000 - 7530E000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
browserdirprovider.dll(01100000 - 01108000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
iphlpapi.dll (76D20000 - 76D39000)
netman.dll (77CD0000 - 77D03000)
MPRAPI.dll (76D00000 - 76D18000)
ACTIVEDS.dll (77C90000 - 77CC2000)
adsldpc.dll (76DD0000 - 76DF5000)
NETAPI32.dll (5BC70000 - 5BCC5000)
WLDAP32.dll (76F20000 - 76F4D000)
ATL.DLL (76AE0000 - 76AF1000)
rtutils.dll (76E40000 - 76E4E000)
SAMLIB.dll (71B80000 - 71B93000)
netshell.dll (763B0000 - 76558000)
credui.dll (76BC0000 - 76BEE000)
dot3api.dll (72960000 - 7296A000)
dot3dlg.dll (73640000 - 73646000)
OneX.DLL (5AD00000 - 5AD28000)
WTSAPI32.dll (76F10000 - 76F18000)
WINSTA.dll (76310000 - 76320000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
eappcfg.dll (71680000 - 716A2000)
MSVCP60.dll (76030000 - 76095000)
eappprxy.dll (73B40000 - 73B4E000)
RASAPI32.dll (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
WININET.dll (3F9D0000 - 3FAA1000)
Normaliz.dll (01320000 - 01329000)
iertutil.dll (40070000 - 400B5000)
WZCSAPI.DLL (72FA0000 - 72FB0000)
WZCSvc.DLL (7DB20000 - 7DBAC000)
WMI.dll (76CF0000 - 76CF4000)
DHCPCSVC.DLL (7D4C0000 - 7D4E2000)
DNSAPI.dll (76EE0000 - 76F07000)
EapolQec.dll (4CF40000 - 4CF4B000)
QUtil.dll (745C0000 - 745D6000)
ESENT.dll (5E270000 - 5E37F000)
t2embed.dll (73C50000 - 73C71000)
LZ32.dll (73D30000 - 73D33000)
brwsrcmp.dll (02160000 - 02184000)
winrnr.dll (76F70000 - 76F78000)
NTMARTA.DLL (77660000 - 77681000)
xpsp2res.dll (05600000 - 058D5000)
shdocvw.dll (7E210000 - 7E381000)
CRYPTUI.dll (76890000 - 76913000)
WINTRUST.dll (76BF0000 - 76C1E000)
IMAGEHLP.dll (76C50000 - 76C78000)
softokn3.dll (026C0000 - 026E6000)
nssdbm3.dll (02E40000 - 02E58000)
freebl3.dll (02E60000 - 02EA1000)
nssckbi.dll (02EB0000 - 02EFC000)
mscms.dll (73AA0000 - 73AB5000)
rasadhlp.dll (76F80000 - 76F86000)
wdmaud.drv (72C90000 - 72C99000)
msacm32.drv (72C80000 - 72C88000)
MSACM32.dll (77BB0000 - 77BC5000)
midimap.dll (77BA0000 - 77BA7000)
NPSWF32.dll (09000000 - 09495000)
urlmon.dll (45010000 - 45138000)
mlang.dll (75D50000 - 75DE1000)
schannel.dll (767B0000 - 767D8000)
USERENV.dll (76980000 - 76A35000)
appHelp.dll (77B10000 - 77B32000)
cscui.dll (779F0000 - 77A45000)
CSCDLL.dll (765B0000 - 765CD000)
browseui.dll (75F30000 - 7602D000)
ntshrui.dll (76950000 - 76976000)
LINKINFO.dll (76940000 - 76948000)

PID 380 - C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
msvcrt.dll (77BE0000 - 77C38000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
COMCTL32.dll (5D4D0000 - 5D56A000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
[i] Unable to load module C:\Documents and Settings\Pier Luigi\Desktop\IE8-WindowsXP-x86-ITA.exe for checking.
uxtheme.dll (5B180000 - 5B1B8000)
MSCTF.dll (746B0000 - 746FC000)
msctfime.ime (752E0000 - 7530E000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
rsaenh.dll (68000000 - 68036000)
feclient.dll (698E0000 - 698E9000)
MPR.dll (71AA0000 - 71AB2000)
USERENV.dll (76980000 - 76A35000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
Apphelp.dll (77B10000 - 77B32000)

PID 3208 - c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
[i] Unable to load module c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe for checking.
[i] Unable to load module c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe for checking.
[i] Unable to load module c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe for checking.
[i] Unable to load module c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe for checking.
[i] Unable to load module c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe for checking.
[i] Unable to load module c:\8d36f72f47a2540c1217208ebeee\update\iesetup.exe for checking.
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
msvcrt.dll (77BE0000 - 77C38000)
COMCTL32.dll (773A0000 - 774A3000)
SHLWAPI.dll (77E90000 - 77F06000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
PSAPI.DLL (76BB0000 - 76BBB000)
SETUPAPI.dll (778F0000 - 779E7000)
SHELL32.dll (7C9D0000 - 7D1EE000)
VERSION.dll (77BD0000 - 77BD8000)
IMM32.DLL (76340000 - 7635D000)
sqmapi.dll (6CD00000 - 6CD24000)
wintrust.dll (76BF0000 - 76C1E000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
IMAGEHLP.dll (76C50000 - 76C78000)
rsaenh.dll (68000000 - 68036000)
xpsp2res.dll (00A50000 - 00D25000)
uxtheme.dll (5B180000 - 5B1B8000)
userenv.dll (76980000 - 76A35000)
netapi32.dll (5BC70000 - 5BCC5000)
Cabinet.dll (750E0000 - 750F3000)
MSFTEDIT.DLL (4B440000 - 4B4C6000)
MSCTF.dll (746B0000 - 746FC000)
msctfime.ime (752E0000 - 7530E000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
wuapi.dll (506A0000 - 5072E000)
wups.dll (50640000 - 5064A000)
SXS.DLL (7E6A0000 - 7E750000)
Apphelp.dll (77B10000 - 77B32000)

PID 1032 - C:\Documents and Settings\Pier Luigi\Desktop\radix_installer\radixgui.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
comdlg32.dll (76360000 - 763AA000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
COMCTL32.dll (5D4D0000 - 5D56A000)
SHELL32.dll (7C9D0000 - 7D1EE000)
msvcrt.dll (77BE0000 - 77C38000)
SHLWAPI.dll (77E90000 - 77F06000)
ole32.dll (774B0000 - 775ED000)
VERSION.dll (77BD0000 - 77BD8000)
dbghelp.dll (59E60000 - 59F01000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
wintrust.dll (76BF0000 - 76C1E000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
IMAGEHLP.dll (76C50000 - 76C78000)
NTMARTA.DLL (77660000 - 77681000)
SAMLIB.dll (71B80000 - 71B93000)
WLDAP32.dll (76F20000 - 76F4D000)
uxtheme.dll (5B180000 - 5B1B8000)
MSCTF.dll (746B0000 - 746FC000)
msctfime.ime (752E0000 - 7530E000)
OLEAUT32.DLL (770F0000 - 7717B000)
xpsp2res.dll (012F0000 - 015C5000)
rsaenh.dll (68000000 - 68036000)
userenv.dll (76980000 - 76A35000)
netapi32.dll (5BC70000 - 5BCC5000)
cryptnet.dll (76590000 - 765A3000)
PSAPI.DLL (76BB0000 - 76BBB000)
SensApi.dll (72240000 - 72245000)
WINHTTP.dll (4D530000 - 4D589000)
ws2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
RASAPI32.DLL (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
rtutils.dll (76E40000 - 76E4E000)
WINMM.dll (76B00000 - 76B2E000)
DNSAPI.dll (76EE0000 - 76F07000)
rasadhlp.dll (76F80000 - 76F86000)
Cabinet.dll (750E0000 - 750F3000)

PID 1704 - c:\8d36f72f47a2540c1217208ebeee\update\update.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
COMCTL32.dll (773A0000 - 774A3000)
msvcrt.dll (77BE0000 - 77C38000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
SHLWAPI.dll (77E90000 - 77F06000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
imagehlp.dll (76C50000 - 76C78000)
MPR.dll (71AA0000 - 71AB2000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
PSAPI.DLL (76BB0000 - 76BBB000)
SHELL32.dll (7C9D0000 - 7D1EE000)
UPDSPAPI.dll (00400000 - 00463000)
WINSPOOL.DRV (72F70000 - 72F96000)
VERSION.dll (77BD0000 - 77BD8000)
IMM32.DLL (76340000 - 7635D000)
SetupApi.DLL (778F0000 - 779E7000)
Cabinet.dll (750E0000 - 750F3000)
wintrust.dll (76BF0000 - 76C1E000)
newdev.dll (5F960000 - 5F99F000)
WININET.dll (3F9D0000 - 3FAA1000)
Normaliz.dll (003D0000 - 003D9000)
iertutil.dll (40070000 - 400B5000)
credui.dll (76BC0000 - 76BEE000)
SXS.DLL (7E6A0000 - 7E750000)
Clusapi.DLL (76D60000 - 76D72000)
iecustom.dll (00C70000 - 00C7F000)
uxtheme.dll (5B180000 - 5B1B8000)
MSCTF.dll (746B0000 - 746FC000)
msctfime.ime (752E0000 - 7530E000)
rsaenh.dll (68000000 - 68036000)
xpsp2res.dll (01940000 - 01C15000)
userenv.dll (76980000 - 76A35000)
netapi32.dll (5BC70000 - 5BCC5000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
sfc_os.dll (76C20000 - 76C4A000)
---- Check ended at 2.12.2009 21:26:46 ----
---- Check started at 2.12.2009 21:33:35 ----
Running on: Microsoft Windows NT 5.1 Build 2600 Service Pack 3
Number of Processors: 1, Active Processor Mask: 00000001
Processor: Intel Level 6 Revision 0D06
Allocation granularity: 00010000, Page granularity: 00001000
Application space: 00010000-7FFEFFFF
[X] Filter common false alarms.
21:33:36 - Performing check: "IAT hooks":

PID 448 - C:\WINDOWS\System32\smss.exe

ntdll.dll (7C910000 - 7C9C8000)

PID 496 - C:\WINDOWS\system32\csrss.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
msvcrt.dll (77BE0000 - 77C38000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
comctl32.dll (5D4D0000 - 5D56A000)
NTMARTA.DLL (77660000 - 77681000)
SAMLIB.dll (71B80000 - 71B93000)
WLDAP32.dll (76F20000 - 76F4D000)
xpsp2res.dll (00630000 - 00905000)
shsvcs.dll (776B0000 - 776D3000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
rsaenh.dll (68000000 - 68036000)
dhcpcsvc.dll (7D4C0000 - 7D4E2000)
DNSAPI.dll (76EE0000 - 76F07000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
iphlpapi.dll (76D20000 - 76D39000)
wzcsvc.dll (7DB20000 - 7DBAC000)
rtutils.dll (76E40000 - 76E4E000)
WMI.dll (76CF0000 - 76CF4000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
EapolQec.dll (4CF40000 - 4CF4B000)
ATL.DLL (76AE0000 - 76AF1000)
QUtil.dll (745C0000 - 745D6000)
MSVCP60.dll (76030000 - 76095000)
dot3api.dll (72960000 - 7296A000)
WTSAPI32.dll (76F10000 - 76F18000)
ESENT.dll (5E270000 - 5E37F000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
rastls.dll (7D4F0000 - 7D517000)
CRYPTUI.dll (76890000 - 76913000)
WININET.dll (3F9D0000 - 3FAA1000)
Normaliz.dll (014A0000 - 014A9000)
iertutil.dll (40070000 - 400B5000)
WINTRUST.dll (76BF0000 - 76C1E000)
IMAGEHLP.dll (76C50000 - 76C78000)
MPRAPI.dll (76D00000 - 76D18000)
ACTIVEDS.dll (77C90000 - 77CC2000)
adsldpc.dll (76DD0000 - 76DF5000)
SETUPAPI.dll (778F0000 - 779E7000)
RASAPI32.dll (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
SCHANNEL.dll (767B0000 - 767D8000)
WinSCard.dll (72360000 - 7237C000)
PSAPI.DLL (76BB0000 - 76BBB000)
raschap.dll (76CA0000 - 76CB6000)
msv1_0.dll (77C40000 - 77C65000)
cryptdll.dll (76750000 - 7675C000)
WZCSAPI.DLL (72FA0000 - 72FB0000)
schedsvc.dll (76840000 - 76874000)
NTDSAPI.dll (76760000 - 76773000)
MSIDLE.DLL (74EE0000 - 74EE5000)
audiosrv.dll (70DE0000 - 70DED000)
wkssvc.dll (76E00000 - 76E23000)
qmgr.dll (6FF20000 - 6FF8B000)
MPR.dll (71AA0000 - 71AB2000)
SHFOLDER.dll (76740000 - 76749000)
WINHTTP.dll (4D530000 - 4D589000)
cryptsvc.dll (76CD0000 - 76CE2000)
certcli.dll (76B30000 - 76B62000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
netman.dll (77CD0000 - 77D03000)
netshell.dll (763B0000 - 76558000)
credui.dll (76BC0000 - 76BEE000)
dot3dlg.dll (73640000 - 73646000)
OneX.DLL (5AD00000 - 5AD28000)
eappcfg.dll (71680000 - 716A2000)
eappprxy.dll (73B40000 - 73B4E000)
srvsvc.dll (75020000 - 7503A000)
pchsvc.dll (74ED0000 - 74EDC000)
es.dll (776E0000 - 77724000)
ersvc.dll (74F10000 - 74F19000)
seclogon.dll (73C90000 - 73C98000)
trkwks.dll (75000000 - 75019000)
srsvc.dll (75130000 - 7515E000)
POWRPROF.dll (74A60000 - 74A68000)
sens.dll (72260000 - 7226D000)
wmisvc.dll (4F120000 - 4F148000)
VSSAPI.DLL (75370000 - 753DD000)
w32time.dll (76780000 - 767AD000)
browser.dll (772F0000 - 77306000)
wuauserv.dll (50000000 - 50005000)
wuaueng.dll (50040000 - 50219000)
WINSPOOL.DRV (72F70000 - 72F96000)
Cabinet.dll (750E0000 - 750F3000)
mspatcha.dll (604F0000 - 604FB000)
ipnathlp.dll (66910000 - 66966000)
AUTHZ.dll (77690000 - 776A2000)
wscsvc.dll (4C0E0000 - 4C0F7000)
msi.dll (7D1F0000 - 7D4AC000)
wbemcomn.dll (75220000 - 75257000)
wbemcore.dll (76630000 - 766B5000)
esscli.dll (752A0000 - 752DF000)
FastProx.dll (75630000 - 756A6000)
SXS.DLL (7E6A0000 - 7E750000)
comsvcs.dll (760A0000 - 761DC000)
colbact.DLL (750C0000 - 750D4000)
MTXCLU.DLL (75080000 - 75093000)
WSOCK32.dll (71A50000 - 71A5A000)
CLUSAPI.DLL (76D60000 - 76D72000)
RESUTILS.DLL (75040000 - 75052000)
wmiutils.dll (74FB0000 - 74FCC000)
repdrvfs.dll (75190000 - 751BF000)
sfc.dll (76B70000 - 76B75000)
sfc_os.dll (76C20000 - 76C4A000)
wmiprvsd.dll (41280000 - 412F2000)
NCObjAPI.DLL (5FBB0000 - 5FBBC000)
wbemess.dll (75320000 - 75366000)
Apphelp.dll (77B10000 - 77B32000)
ncprov.dll (5FB80000 - 5FB8E000)
wups2.dll (50F00000 - 50F0D000)
upnp.dll (76DA0000 - 76DC4000)
SSDPAPI.dll (74E90000 - 74E9C000)
netcfgx.dll (75590000 - 7562C000)
rasmans.dll (7DEE0000 - 7DF12000)
WINIPSEC.DLL (742F0000 - 742FB000)
RASDLG.dll (754E0000 - 75588000)
upnphost.dll (67370000 - 673A2000)
msxml3.dll (74910000 - 74A33000)
urlmon.dll (45010000 - 45138000)
winrnr.dll (76F70000 - 76F78000)
rasadhlp.dll (76F80000 - 76F86000)
advpack.dll (435B0000 - 435DE000)
dssenh.dll (68100000 - 68126000)
wbemsvc.dll (74E60000 - 74E6E000)
catsrvut.dll (70040000 - 700DE000)
catsrv.dll (70100000 - 7013D000)
MfcSubs.dll (61DF0000 - 61DF9000)
wups.dll (50640000 - 5064A000)
mlang.dll (75D50000 - 75DE1000)
xmlprovi.dll (4CBD0000 - 4CBE0000)
srclient.dll (5C480000 - 5C493000)
framedyn.dll (697B0000 - 697E0000)

PID 904 - C:\WINDOWS\system32\svchost.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
msvcrt.dll (77BE0000 - 77C38000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
MSCTF.dll (746B0000 - 746FC000)
MSUTB.dll (60060000 - 60093000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
ole32.dll (774B0000 - 775ED000)
OLEAUT32.dll (770F0000 - 7717B000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
msctfime.ime (752E0000 - 7530E000)

PID 1000 - C:\WINDOWS\System32\alg.exe

ntdll.dll (7C910000 - 7C9C8000)
The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff:
Address New-Original
7C9263C3: E9 - 68
7C9263C4: 28 - 6C
7C9263C5: B0 - 02
7C9263C6: AD - 00
7C9263C7: 83 - 00
--> JMP DWORD PTR DS:[004013F0]
Patched by C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe+0xFFC00000

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe+0xFFC00000:
Base address: 00400000
Size: 000E0000
Flags: 00005000
Load count: 65535
Name: Firefox
Prod. Version: 3.6b4
Company: Mozilla Corporation
File Version: 1.9.2b4
Description: Firefox
Location: C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
kernel32.dll (7C800000 - 7C901000)
xul.dll (10000000 - 10B32000)
sqlite3.dll (00280000 - 002F3000)
MOZCRT19.dll (78130000 - 781E0000)
msvcrt.dll (77BE0000 - 77C38000)
js3250.dll (00300000 - 003F8000)
nspr4.dll (004E0000 - 00509000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
WSOCK32.dll (71A50000 - 71A5A000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
WINMM.dll (76B00000 - 76B2E000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
smime3.dll (00510000 - 00528000)
nss3.dll (00530000 - 005CB000)
nssutil3.dll (005D0000 - 005E4000)
plc4.dll (005F0000 - 005F7000)
plds4.dll (00600000 - 00607000)
ssl3.dll (00610000 - 00630000)
SHELL32.dll (7C9D0000 - 7D1EE000)
SHLWAPI.dll (77E90000 - 77F06000)
ole32.dll (774B0000 - 775ED000)
VERSION.dll (77BD0000 - 77BD8000)
WINSPOOL.DRV (72F70000 - 72F96000)
COMDLG32.dll (76360000 - 763AA000)
COMCTL32.dll (773A0000 - 774A3000)
IMM32.dll (76340000 - 7635D000)
MSIMG32.dll (76330000 - 76335000)
USP10.dll (74D20000 - 74D8B000)
OLEAUT32.dll (770F0000 - 7717B000)
xpcom.dll (00630000 - 00637000)
uxtheme.dll (5B180000 - 5B1B8000)
dbghelp.dll (59E60000 - 59F01000)
MSCTF.dll (746B0000 - 746FC000)
SETUPAPI.dll (778F0000 - 779E7000)
msctfime.ime (752E0000 - 7530E000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
browserdirprovider.dll(01100000 - 01108000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
iphlpapi.dll (76D20000 - 76D39000)
netman.dll (77CD0000 - 77D03000)
MPRAPI.dll (76D00000 - 76D18000)
ACTIVEDS.dll (77C90000 - 77CC2000)
adsldpc.dll (76DD0000 - 76DF5000)
NETAPI32.dll (5BC70000 - 5BCC5000)
WLDAP32.dll (76F20000 - 76F4D000)
ATL.DLL (76AE0000 - 76AF1000)
rtutils.dll (76E40000 - 76E4E000)
SAMLIB.dll (71B80000 - 71B93000)
netshell.dll (763B0000 - 76558000)
credui.dll (76BC0000 - 76BEE000)
dot3api.dll (72960000 - 7296A000)
dot3dlg.dll (73640000 - 73646000)
OneX.DLL (5AD00000 - 5AD28000)
WTSAPI32.dll (76F10000 - 76F18000)
WINSTA.dll (76310000 - 76320000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
eappcfg.dll (71680000 - 716A2000)
MSVCP60.dll (76030000 - 76095000)
eappprxy.dll (73B40000 - 73B4E000)
RASAPI32.dll (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
WININET.dll (3F9D0000 - 3FAA1000)
Normaliz.dll (01320000 - 01329000)
iertutil.dll (40070000 - 400B5000)
WZCSAPI.DLL (72FA0000 - 72FB0000)
WZCSvc.DLL (7DB20000 - 7DBAC000)
WMI.dll (76CF0000 - 76CF4000)
DHCPCSVC.DLL (7D4C0000 - 7D4E2000)
DNSAPI.dll (76EE0000 - 76F07000)
EapolQec.dll (4CF40000 - 4CF4B000)
QUtil.dll (745C0000 - 745D6000)
ESENT.dll (5E270000 - 5E37F000)
t2embed.dll (73C50000 - 73C71000)
LZ32.dll (73D30000 - 73D33000)
brwsrcmp.dll (02160000 - 02184000)
winrnr.dll (76F70000 - 76F78000)
NTMARTA.DLL (77660000 - 77681000)
xpsp2res.dll (05600000 - 058D5000)
shdocvw.dll (7E210000 - 7E381000)
CRYPTUI.dll (76890000 - 76913000)
WINTRUST.dll (76BF0000 - 76C1E000)
IMAGEHLP.dll (76C50000 - 76C78000)
softokn3.dll (026C0000 - 026E6000)
nssdbm3.dll (02E40000 - 02E58000)
freebl3.dll (02E60000 - 02EA1000)
nssckbi.dll (02EB0000 - 02EFC000)
mscms.dll (73AA0000 - 73AB5000)
rasadhlp.dll (76F80000 - 76F86000)
wdmaud.drv (72C90000 - 72C99000)
msacm32.drv (72C80000 - 72C88000)
MSACM32.dll (77BB0000 - 77BC5000)
midimap.dll (77BA0000 - 77BA7000)
NPSWF32.dll (09000000 - 09495000)
urlmon.dll (45010000 - 45138000)
mlang.dll (75D50000 - 75DE1000)
schannel.dll (767B0000 - 767D8000)
USERENV.dll (76980000 - 76A35000)
appHelp.dll (77B10000 - 77B32000)
cscui.dll (779F0000 - 77A45000)
CSCDLL.dll (765B0000 - 765CD000)
browseui.dll (75F30000 - 7602D000)
ntshrui.dll (76950000 - 76976000)
LINKINFO.dll (76940000 - 76948000)

PID 1032 - C:\Documents and Settings\Pier Luigi\Desktop\radix_installer\radixgui.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
USER32.dll (7E390000 - 7E421000)
GDI32.dll (77E40000 - 77E89000)
comdlg32.dll (76360000 - 763AA000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
COMCTL32.dll (5D4D0000 - 5D56A000)
SHELL32.dll (7C9D0000 - 7D1EE000)
msvcrt.dll (77BE0000 - 77C38000)
SHLWAPI.dll (77E90000 - 77F06000)
ole32.dll (774B0000 - 775ED000)
VERSION.dll (77BD0000 - 77BD8000)
dbghelp.dll (59E60000 - 59F01000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
wintrust.dll (76BF0000 - 76C1E000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
IMAGEHLP.dll (76C50000 - 76C78000)
NTMARTA.DLL (77660000 - 77681000)
SAMLIB.dll (71B80000 - 71B93000)
WLDAP32.dll (76F20000 - 76F4D000)
uxtheme.dll (5B180000 - 5B1B8000)
MSCTF.dll (746B0000 - 746FC000)
msctfime.ime (752E0000 - 7530E000)
OLEAUT32.DLL (770F0000 - 7717B000)
xpsp2res.dll (012F0000 - 015C5000)
rsaenh.dll (68000000 - 68036000)
userenv.dll (76980000 - 76A35000)
netapi32.dll (5BC70000 - 5BCC5000)
cryptnet.dll (76590000 - 765A3000)
PSAPI.DLL (76BB0000 - 76BBB000)
SensApi.dll (72240000 - 72245000)
WINHTTP.dll (4D530000 - 4D589000)
ws2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
mswsock.dll (719D0000 - 71A10000)
hnetcfg.dll (66750000 - 667A8000)
wshtcpip.dll (71A10000 - 71A18000)
RASAPI32.DLL (76EA0000 - 76EDC000)
rasman.dll (76E50000 - 76E62000)
TAPI32.dll (76E70000 - 76E9F000)
rtutils.dll (76E40000 - 76E4E000)
WINMM.dll (76B00000 - 76B2E000)
DNSAPI.dll (76EE0000 - 76F07000)
rasadhlp.dll (76F80000 - 76F86000)
Cabinet.dll (750E0000 - 750F3000)
appHelp.dll (77B10000 - 77B32000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
SETUPAPI.dll (778F0000 - 779E7000)
ntshrui.dll (76950000 - 76976000)
ATL.DLL (76AE0000 - 76AF1000)
LINKINFO.dll (76940000 - 76948000)
MPR.dll (71AA0000 - 71AB2000)
drprov.dll (75F10000 - 75F17000)
ntlanman.dll (71BA0000 - 71BAE000)
NETUI0.dll (71C60000 - 71C77000)
NETUI1.dll (71C20000 - 71C60000)
NETRAP.dll (71C10000 - 71C17000)
davclnt.dll (75F20000 - 75F2A000)
MSGINA.dll (75920000 - 75A19000)
ODBC32.dll (745E0000 - 7461D000)
WINSTA.dll (76310000 - 76320000)
odbcint.dll (1F840000 - 1F858000)

PID 3528 - C:\WINDOWS\system32\wuauclt.exe

ntdll.dll (7C910000 - 7C9C8000)
kernel32.dll (7C800000 - 7C901000)
msvcrt.dll (77BE0000 - 77C38000)
ole32.dll (774B0000 - 775ED000)
ADVAPI32.dll (77F40000 - 77FEB000)
RPCRT4.dll (77DA0000 - 77E32000)
Secur32.dll (77F10000 - 77F21000)
GDI32.dll (77E40000 - 77E89000)
USER32.dll (7E390000 - 7E421000)
OLEAUT32.dll (770F0000 - 7717B000)
SHLWAPI.dll (77E90000 - 77F06000)
ShimEng.dll (5CF90000 - 5CFB6000)
AcGenral.DLL (596B0000 - 5987A000)
WINMM.dll (76B00000 - 76B2E000)
MSACM32.dll (77BB0000 - 77BC5000)
VERSION.dll (77BD0000 - 77BD8000)
SHELL32.dll (7C9D0000 - 7D1EE000)
USERENV.dll (76980000 - 76A35000)
UxTheme.dll (5B180000 - 5B1B8000)
IMM32.DLL (76340000 - 7635D000)
comctl32.dll (773A0000 - 774A3000)
wuaueng.dll (50040000 - 50219000)
WS2_32.dll (71A30000 - 71A47000)
WS2HELP.dll (71A20000 - 71A28000)
ESENT.dll (5E270000 - 5E37F000)
WTSAPI32.dll (76F10000 - 76F18000)
WINSTA.dll (76310000 - 76320000)
NETAPI32.dll (5BC70000 - 5BCC5000)
WINSPOOL.DRV (72F70000 - 72F96000)
IPHLPAPI.DLL (76D20000 - 76D39000)
WINHTTP.dll (4D530000 - 4D589000)
WINTRUST.dll (76BF0000 - 76C1E000)
CRYPT32.dll (77A50000 - 77AE6000)
MSASN1.dll (77AF0000 - 77B02000)
IMAGEHLP.dll (76C50000 - 76C78000)
Cabinet.dll (750E0000 - 750F3000)
mspatcha.dll (604F0000 - 604FB000)
xpsp2res.dll (00BB0000 - 00E85000)
CLBCATQ.DLL (76F90000 - 7700F000)
COMRes.dll (77010000 - 770E2000)
wups2.dll (50F00000 - 50F0D000)
---- Check ended at 2.12.2009 21:38:21 ----

Torna in alto

r16

Inviato: Wednesday, December 02, 2009 10:49:11 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scusa icollaboratore , ma sarebbe quella sfilza, i cosidetti "file sospetti"?
Posta il log di Combofix.

Torna in alto

icollaboratore

Inviato: Wednesday, December 02, 2009 11:16:32 PM

Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50

in realtà me ne segnava 3 "to fix" ma il log era evidentemente piu' lungo...
ecco Combo:

ComboFix 09-12-02.05 - Pier Luigi 02/12/2009 22.54.25.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.478.200 [GMT 1:00]
Eseguito da: c:\documents and settings\Pier Luigi\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-11-02 al 2009-12-02 )))))))))))))))))))))))))))))))))))
.

2009-11-29 13:31 . 2009-11-29 13:31 2 --shatr- c:\windows\winstart.bat
2009-11-29 13:30 . 2009-11-29 23:05 -------- d-----w- c:\programmi\UnHackMe
2009-11-29 03:09 . 2009-11-29 03:09 128352 ----a-w- c:\windows\system32\20c2F.dll
2009-11-29 03:09 . 2009-11-29 03:09 54624 ----a-w- c:\windows\system32\20c2F.sys
2009-11-29 03:03 . 2009-11-29 03:03 128352 ----a-w- c:\windows\system32\6422B.dll
2009-11-28 15:50 . 2009-11-28 15:50 54624 ----a-w- c:\windows\system32\9a42.sys
2009-11-28 13:20 . 2009-11-28 13:20 54624 ----a-w- c:\windows\system32\1ed4.sys
2009-11-28 12:39 . 2009-11-28 12:39 54624 ----a-w- c:\windows\system32\6c62.sys
2009-11-28 12:26 . 2009-11-28 12:26 54624 ----a-w- c:\windows\system32\ce72.sys
2009-11-28 12:11 . 2009-11-28 12:11 -------- d-----w- c:\documents and settings\Pier Luigi\log
2009-11-28 12:11 . 2009-11-28 12:11 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-28 11:31 . 2009-11-28 11:31 -------- d-----w- c:\programmi\Sophos
2009-11-27 21:09 . 2009-09-24 12:16 3779072 ----a-w- c:\documents and settings\Pier Luigi\PScanner.exe
2009-11-26 22:27 . 2009-11-26 22:27 -------- d-----w- c:\programmi\Unlocker
2009-11-21 12:33 . 2009-11-21 12:33 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-11-21 12:16 . 2009-07-28 15:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 12:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 12:16 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-21 12:16 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-21 12:16 . 2009-11-21 12:16 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-11-21 12:16 . 2009-11-21 12:16 -------- d-----w- c:\programmi\Avira
2009-11-20 23:41 . 2009-11-20 23:41 -------- d-----w- c:\programmi\CCleaner
2009-11-20 23:20 . 2009-11-20 23:20 -------- d-----w- c:\programmi\Trend Micro
2009-11-20 18:46 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-20 18:46 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-20 18:46 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-20 18:46 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-20 18:46 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-20 18:46 . 2009-11-20 18:46 -------- d-----w- c:\programmi\Trojan Remover
2009-11-20 18:46 . 2009-11-20 18:46 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2009-11-20 18:46 . 2009-11-20 18:46 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Simply Super Software
2009-11-19 21:55 . 2009-11-27 21:46 -------- dc----w- C:\PScanner Backup
2009-11-18 22:34 . 2009-11-22 16:19 31490080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-18 20:26 . 2009-11-18 20:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-18 20:26 . 2009-11-18 20:26 -------- dcsh--w- c:\documents and settings\Administrator.ZE4944EA\IETldCache
2009-11-18 02:01 . 2009-11-18 02:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-17 23:48 . 2009-11-17 23:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 23:03 . 2009-11-15 23:03 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-11-15 22:21 . 2009-11-15 22:21 -------- d-----w- c:\windows\ERUNT
2009-11-13 21:11 . 2009-11-13 21:11 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\IObit
2009-11-12 21:13 . 2009-11-21 17:25 -------- d-----w- c:\documents and settings\Pier Luigi\DoctorWeb
2009-11-10 23:28 . 2009-11-10 23:28 247280 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
2009-11-10 21:21 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\QuickScan
2009-11-10 21:20 . 2009-10-29 14:39 679936 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-10 21:20 . 2009-10-29 14:39 614400 ----a-w- c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-10 19:54 . 2009-11-21 07:40 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-10 19:54 . 2009-11-21 07:40 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-10 19:19 . 2009-11-10 19:19 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Malwarebytes
2009-11-10 19:19 . 2009-11-10 19:19 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-09 22:25 . 2009-11-09 22:25 -------- dc----w- c:\documents and settings\Administrator\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 23:01 . 2009-11-29 23:01 54624 ----a-w- c:\windows\system32\2fd63.sys
2009-11-29 17:12 . 2009-11-29 17:12 54624 ----a-w- c:\windows\system32\64f8.sys
2009-11-29 16:38 . 2009-11-29 16:38 54624 ----a-w- c:\windows\system32\5332.sys
2009-11-29 16:32 . 2009-11-29 16:32 54624 ----a-w- c:\windows\system32\6f36.sys
2009-11-29 13:59 . 2008-03-03 14:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-28 23:34 . 2009-11-01 20:27 -------- d-----w- c:\programmi\Mozilla Firefox 3.6 Beta 1
2009-11-22 16:19 . 2009-11-18 22:34 371144 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 16:10 . 2009-11-22 16:10 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}
2009-11-21 07:37 . 2007-12-31 09:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-11-15 10:32 . 2007-12-31 11:15 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\Skype
2009-11-15 10:09 . 2003-04-08 19:00 93834 ----a-w- c:\windows\system32\perfc010.dat
2009-11-15 10:09 . 2003-04-08 19:00 515758 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 21:57 . 2009-04-28 19:36 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 (Release candidate)
2009-11-07 08:31 . 2007-12-31 16:19 -------- d-----w- c:\programmi\SpywareBlaster
2009-11-02 19:42 . 2009-09-30 21:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 23:26 . 2008-01-05 02:27 64944 -c--a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-28 10:05 . 2009-11-22 16:10 2844902 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\vnlt6512.exe
2009-10-28 09:39 . 2009-11-22 16:10 344064 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\AFF7236A\76AC2E42\Scan.dll
2009-10-27 17:58 . 2009-11-22 16:10 274432 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\26308C9E\76AC2E42\MONLITE.exe
2009-10-25 13:14 . 2007-12-31 12:56 -------- d-----w- c:\documents and settings\Pier Luigi\Dati applicazioni\skypePM
2009-10-22 17:17 . 2009-11-22 16:10 733184 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\A8179945\76AC2E42\viritexp.exe
2009-10-21 09:37 . 2009-11-22 16:10 69632 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-10-18 09:15 . 2009-11-22 16:10 118784 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\7F97E250\76AC2E42\viritupg.dll
2009-10-15 14:31 . 2009-11-22 16:10 44288 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-10-15 14:31 . 2009-11-22 16:10 44288 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{0A28EA8B-8711-4F9F-8EE2-8ED92C986459}\OFFLINE\85F7294B\76AC2E42\VIRAGTLT.sys
2009-10-15 14:31 . 2009-10-15 14:31 44288 --s---w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-10-14 22:15 . 2007-12-31 11:40 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-08 19:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-08 19:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-11 14:17 . 2003-04-08 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-04-08 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2003-04-08 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2003-04-08 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2003-04-08 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ815485$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2003-04-08 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CC41F9D29EDD55037A4C26E70C175528 . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . F683B6ED87C7DCE1FB51A7D113DE0346 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 1A2A2A1AB10CF25ABF99CC79909C2DB5 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . A5BC1A3B9F42ED4AB65804CEC4A7F69C . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:40 . 659C04BB6086E480966FFD0D44F1CC4D . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-19 14:39 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 6D9421A648F26B8640C63D0F8F2B7D48 . 1030144 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . EB1428078E1D10FDEC060857AA526A9F . 1028608 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 763EA08993B467A3AF048EF185B1F805 . 2185856 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5EC517CC0865808DF80D2184B0131D27 . 2184064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 84E6643DB22C06128576AFBF89DFEE70 . 2183040 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . FAD73705BED0910E910DE852B0F8AEBC . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2003-04-08 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2003-04-08 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2003-04-08 19:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-19 14:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-19 14:39 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . F89D8E24FBE047506D60B850D00BDEE3 . 2063104 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 49BAEA1D9379DF8CD897AFF9F49BC9DE . 2061312 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 8F485CF9683F1220BA27D10281052FCE . 2060544 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-19 14:39 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5BD44542E87E1343E8D69EB95DF7685D . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 66A6CC644A3453E2C912CF5DFFE9F2DC . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-29_16.09.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-30 22:17 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
- 2007-12-30 22:17 . 2009-05-12 13:12 26144 c:\windows\system32\spupdsvc.exe
+ 2007-12-31 09:04 . 2009-01-07 17:21 18464 c:\windows\system32\spmsg.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
- 2003-04-08 19:00 . 2007-08-13 17:01 48128 c:\windows\system32\mshtmler.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
- 2003-04-08 19:00 . 2007-08-13 17:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 17:36 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 17:54 . 2009-08-29 07:56 55296 c:\windows\system32\msfeedsbs.dll
+ 2003-04-08 19:00 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 25600 c:\windows\system32\jsproxy.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2007-08-13 17:36 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2007-12-30 23:16 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2003-04-08 19:00 . 2007-08-13 17:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-12-30 23:16 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 17:32 . 2007-08-13 17:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 17:32 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-12-30 23:58 . 2009-08-29 07:56 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2003-04-08 19:00 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:36 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2007-12-30 23:58 . 2008-06-23 09:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-12-30 23:58 . 2009-08-28 10:30 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2003-04-08 19:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-12-30 23:58 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-12-30 15:32 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-08-29 07:26 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2009-12-02 21:36 . 2009-05-26 11:41 18808 c:\windows\ie8updates\KB975364-IE8\spmsg.dll
+ 2009-12-02 21:36 . 2009-05-26 11:41 26488 c:\windows\ie8updates\KB975364-IE8\spcustom.dll
+ 2009-12-02 21:33 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-12-02 21:33 . 2008-07-08 13:06 18808 c:\windows\ie8updates\KB974455-IE8\spmsg.dll
+ 2009-12-02 21:33 . 2008-07-08 13:06 26488 c:\windows\ie8updates\KB974455-IE8\spcustom.dll
+ 2009-12-02 21:33 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-12-02 21:33 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-12-02 21:28 . 2009-03-08 19:34 58448 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 44544 c:\windows\ie8\pngfilt.dll
+ 2009-12-02 21:20 . 2007-08-13 17:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-12-02 21:20 . 2007-08-13 17:32 45568 c:\windows\ie8\mshta.exe
+ 2009-12-02 21:21 . 2007-08-13 17:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-12-02 21:20 . 2009-08-29 07:26 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-12-02 21:20 . 2007-08-13 17:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 27648 c:\windows\ie8\jsproxy.dll
+ 2009-12-02 21:20 . 2007-08-13 17:39 92672 c:\windows\ie8\inseng.dll
+ 2009-12-02 21:20 . 2007-08-13 17:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-12-02 21:20 . 2007-08-13 17:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 44544 c:\windows\ie8\iernonce.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 78336 c:\windows\ie8\ieencode.dll
+ 2009-12-02 21:20 . 2009-08-28 10:30 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-12-02 21:20 . 2009-08-29 07:26 63488 c:\windows\ie8\icardie.dll
+ 2009-12-02 21:20 . 2007-08-13 17:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 17408 c:\windows\ie8\corpol.dll
+ 2009-12-02 21:20 . 2007-08-13 17:39 71680 c:\windows\ie8\admparse.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-11-29 23:01 . 2008-06-23 09:20 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-11-29 23:01 . 2008-06-23 16:15 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-11-29 23:01 . 2008-04-14 02:13 81920 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-11-29 23:01 . 2008-06-23 09:22 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-11-29 23:01 . 2008-06-23 16:15 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-11-29 23:01 . 2008-04-14 02:13 35328 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-12-02 21:36 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 916480 c:\windows\system32\wininet.dll
+ 2007-08-13 17:45 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2003-04-08 19:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
- 2003-04-08 19:00 . 2008-06-23 16:15 105984 c:\windows\system32\url.dll
+ 2003-04-08 19:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 206848 c:\windows\system32\occache.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2003-04-08 19:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
- 2003-04-08 19:00 . 2007-08-13 17:54 156160 c:\windows\system32\msls31.dll
+ 2003-04-08 19:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 17:54 . 2009-08-29 07:56 594432 c:\windows\system32\msfeeds.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-13 17:54 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 184320 c:\windows\system32\iepeers.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2003-04-08 19:00 . 2009-08-28 10:37 173056 c:\windows\system32\ie4uinit.exe
+ 2007-12-30 22:24 . 2009-08-29 07:26 133120 c:\windows\system32\extmgr.dll
- 2007-12-30 22:24 . 2008-06-23 16:15 133120 c:\windows\system32\extmgr.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2003-04-08 19:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2007-12-30 23:16 . 2009-08-29 07:56 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 17:54 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-12-30 15:32 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 17:44 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 17:44 . 2008-06-23 16:15 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 17:21 . 2009-01-07 17:21 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 17:44 . 2009-08-29 07:56 206848 c:\windows\system32\dllcache\occache.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2003-04-08 19:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2003-04-08 19:00 . 2007-08-13 17:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2003-04-08 19:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-12-30 23:58 . 2009-08-29 07:56 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 17:43 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2007-12-30 23:16 . 2009-08-29 07:56 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:39 . 2009-08-29 07:56 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-12-30 23:58 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2003-04-08 19:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 17:39 . 2009-08-28 10:37 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-12-30 23:16 . 2008-06-23 16:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-12-30 23:16 . 2009-08-29 07:26 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-12-30 23:16 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-12-30 23:16 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:39 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2003-04-08 19:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-12-02 21:36 . 2009-05-26 11:41 402296 c:\windows\ie8updates\KB975364-IE8\updspapi.dll
+ 2009-12-02 21:36 . 2009-05-26 11:41 763768 c:\windows\ie8updates\KB975364-IE8\update.exe
+ 2009-12-02 21:36 . 2009-05-26 11:41 402296 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
+ 2009-12-02 21:36 . 2009-05-26 11:41 233848 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
+ 2009-12-02 21:36 . 2009-05-26 11:41 233848 c:\windows\ie8updates\KB975364-IE8\spuninst.exe
+ 2009-12-02 21:33 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-12-02 21:33 . 2009-05-26 11:41 402296 c:\windows\ie8updates\KB974455-IE8\updspapi.dll
+ 2009-12-02 21:33 . 2009-05-26 11:41 763768 c:\windows\ie8updates\KB974455-IE8\update.exe
+ 2009-12-02 21:33 . 2009-05-26 11:41 402296 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-12-02 21:33 . 2008-07-08 13:06 233848 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-12-02 21:33 . 2008-07-08 13:06 233848 c:\windows\ie8updates\KB974455-IE8\spuninst.exe
+ 2009-12-02 21:33 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-12-02 21:33 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-12-02 21:33 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-12-02 21:33 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-12-02 21:33 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-12-02 21:33 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-12-02 21:21 . 2009-08-29 07:26 832512 c:\windows\ie8\wininet.dll
+ 2009-12-02 21:21 . 2007-08-13 17:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-12-02 21:21 . 2009-08-29 07:26 233472 c:\windows\ie8\webcheck.dll
+ 2009-12-02 21:21 . 2007-07-12 23:30 765952 c:\windows\ie8\vgx.dll
+ 2009-12-02 21:21 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 105984 c:\windows\ie8\url.dll
+ 2009-12-02 21:28 . 2009-01-07 17:21 401952 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-12-02 21:28 . 2009-01-07 17:21 234016 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-12-02 21:20 . 2006-09-06 16:43 215776 c:\windows\ie8\spuninst.exe
+ 2009-12-02 21:20 . 2009-08-29 07:26 102912 c:\windows\ie8\occache.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 671232 c:\windows\ie8\mstime.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 193024 c:\windows\ie8\msrating.dll
+ 2009-12-02 21:20 . 2007-08-13 17:54 156160 c:\windows\ie8\msls31.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 477696 c:\windows\ie8\mshtmled.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 459264 c:\windows\ie8\msfeeds.dll
+ 2009-12-02 21:20 . 2009-08-13 15:15 512000 c:\windows\ie8\jscript.dll
+ 2009-12-02 21:20 . 2009-08-27 05:18 634648 c:\windows\ie8\iexplore.exe
+ 2009-12-02 21:21 . 2007-08-13 17:54 180736 c:\windows\ie8\ieui.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 268288 c:\windows\ie8\iertutil.dll
+ 2009-12-02 21:21 . 2007-08-13 17:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-12-02 21:20 . 2007-08-13 17:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-12-02 21:20 . 2009-08-27 05:18 161792 c:\windows\ie8\ieakui.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 230400 c:\windows\ie8\ieaksie.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 153088 c:\windows\ie8\ieakeng.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 214528 c:\windows\ie8\dxtrans.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 124928 c:\windows\ie8\advpack.dll
+ 2009-12-02 20:59 . 2009-05-26 11:41 402296 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-12-02 20:59 . 2009-05-26 11:41 233848 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-11-29 23:01 . 2008-06-23 16:15 826368 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-11-29 23:01 . 2009-05-26 11:41 402296 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-11-29 23:01 . 2009-05-26 11:41 233848 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-11-29 23:01 . 2008-06-23 16:15 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-11-29 23:01 . 2008-06-23 09:22 625664 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-11-29 23:01 . 2008-06-23 16:15 267776 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 384512 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-11-29 23:01 . 2008-06-21 05:23 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 1208832 c:\windows\system32\urlmon.dll
+ 2003-04-08 19:00 . 2009-08-29 07:56 5940224 c:\windows\system32\mshtml.dll
+ 2007-08-13 17:34 . 2009-08-29 07:56 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 15:10 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2007-12-30 23:16 . 2009-08-29 07:56 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 17:21 . 2009-01-07 17:21 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-12-30 23:16 . 2009-08-29 07:56 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2007-12-30 23:58 . 2009-08-29 07:56 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-12-30 23:58 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 17:21 . 2009-01-07 17:21 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-12-02 21:33 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-12-02 21:33 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-12-02 21:33 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 1168384 c:\windows\ie8\urlmon.dll
+ 2009-12-02 21:20 . 2009-10-21 04:06 3598336 c:\windows\ie8\mshtml.dll
+ 2009-12-02 21:20 . 2009-08-29 07:26 6067200 c:\windows\ie8\ieframe.dll
+ 2009-12-02 21:20 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-12-02 20:59 . 2009-08-29 07:26 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-11-29 23:01 . 2008-06-24 08:15 3592192 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-11-29 23:01 . 2008-06-23 16:15 6066176 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-11-29 23:01 . 2007-07-01 03:31 2455488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat
+ 2007-08-13 17:54 . 2009-08-29 07:56 11069440 c:\windows\system32\ieframe.dll
+ 2007-12-30 23:58 . 2009-08-29 07:56 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-02 21:33 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98b0686fb44c0"=2 (0x2)
"ERSvc"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SwPrv"=3 (0x3)
"dmadmin"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Pier Luigi\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [15/10/2009 15.31.26 44288]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\programmi\HWiNFO32\HWiNFO32.SYS [31/12/2007 12.33.38 8192]
S0 Lbd;Lbd; [x]
S3 2fd63;2fd63;c:\windows\system32\2fd63.sys [30/11/2009 0.01.57 54624]
S3 5332;5332;c:\windows\system32\5332.sys [29/11/2009 17.38.14 54624]
S3 64f8;64f8;c:\windows\system32\64f8.sys [29/11/2009 18.12.52 54624]
S3 6f36;6f36;c:\windows\system32\6f36.sys [29/11/2009 17.32.03 54624]
S3 d8a7;d8a7;\??\c:\windows\system32\d8a7.sys --> c:\windows\system32\d8a7.sys [?]
S3 f2b4;f2b4;\??\c:\windows\system32\f2b4.sys --> c:\windows\system32\f2b4.sys [?]
S3 f2eA;f2eA;\??\c:\windows\system32\f2eA.sys --> c:\windows\system32\f2eA.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/08/2009 16.10.04 7680]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 utm1nzm4;AVZ Kernel Driver; [x]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [07/08/2009 16.11.23 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07/08/2009 16.11.05 104960]
S4 gupdate1c98b0686fb44c0;Google Update Service (gupdate1c98b0686fb44c0); [x]
S4 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [21/10/2009 10.37.16 69632]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fastweb.it\wmail
FF - ProfilePath - c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\Firefox\Profiles\9fve3s0w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Pier Luigi\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - F:\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-02 23:01
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\docume~1\PIERLU~1\IMPOST~1\Temp\SDT12.tmp\Internet Explorer
c:\docume~1\PIERLU~1\IMPOST~1\Temp\SDT12.tmp\Internet Explorer\Quick Launch
c:\docume~1\PIERLU~1\IMPOST~1\Temp\SDT12.tmp\Credentials
c:\docume~1\PIERLU~1\IMPOST~1\Temp\SDT12.tmp\Credentials\S-1-5-21-790525478-764733703-854245398-1004

Scansione completata con successo
Files nascosti: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-790525478-764733703-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-12-02 23:07
ComboFix-quarantined-files.txt 2009-12-02 22:07
ComboFix2.txt 2009-11-29 22:38
ComboFix3.txt 2009-11-29 16:17

Pre-Run: 18.892.283.904 byte disponibili
Post-Run: 18.890.186.752 byte disponibili

- - End Of File - - 67D5B397E10CF6D8B7DD0DE90C021C61

Torna in alto

r16

Inviato: Thursday, December 03, 2009 12:02:21 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

- scaricati Registry Search Tool lo trovi più o meno a metà pagina.
http://www.billsway.com/vbspage/

- estrai il contenuto del file .zip sul desktop (RegSrch.vbs)

- esegui il file RegSrch.vbs ed inserisci questa stringa

{3B177BCE-B599-4ABD-BECE-B57EE18187FA}

- attendi il responso (file .txt) per alcuni secondi

- copia qui tutto il testo

Vorrei (se non ti dispiace) eliminare quella valanga di software inutili che ci sono in quel pc.
Esempio:
Partizan
UnHackMe
Sophos
Unlocker
Trojan Remover
DoctorWeb
Virit
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.

Torna in alto

icollaboratore

Inviato: Thursday, December 03, 2009 10:36:49 PM

Rank: AiutAmico

Iscritto dal : 5/19/2007
Posts: 50

Ciao,
ho fatto la scansione che mi hai indicato. Non è comparso alcun log. Dice solo che non ha trovato quella directory. Quanto ai programmi li eliminerò.
Ah, su Cambia/rimuovi programmi, mi appare microsoft essentials (che già avevo eliminato) ma senza il bottone per la disinstallazione.

Torna in alto

r16

Inviato: Thursday, December 03, 2009 11:19:22 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Scarica questo:
http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe
Finita l'installazione, lancialo da "Tutti Programmi".
Nella finestra che si apre, scorri il menù a tendina, e controlla se vedi delle voci relative a microsoft essentials (controlla bene)
Se le vedi, le selezioni, e poi clicca su "Remove".

Torna in alto

Utenti presenti in questo topic

Guest

3 pages: 1 2 [3]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus/2

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded