ciao,non riesco a fare la procedura che mi hai descritto,comunque ecco il report di systemscan
SystemScan -
www.suspectfile.com - ver. 3.6.2 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\vincenzo\Desktop\sys88607.exe
Running in: User mode
Date: 29/10/2009
Time: 0.02.31
Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log
===================== ACCOUNTS ON THIS PC =====================
Users on this computer:
Is Admin? | Username
Yes | Administrator
| ASPNET
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)
Yes | vincenzo
### users folders
03/08/2009 13.41.47 (DIR) 0 byte 87 days old -- All Users
08/08/2009 14.53.37 (DIR) 0 byte 82 days old -- yfl
15/10/2009 10.25.26 (DIR) 0 byte 14 days old -- Default User
15/10/2009 10.39.10 (DIR) 0 byte 14 days old -- NetworkService
15/10/2009 10.54.35 (DIR) 0 byte 14 days old -- LocalService
28/10/2009 11.39.49 (DIR) 0 byte 1 days old -- vincenzo
### startup files in users folders
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\vincenzo\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
===================== RECENT FILES =====================
Listing files newer than 60 days
---- recent files in C:\
03/08/2009 15:24:04 -- 28/10/2009 23:58:51 (DIR) ---- 0 days old -- C:\WINDOWS
03/08/2009 15:29:36 -- 28/10/2009 23:49:10 (DIR) HS-- 0 days old -- C:\System Volume Information
03/08/2009 15:30:56 -- 28/10/2009 11:32:14 (DIR) --R- 0 days old -- C:\Programmi
15/10/2009 23:10:46 -- 15/10/2009 23:10:46 (DIR) ---- 13 days old -- C:\RECYCLER
03/08/2009 15:29:36 -- 13/09/2009 13:55:22 (DIR) ---- 45 days old -- C:\Documents and Settings
03/08/2009 15:24:03 -- 28/10/2009 23:23:002145386496 HS-A 0 days old -- C:\pagefile.sys
28/10/2009 13:30:38 -- 28/10/2009 13:30:38 21088 ---A 0 days old -- C:\ComboFix.txt
---- recent files in C:\DOCUME~1\vincenzo\IMPOST~1\Temp\
29/10/2009 00:01:41 -- 29/10/2009 00:02:31 (DIR) ---- 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp
28/10/2009 23:26:02 -- 28/10/2009 23:26:02 (DIR) ---- 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\WPDNSE
23/09/2009 15:29:37 -- 28/10/2009 23:25:22 (DIR) H--- 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\NGLATempNokia
29/10/2009 00:01:41 -- 29/10/2009 00:01:41 55 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\systemscan.ini
29/10/2009 00:01:41 -- 29/10/2009 00:01:41 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\~DF7A7.tmp
28/10/2009 23:27:31 -- 28/10/2009 23:27:31 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\Perflib_Perfdata_cbc.dat
28/10/2009 23:27:30 -- 28/10/2009 23:27:30 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\Perflib_Perfdata_cc8.dat
28/10/2009 23:25:59 -- 28/10/2009 23:25:59 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\Perflib_Perfdata_2a0.dat
23/09/2009 15:29:13 -- 28/10/2009 23:25:46 9498 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\NGLALog.txt
28/10/2009 23:24:35 -- 03/08/2009 14:11:26 24613 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
---- recent files in C:\WINDOWS\
13/09/2009 22:35:31 -- 28/10/2009 23:49:08 (DIR) ---- 0 days old -- C:\WINDOWS\ERDNT
28/10/2009 13:30:41 -- 28/10/2009 23:43:24 (DIR) ---- 0 days old -- C:\WINDOWS\temp
26/10/2009 12:41:05 -- 28/10/2009 23:28:07 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch
03/08/2009 13:40:19 -- 28/10/2009 23:26:25 (DIR) -S-- 0 days old -- C:\WINDOWS\Tasks
03/08/2009 15:24:04 -- 28/10/2009 13:14:21 (DIR) ---- 0 days old -- C:\WINDOWS\system32
03/08/2009 15:24:04 -- 28/10/2009 13:14:21 (DIR) ---- 0 days old -- C:\WINDOWS\AppPatch
03/08/2009 15:31:01 -- 28/10/2009 11:32:22 (DIR) HS-- 0 days old -- C:\WINDOWS\Installer
26/10/2009 12:38:37 -- 27/10/2009 10:02:08 (DIR) ---- 1 days old -- C:\WINDOWS\SoftwareDistribution
03/08/2009 13:41:36 -- 26/10/2009 12:41:04 (DIR) -S-- 2 days old -- C:\WINDOWS\Downloaded Program Files
03/08/2009 13:52:12 -- 18/10/2009 13:54:55 (DIR) -SR- 10 days old -- C:\WINDOWS\assembly
03/08/2009 13:52:12 -- 18/10/2009 13:52:32 (DIR) ---- 10 days old -- C:\WINDOWS\Microsoft.NET
03/08/2009 15:24:04 -- 17/10/2009 17:08:15 (DIR) ---- 11 days old -- C:\WINDOWS\Debug
03/08/2009 15:24:04 -- 16/10/2009 17:02:42 (DIR) ---- 12 days old -- C:\WINDOWS\WinSxS
03/08/2009 15:24:04 -- 16/10/2009 17:00:45 (DIR) H--- 12 days old -- C:\WINDOWS\inf
03/08/2009 14:58:46 -- 16/10/2009 17:00:22 (DIR) H--- 12 days old -- C:\WINDOWS\$hf_mig$
16/10/2009 17:00:18 -- 16/10/2009 17:00:18 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB958869$
16/10/2009 16:57:40 -- 16/10/2009 16:57:41 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB969059$
16/10/2009 16:57:17 -- 16/10/2009 16:57:19 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB954155_WM9$
16/10/2009 16:57:12 -- 16/10/2009 16:57:13 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB974112$
16/10/2009 16:57:05 -- 16/10/2009 16:57:07 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB975025$
16/10/2009 16:56:58 -- 16/10/2009 16:56:59 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB974571$
16/10/2009 16:55:49 -- 16/10/2009 16:55:50 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB971486$
16/10/2009 16:55:40 -- 16/10/2009 16:55:41 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB973525$
16/10/2009 16:55:32 -- 16/10/2009 16:55:33 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB975467$
03/08/2009 17:44:05 -- 13/10/2009 22:56:41 (DIR) ---- 15 days old -- C:\WINDOWS\network diagnostic
03/08/2009 15:24:04 -- 10/10/2009 13:28:48 (DIR) ---- 18 days old -- C:\WINDOWS\Help
03/08/2009 14:44:49 -- 10/10/2009 13:28:46 (DIR) H--- 18 days old -- C:\WINDOWS\$NtUninstallwmp11$
03/08/2009 15:24:04 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\WINDOWS\security
03/08/2009 20:37:13 -- 08/10/2009 16:53:05 (DIR) ---- 20 days old -- C:\WINDOWS\VistaMizer
03/08/2009 15:24:04 -- 08/10/2009 16:53:05 (DIR) ---- 20 days old -- C:\WINDOWS\repair
23/09/2009 15:34:07 -- 23/09/2009 15:34:09 (DIR) H--- 35 days old -- C:\WINDOWS\$NtUninstallWudf01007$
20/09/2009 16:56:49 -- 20/09/2009 16:56:49 (DIR) H--- 38 days old -- C:\WINDOWS\$NtUninstallWdf01005$
18/09/2009 21:59:00 -- 18/09/2009 21:59:00 (DIR) H--- 40 days old -- C:\WINDOWS\$NtUninstallWdf01007$
06/08/2009 21:23:34 -- 08/09/2009 20:51:10 (DIR) ---- 50 days old -- C:\WINDOWS\Motive
08/09/2009 20:39:39 -- 08/09/2009 20:39:41 (DIR) H--- 50 days old -- C:\WINDOWS\$NtUninstallKB968816_WM9$
08/09/2009 20:39:35 -- 08/09/2009 20:39:36 (DIR) H--- 50 days old -- C:\WINDOWS\$NtUninstallKB956844$
07/09/2009 13:16:07 -- 07/09/2009 13:16:08 (DIR) H--- 51 days old -- C:\WINDOWS\$NtUninstallKB968389$
28/10/2009 23:58:51 -- 28/10/2009 23:58:56 50 ---A 0 days old -- C:\WINDOWS\wiaservc.log
28/10/2009 23:58:51 -- 28/10/2009 23:58:51 0 ---A 0 days old -- C:\WINDOWS\Sti_Trace.log
28/10/2009 23:58:51 -- 28/10/2009 23:58:51 159 ---A 0 days old -- C:\WINDOWS\wiadebug.log
28/10/2009 13:03:04 -- 28/10/2009 23:26:35 984 ---A 0 days old -- C:\WINDOWS\setupapi.log
28/10/2009 13:01:55 -- 28/10/2009 23:25:46 0 ---A 0 days old -- C:\WINDOWS\0.log
03/08/2009 13:41:26 -- 28/10/2009 23:24:43 2060785 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log
03/08/2009 13:45:13 -- 28/10/2009 23:23:15 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat
03/08/2009 13:46:27 -- 28/10/2009 13:37:44 32544 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt
31/08/2001 15:00:00 -- 28/10/2009 13:23:31 227 ---A 0 days old -- C:\WINDOWS\system.ini
03/08/2009 14:01:47 -- 22/10/2009 13:51:42 11 ---A 6 days old -- C:\WINDOWS\SBWIN.INI
26/08/2009 15:32:08 -- 01/10/2009 22:17:35 65 ---A 27 days old -- C:\WINDOWS\FISHUI.INI
29/09/2009 22:42:08 -- 30/09/2009 13:28:38 975 H-RA 28 days old -- C:\WINDOWS\ctfile.rfc
29/09/2009 22:47:43 -- 06/10/2006 07:17:34 53248 ---- 29 days old -- C:\WINDOWS\Ctregrun.exe
29/09/2009 22:42:14 -- 12/09/2007 13:11:28 765952 ---A 29 days old -- C:\WINDOWS\OALInst.exe
29/09/2009 22:38:14 -- 29/09/2009 22:38:14 29 ---A 29 days old -- C:\WINDOWS\sfbm.INI
20/09/2009 16:57:29 -- 20/09/2009 18:24:46 4898 ---A 38 days old -- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
14/09/2009 21:56:25 -- 14/09/2009 21:56:25 0 ---A 44 days old -- C:\WINDOWS\nsreg.dat
---- recent files in C:\WINDOWS\system\
---- recent files in C:\WINDOWS\system32\
03/08/2009 13:39:54 -- 28/10/2009 23:49:10 (DIR) ---- 0 days old -- C:\WINDOWS\system32\Restore
03/08/2009 15:30:11 -- 28/10/2009 23:25:58 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2
03/08/2009 15:24:04 -- 28/10/2009 13:30:42 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers
03/08/2009 15:30:11 -- 26/10/2009 12:40:30 (DIR) ---- 2 days old -- C:\WINDOWS\system32\CatRoot
03/08/2009 15:24:04 -- 22/10/2009 13:54:11 (DIR) HSR- 6 days old -- C:\WINDOWS\system32\dllcache
03/08/2009 15:24:04 -- 08/10/2009 20:44:10 (DIR) ---- 20 days old -- C:\WINDOWS\system32\inetsrv
03/08/2009 13:37:50 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\WINDOWS\system32\MsDtc
03/08/2009 15:24:04 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\WINDOWS\system32\config
03/08/2009 14:10:44 -- 30/09/2009 13:27:34 (DIR) ---- 28 days old -- C:\WINDOWS\system32\ReinstallBackups
18/09/2009 21:57:25 -- 23/09/2009 15:22:12 (DIR) ---- 35 days old -- C:\WINDOWS\system32\DRVSTORE
04/09/2009 12:33:27 -- 04/09/2009 12:39:15 (DIR) ---- 54 days old -- C:\WINDOWS\system32\Adobe
03/08/2009 13:40:12 -- 04/09/2009 12:39:13 (DIR) ---- 54 days old -- C:\WINDOWS\system32\Macromed
03/08/2009 13:42:42 -- 26/10/2009 12:40:37 23392 ---A 2 days old -- C:\WINDOWS\system32\nscompat.tlb
03/08/2009 13:42:43 -- 26/10/2009 12:40:37 16832 ---A 2 days old -- C:\WINDOWS\system32\amcompat.tlb
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 489390 ---A 3 days old -- C:\WINDOWS\system32\perfh010.dat
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 71232 ---A 3 days old -- C:\WINDOWS\system32\perfc009.dat
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 441476 ---A 3 days old -- C:\WINDOWS\system32\perfh009.dat
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 84106 ---A 3 days old -- C:\WINDOWS\system32\perfc010.dat
03/08/2009 15:31:02 -- 25/10/2009 14:16:10 1099900 ---A 3 days old -- C:\WINDOWS\system32\PerfStringBackup.INI
31/08/2001 15:00:00 -- 24/10/2009 13:29:59 2228 ---A 4 days old -- C:\WINDOWS\system32\wpa.dbl
29/09/2009 22:08:18 -- 22/10/2009 13:53:59 1076 ---A 6 days old -- C:\WINDOWS\system32\settings.sfm
29/09/2009 22:08:18 -- 22/10/2009 13:53:59 1076 ---A 6 days old -- C:\WINDOWS\system32\settingsbkup.sfm
10/10/2009 13:29:07 -- 08/07/2008 14:06:04 18808 ---- 18 days old -- C:\WINDOWS\system32\spmsg.dll
03/10/2009 16:50:28 -- 01/10/2009 10:29:14 195440 ---- 25 days old -- C:\WINDOWS\system32\MpSigStub.exe
03/08/2009 15:50:50 -- 02/10/2009 19:01:57 25198016 ---A 26 days old -- C:\WINDOWS\system32\mrt.exe
01/10/2009 22:21:34 -- 01/10/2009 22:32:01 7055 ---A 27 days old -- C:\WINDOWS\system32\EPPICResdb0000
01/10/2009 22:21:34 -- 01/10/2009 22:32:01 121 ---A 27 days old -- C:\WINDOWS\system32\EPPICResdb
30/09/2009 12:32:20 -- 30/09/2009 13:27:22 413696 ---A 28 days old -- C:\WINDOWS\system32\wrap_oal.dll
30/09/2009 13:26:43 -- 18/03/2008 16:02:02 22833304 ---A 28 days old -- C:\WINDOWS\system32\AppSetup.exe
30/09/2009 12:51:53 -- 20/04/2007 14:28:50 3118 ---- 28 days old -- C:\WINDOWS\system32\AudioDrv.ini
30/09/2009 12:49:05 -- 13/12/2000 11:21:10 7572224 ---- 28 days old -- C:\WINDOWS\system32\CT8MGM.SF2
29/09/2009 22:48:41 -- 12/06/2003 22:25:40 7062 ---A 29 days old -- C:\WINDOWS\system32\audiopid.vxd
29/09/2009 22:47:44 -- 22/05/2000 09:58:00 647872 ---- 29 days old -- C:\WINDOWS\system32\Mscomct2.ocx
29/09/2009 22:42:38 -- 23/11/2006 01:55:48 782336 --RA 29 days old -- C:\WINDOWS\system32\tmpC2.tmp
23/09/2009 15:20:35 -- 09/02/2009 07:37:50 659968 ---A 35 days old -- C:\WINDOWS\system32\nmwcdcocls.dll
23/09/2009 14:16:53 -- 09/02/2009 07:37:48 91136 ---A 35 days old -- C:\WINDOWS\system32\nmwcdcls.dll
20/09/2009 13:34:48 -- 13/11/2006 13:45:54 1419232 ---A 38 days old -- C:\WINDOWS\system32\wdfcoinstaller01005.dll
18/09/2009 21:59:05 -- 21/03/2008 12:57:18 14640 ---- 40 days old -- C:\WINDOWS\system32\spmsgXP_2k3.dll
18/09/2009 21:57:26 -- 27/03/2008 16:49:38 1112288 ---A 40 days old -- C:\WINDOWS\system32\wdfcoinstaller01007.dll
19/08/2004 16:39:18 -- 11/09/2009 15:17:34 136192 ---A 47 days old -- C:\WINDOWS\system32\msv1_0.dll
19/08/2004 16:39:18 -- 04/09/2009 22:03:04 58880 ---A 54 days old -- C:\WINDOWS\system32\msasn1.dll
19/08/2004 16:38:08 -- 01/09/2009 15:46:18 282654 ---A 57 days old -- C:\WINDOWS\system32\msaud32.acm
19/08/2004 16:39:30 -- 29/08/2009 08:56:22 916480 ---- 60 days old -- C:\WINDOWS\system32\wininet.dll
19/08/2004 16:39:30 -- 29/08/2009 08:56:21 1208832 ---A 60 days old -- C:\WINDOWS\system32\urlmon.dll
19/08/2004 16:39:22 -- 29/08/2009 08:56:20 206848 ---A 60 days old -- C:\WINDOWS\system32\occache.dll
19/08/2004 16:39:18 -- 29/08/2009 08:56:19 5940224 ---- 60 days old -- C:\WINDOWS\system32\mshtml.dll
13/08/2007 17:54:10 -- 29/08/2009 08:56:14 594432 ---A 60 days old -- C:\WINDOWS\system32\msfeeds.dll
19/08/2004 16:39:16 -- 29/08/2009 08:56:14 25600 ---- 60 days old -- C:\WINDOWS\system32\jsproxy.dll
13/08/2007 17:54:10 -- 29/08/2009 08:56:14 55296 ---A 60 days old -- C:\WINDOWS\system32\msfeedsbs.dll
19/08/2004 16:39:48 -- 29/08/2009 08:56:14 1469440 ---A 60 days old -- C:\WINDOWS\system32\inetcpl.cpl
13/08/2007 17:34:04 -- 29/08/2009 08:56:13 1985536 ---A 60 days old -- C:\WINDOWS\system32\iertutil.dll
19/08/2004 16:39:14 -- 29/08/2009 08:56:11 184320 ---A 60 days old -- C:\WINDOWS\system32\iepeers.dll
13/08/2007 17:54:10 -- 29/08/2009 08:56:10 11069440 ---A 60 days old -- C:\WINDOWS\system32\ieframe.dll
19/08/2004 16:39:14 -- 29/08/2009 08:56:05 387584 ---- 60 days old -- C:\WINDOWS\system32\iedkcs32.dll
---- recent files in C:\WINDOWS\system32\drivers\
03/08/2009 15:24:04 -- 28/10/2009 13:20:18 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers\etc
03/08/2009 14:43:48 -- 23/09/2009 15:33:45 (DIR) ---- 35 days old -- C:\WINDOWS\system32\drivers\UMDF
30/09/2009 12:32:05 -- 10/10/2007 18:31:08 1664384 ---A 28 days old -- C:\WINDOWS\system32\drivers\p17xfilt.sys
29/09/2009 22:42:48 -- 07/08/2006 18:30:52 162176 ---A 29 days old -- C:\WINDOWS\system32\drivers\ctusfsyn.sys
23/09/2009 15:34:25 -- 23/09/2009 15:34:25 0 H--A 35 days old -- C:\WINDOWS\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
23/09/2009 15:34:22 -- 23/09/2009 15:34:22 0 H--A 35 days old -- C:\WINDOWS\system32\drivers\MsftWdf_user_01_07_00.Wdf
23/09/2009 15:33:25 -- 23/09/2009 15:33:25 0 H--A 35 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
23/09/2009 15:21:03 -- 26/08/2008 09:26:12 18816 ---A 35 days old -- C:\WINDOWS\system32\drivers\pccsmcfd.sys
23/09/2009 15:20:38 -- 19/03/2009 13:48:12 8320 ---A 35 days old -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
23/09/2009 15:20:37 -- 19/03/2009 13:48:18 136704 ---A 35 days old -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys
23/09/2009 15:20:37 -- 09/02/2009 07:37:56 7808 ---A 35 days old -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
23/09/2009 15:20:36 -- 09/02/2009 07:37:48 7808 ---A 35 days old -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
23/09/2009 15:20:35 -- 09/02/2009 07:37:46 17664 ---A 35 days old -- C:\WINDOWS\system32\drivers\ccdcmb.sys
23/09/2009 15:20:35 -- 09/02/2009 07:37:46 22016 ---A 35 days old -- C:\WINDOWS\system32\drivers\ccdcmbo.sys
20/09/2009 18:27:55 -- 29/01/2009 16:11:20 6016 ---A 38 days old -- C:\WINDOWS\system32\drivers\motfilt.sys
20/09/2009 18:27:55 -- 29/01/2009 15:42:12 23296 ---A 38 days old -- C:\WINDOWS\system32\drivers\Motousbnet.sys
20/09/2009 18:21:12 -- 29/01/2009 03:15:54 23680 ---A 38 days old -- C:\WINDOWS\system32\drivers\motmodem.sys
20/09/2009 16:57:08 -- 20/09/2009 16:57:08 0 H--A 38 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
20/09/2009 16:57:06 -- 20/09/2009 16:57:06 0 H--A 38 days old -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
20/09/2009 13:35:17 -- 13/04/2008 19:45:36 26112 ---A 38 days old -- C:\WINDOWS\system32\drivers\usbser.sys
19/09/2009 20:45:42 -- 11/05/2009 09:12:28 28520 ---A 39 days old -- C:\WINDOWS\system32\drivers\ssmdrv.sys
19/09/2009 20:45:42 -- 13/02/2009 11:29:15 22360 ---A 39 days old -- C:\WINDOWS\system32\drivers\avgntmgr.sys
19/09/2009 20:45:42 -- 30/03/2009 09:33:11 96104 ---A 39 days old -- C:\WINDOWS\system32\drivers\avipbb.sys
19/09/2009 20:45:42 -- 13/02/2009 11:17:49 45416 ---A 39 days old -- C:\WINDOWS\system32\drivers\avgntdd.sys
19/09/2009 13:26:20 -- 19/09/2009 13:26:20 0 H--A 39 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
19/09/2009 13:26:19 -- 19/09/2009 13:26:19 0 H--A 39 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
18/09/2009 21:59:33 -- 18/09/2009 21:59:33 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motfilt_01007.Wdf
18/09/2009 21:59:32 -- 18/09/2009 21:59:32 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
18/09/2009 21:59:14 -- 18/09/2009 21:59:14 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
18/09/2009 21:59:11 -- 18/09/2009 21:59:11 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
18/09/2009 21:57:27 -- 02/11/2007 14:51:30 6400 ---A 40 days old -- C:\WINDOWS\system32\drivers\motswch.sys
03/08/2009 15:44:19 -- 10/09/2009 13:54:06 38224 ---A 48 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
03/08/2009 15:44:18 -- 10/09/2009 13:53:50 19160 ---A 48 days old -- C:\WINDOWS\system32\drivers\mbam.sys
---- recent files in C:\WINDOWS\temp\
28/10/2009 23:43:24 -- 28/10/2009 23:43:26 814 ---A 0 days old -- C:\WINDOWS\temp\MpCmdRun.log
---- recent files in C:\Programmi\
14/09/2009 21:56:01 -- 28/10/2009 23:32:25 (DIR) ---- 0 days old -- C:\Programmi\Mozilla Firefox
03/08/2009 15:30:56 -- 28/10/2009 13:14:20 (DIR) ---- 0 days old -- C:\Programmi\File comuni
28/10/2009 11:32:14 -- 28/10/2009 11:32:14 (DIR) ---- 0 days old -- C:\Programmi\Microsoft Silverlight
26/10/2009 12:38:38 -- 26/10/2009 12:38:46 (DIR) H--- 2 days old -- C:\Programmi\WindowsUpdate
03/08/2009 13:59:38 -- 22/10/2009 13:51:28 (DIR) ---- 6 days old -- C:\Programmi\Creative
03/08/2009 13:39:36 -- 22/10/2009 13:16:01 (DIR) ---- 6 days old -- C:\Programmi\Internet Explorer
03/08/2009 15:44:18 -- 16/10/2009 08:27:31 (DIR) ---- 12 days old -- C:\Programmi\Malwarebytes' Anti-Malware
17/08/2009 13:55:06 -- 15/10/2009 11:26:55 (DIR) ---- 13 days old -- C:\Programmi\SpywareBlaster
03/08/2009 13:38:42 -- 10/10/2009 13:29:08 (DIR) ---- 18 days old -- C:\Programmi\Windows Media Player
29/09/2009 22:45:08 -- 30/09/2009 13:39:03 (DIR) H--- 28 days old -- C:\Programmi\Creative Installation Information
03/08/2009 13:50:54 -- 30/09/2009 13:29:18 (DIR) H--- 28 days old -- C:\Programmi\InstallShield Installation Information
23/09/2009 14:16:52 -- 23/09/2009 15:39:19 (DIR) ---- 35 days old -- C:\Programmi\Nokia
23/09/2009 15:20:55 -- 23/09/2009 15:20:57 (DIR) ---- 35 days old -- C:\Programmi\PC Connectivity Solution
23/09/2009 14:21:00 -- 23/09/2009 14:21:00 (DIR) ---- 35 days old -- C:\Programmi\DIFX
08/08/2009 22:27:39 -- 20/09/2009 19:51:35 (DIR) ---- 38 days old -- C:\Programmi\VirusTotalUploader
19/09/2009 20:45:38 -- 19/09/2009 20:45:38 (DIR) ---- 39 days old -- C:\Programmi\Avira
13/09/2009 23:06:13 -- 13/09/2009 23:06:13 (DIR) ---- 45 days old -- C:\Programmi\Trend Micro
13/09/2009 13:36:55 -- 13/09/2009 13:36:55 (DIR) ---- 45 days old -- C:\Programmi\Brice Lambson
12/09/2009 16:08:30 -- 12/09/2009 16:11:58 (DIR) ---- 46 days old -- C:\Programmi\Spybot - Search & Destroy
06/08/2009 21:22:28 -- 08/09/2009 20:52:08 (DIR) ---- 50 days old -- C:\Programmi\Motive
---- recent files in C:\Programmi\File comuni\
30/09/2009 10:38:31 -- 30/09/2009 10:38:31 (DIR) ---- 28 days old -- C:\Programmi\File comuni\Creative
23/09/2009 15:21:47 -- 23/09/2009 15:39:19 (DIR) ---- 35 days old -- C:\Programmi\File comuni\Nokia
23/09/2009 15:21:54 -- 23/09/2009 15:21:54 (DIR) ---- 35 days old -- C:\Programmi\File comuni\PCSuite
18/09/2009 21:56:48 -- 20/09/2009 19:54:54 (DIR) ---- 38 days old -- C:\Programmi\File comuni\Motorola Shared
---- recent files in C:\Documents and Settings\vincenzo\Dati applicazioni\
08/08/2009 20:13:27 -- 11/10/2009 19:28:23 (DIR) ---- 17 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\vlc
08/08/2009 19:24:19 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Vso
03/08/2009 14:08:49 -- 29/09/2009 22:57:01 (DIR) ---- 29 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Creative
23/09/2009 14:20:57 -- 23/09/2009 15:33:49 (DIR) ---- 35 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\PC Suite
23/09/2009 14:21:36 -- 23/09/2009 15:33:42 (DIR) ---- 35 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Nokia
19/09/2009 20:50:07 -- 19/09/2009 20:50:07 (DIR) ---- 39 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Avira
03/08/2009 13:47:32 -- 19/09/2009 20:29:54 (DIR) -S-- 39 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Microsoft
14/09/2009 21:56:12 -- 14/09/2009 21:56:12 (DIR) ---- 44 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Mozilla
03/08/2009 18:14:01 -- 04/09/2009 12:34:31 (DIR) ---- 54 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Adobe
08/08/2009 19:25:35 -- 07/09/2009 19:14:17 668 ---A 51 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\vso_ts_preview.xml
---- recent files in C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\
03/08/2009 13:47:32 -- 28/10/2009 11:32:23 (DIR) ---- 0 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\Microsoft
14/09/2009 21:56:12 -- 14/09/2009 21:56:12 (DIR) ---- 44 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\Mozilla
03/08/2009 22:26:10 -- 28/10/2009 13:37:34 4312030 H--A 0 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\IconCache.db
05/08/2009 13:23:31 -- 09/09/2009 17:04:03 8704 ---A 49 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
===================== DUPLICATE FILES IN BAK FOLDERS =====================
No BAK folders found
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ATICCC"="\"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe\" runtime -Delay"
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 \"EPSON Stylus Photo R240 Series\" /O6 \"USB001\" /M \"Stylus Photo R240\""
"00PCTFW"="\"C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe\" -s"
"Windows Defender"="\"C:\Programmi\Windows Defender\MSASCui.exe\" -hide"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe"
"avgnt"="\"C:\Programmi\Avira\AntiVir Desktop\avgnt.exe\" /min"
"P17Helper"="Rundll32 SPIRun.dll,RunDLLEntry"
"VolPanel"="\"C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe\" /r"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"
"Advanced SystemCare 3"="\"C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe\" /startup"
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 \"EPSON Stylus Photo R240 Series\" /M \"Stylus Photo R240\" /EF \"HKCU\""
"PC Suite Tray"="\"C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe\" -onlytray"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%Systemroot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"="LogonUI.EXE"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"@="Internet Explorer User Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"
[Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"@="Internet Explorer Machine Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\dimsntfy]
"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"
[Winlogon\Notify\LBTWlgn]
"DLLName"="c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll"
[Winlogon\Notify\LBTWlgn\Event]
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[runonceex]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
[Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]
#### HKCR\CLSID\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\InprocServer32 @="C:\Programmi\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll"
@="PDF-XChange Viewer IE-Plugin"
"NoExplorer"=dword:00000001
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00002cd9
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP"="1723:TCP:*:Enaxxxxx@xxxxxres.dll,-22015"
"1701:UDP"="1701:UDP:*:Enaxxxxx@xxxxxres.dll,-22016"
"500:UDP"="500:UDP:*:Enaxxxxx@xxxxxres.dll,-22017"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP"="1723:TCP:*:Enaxxxxx@xxxxxres.dll,-22015"
"1701:UDP"="1701:UDP:*:Enaxxxxx@xxxxxres.dll,-22016"
"500:UDP"="500:UDP:*:Enaxxxxx@xxxxxres.dll,-22017"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{0DE2E021-F55A-4710-9F74-7AF2139CC51E}"=dword:00000001
"{32D1AB01-00D6-47B6-9820-0A2CFDBA9B29}"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{06B9249B-9FA2-492D-A3F9-CB16C4B493E7}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="Internet Explorer - Aggiornamento versione"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\msdxm.ocx"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="\"C:\WINDOWS\system32\rundll32.exe\" \"C:\WINDOWS\system32\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\msdxm.ocx"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\msdxm.ocx"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
"ComponentID"="M953297"
"@="Microsoft .NET Framework 1.1 Security Update (KB953297)"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\ServiceModel 3.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11481 (0x2CD9)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11477 (0x2CD5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sr\Parameters FirstRun REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sr\Parameters FirstRun REG_DWORD 1 (0x1)
Result compared: Different
===================== Advanced startup entries analysis =====================
HKLM\SOFTWARE\Microsoft\windows\currentversion\run
ATICCC = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe -- 02/01/2006 16:41:22 -- 02/01/2006 16:41:22 -- 45056
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8 SHA1: 7ed5e3c120ab41303d5f8084a307845f9e0e1cc1
[1] .text [2] .rsrc [3] .reloc
EPSON Stylus Photo R240 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE -- 03/08/2009 14:15:51 -- 25/04/2005 05:00:00 -- 98304
MD5: 84eeb34cef30cbb4992d8332f818a4b3 SHA1: e8f30b562ea0535b75aedf7f7150744658dd05f6
[1] .text [2] .rdata [3] .data [4] .rsrc
00PCTFW = "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe -- 03/08/2009 14:33:21 -- 23/02/2009 08:49:16 -- 2652056
MD5: 64f635240db9fb0c6e6ca7725ed56544 SHA1: 573a08c63694fc0c22d26220f039e4f6bef63eaa
[1] .text [2] .rdata [3] .data [4] .text1 [5] .adata [6] .data1 [7] .pdata [8] .rsrc
Windows Defender = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
C:\Programmi\Windows Defender\MSASCui.exe -- 03/11/2006 18:20:12 -- 03/11/2006 18:20:12 -- 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac SHA1: 6761523a26c96461b4051d6932cb3ade36a2efb2
[1] .text [2] .data [3] .rsrc
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
C:\WINDOWS\KHALMNPR.EXE -- 17/06/2009 17:55:10 -- 17/06/2009 17:55:10 -- 55824
MD5: e42a642e162b0468b2c4e9d803079c7f SHA1: 2c22a6a3c331b873f21b85cb04f2cb7a95f41ec9
[1] .text [2] .rdata [3] .data [4] .rsrc
SMSTray = C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe -- 26/08/2009 14:56:03 -- 14/12/2007 16:19:26 -- 132624
MD5: d2084c2112cba266e08ed2a601e3c020 SHA1: af644dc033c28c680426dfa507cb42dc4cc7f511
[1] .text [2] .rdata [3] .data [4] .rsrc
avgnt = "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe -- 19/09/2009 20:45:40 -- 02/03/2009 12:08:52 -- 209153
MD5: 29680a793f690eef4aaa68479d2a6df8 SHA1: a07ceabce79b3354c25fdd5e20d765cdcd0174f7
[1] .text [2] .rdata [3] .data [4] .rsrc
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry
C:\WINDOWS\system32\Rundll32.exe -- 19/08/2004 16:39:46 -- 14/04/2008 03:14:18 -- 35328
MD5: 76e398fc77bf3a487fe94e3a743227ec SHA1: 5ad417a246a53452028be14b182fb001d278bc56
[1] .text [2] .data [3] .rsrc
VolPanel = "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe -- 30/09/2009 12:48:45 -- 28/02/2007 16:50:50 -- 180224
MD5: ed191c327a6695b35f614bd420e9eb5d SHA1: 124d0b481a76f400c4b03338c78277370ad18505
[1] .text [2] .rdata [3] .data [4] .rsrc
HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
HKCU\SOFTWARE\Microsoft\windows\currentversion\run
LDM = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -- 03/08/2009 14:11:27 -- 03/08/2009 14:11:26 -- 32768
MD5: 5588812731c64305f2579dd8215037e0 SHA1: 3c79a9f3ee8e88891f59c97b28cf1b8ed48b1412
[1] .text [2] .rdata [3] .data [4] .rsrc
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
C:\Programmi\Messenger\msmsgs.exe -- 03/08/2009 13:38:38 -- 14/04/2008 03:14:13 -- 1832448
MD5: 1a44b2db4977c6b76f95eb3d794dd0eb SHA1: 846c82d2153fbf56b7cc15f1aba9221be1905f1a
Error Opening File
Advanced SystemCare 3 = "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe -- 03/08/2009 15:06:29 -- 30/06/2009 08:55:40 -- 2329224
MD5: 77e448287453408a88cd9a02192c6df5 SHA1: ebb80f57717b34007ece6c35f11ce2118d44a8bf
[1] CODE [2] DATA [3] BSS [4] .idata [5] .tls [6] .rdata [7] .reloc [8] .rsrc
EPSON Stylus Photo R240 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE -- 03/08/2009 14:15:51 -- 25/04/2005 05:00:00 -- 98304
MD5: 84eeb34cef30cbb4992d8332f818a4b3 SHA1: e8f30b562ea0535b75aedf7f7150744658dd05f6
[1] .text [2] .rdata [3] .data [4] .rsrc
PC Suite Tray = "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe -- 25/06/2009 14:12:42 -- 25/06/2009 14:12:42 -- 1414144
MD5: 762a5bd25ff00d0376959a8611b327ac SHA1: 289d8551dee607dc68bb14534a6822c06f4078b2
[1] .text [2] .rdata [3] .data [4] .rsrc
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe -- 19/08/2004 16:39:36 -- 14/04/2008 03:14:03 -- 25088
MD5: 91b6aac828f8bbe1796275424e44dfb0 SHA1: bba10ca2cce9f5fe42e4d765da6d425c7d5c0a85
[1] .text [2] .data [3] .rsrc
HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
===================== AUTOPLAY SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)
-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000143
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000143
Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = False
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = True
DRIVE_CDROM = True
DRIVE_RAMDISK = False
RESERVED = True
~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~
No autorun.inf files found.
===================== SCHEDULED JOBS =====================
jobs found in C:\WINDOWS:
31/08/2001 15.00.00 65 byte 2981 days old -- C:\WINDOWS\tasks\desktop.ini
28/10/2009 10.44.26 440 byte 1 days old -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41D9AF44-36DF-49B7-9D28-447EBDC1E788}.job
28/10/2009 23.23.19 6 byte 1 days old -- C:\WINDOWS\tasks\SA.DAT
28/10/2009 23.24.25 366 byte 1 days old -- C:\WINDOWS\tasks\AWC AutoSweep.job
28/10/2009 23.26.27 322 byte 1 days old -- C:\WINDOWS\tasks\MP Scheduled Scan.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 27/10/2009 23.10.25
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 27/10/2009 23.11.49
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 8.18.21
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 8.20.00
Esito: Operazione completata con un codice di uscita (0).
"MP Scheduled Scan.job" (MpCmdRun.exe)
Avviata 28/10/2009 8.38.21
"MP Scheduled Scan.job" (MpCmdRun.exe)
Terminata 28/10/2009 8.38.32
Esito: Operazione completata con un codice di uscita (0).
"User_Feed_Synchronization-{41D9AF44-36DF-49B7-9D28-447EBDC1E788}.job" (msfeedssync.exe)
Avviata 28/10/2009 10.44.00
"User_Feed_Synchronization-{41D9AF44-36DF-49B7-9D28-447EBDC1E788}.job" (msfeedssync.exe)
Terminata 28/10/2009 10.44.26
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 11.24.24
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 11.25.33
Esito: Operazione completata con un codice di uscita (0).
"MP Scheduled Scan.job" (MpCmdRun.exe)
Avviata 28/10/2009 11.44.29
"MP Scheduled Scan.job" (MpCmdRun.exe)
Terminata 28/10/2009 11.44.54
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 12.59.28
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 13.00.33
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 13.19.31
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 13.19.45
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 23.23.19
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 23.24.25
Esito: Operazione completata con un codice di uscita (0).
===================== LIST OF ALL SERVICES & DRIVERS =====================
-----HKLM\system\currentcontrolset\services-----
000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
002) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER
003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
005) "aec" - Eliminatore di eco acustico del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER
006) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER
007) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
008) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
010) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
011) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
012) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
013) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
014) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
015) "AsyncMac" - Driver per supporti asincroni RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER
016) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER
017) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
018) "ati2mtag"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ati2mtag.sys
---> TYPE = KERNEL_DRIVER
019) "Atmarpc" - Protocollo client ARP ATM
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER
020) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER
021) "avgio" - avgio
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Programmi\Avira\AntiVir Desktop\avgio.sys
---> TYPE = KERNEL_DRIVER
022) "avgntflt" - avgntflt
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\avgntflt.sys
---> TYPE = FILE_SYSTEM_DRIVER
023) "avipbb" - avipbb
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\avipbb.sys
---> TYPE = KERNEL_DRIVER
024) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
025) "BTCFilterService" - USB Networking Driver Filter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motfilt.sys
---> TYPE = KERNEL_DRIVER
026) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\ComboFix\catchme.sys
---> TYPE = KERNEL_DRIVER
027) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
028) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
029) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
030) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
031) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER
032) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
033) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
034) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
035) "ctsfm2k" - Creative SoundFont Management Device Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ctsfm2k.sys
---> TYPE = KERNEL_DRIVER
036) "CTUSFSYN" - Creative SoundFont Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ctusfsyn.sys
---> TYPE = KERNEL_DRIVER
037) "dac2w2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
038) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
039) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER
040) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER
041) "dmio" - Driver Gestione dischi logici
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER
042) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER
043) "DMusic" - Sintetizzatore DLS Microsoft Kernel
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER
044) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
045) "drmkaud" - Decodificatore audio DRM del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER
046) "Fastfat"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
047) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER
048) "FETND5BV" - VIA Rhine-Family Fast Ethernet Adapter Driver Service
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fetnd5bv.sys
---> TYPE = KERNEL_DRIVER
049) "FETNDIS" - Driver NT scheda Fast Ethernet VIA PCI 10/100Mb
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\fetnd5.sys
---> TYPE = KERNEL_DRIVER
050) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
051) "Flpydisk" - Driver disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER
052) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER
053) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER
054) "gameenum" - Enumeratore porta giochi
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\gameenum.sys
---> TYPE = KERNEL_DRIVER
055) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER
056) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
057) "HTTP" - HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER
058) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
059) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
060) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER
061) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER
062) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
063) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
064) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER
065) "Ip6Fw" - Driver Windows Firewall IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = KERNEL_DRIVER
066) "IpFilterDriver" - Driver filtro traffico IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER
067) "IpInIp" - Driver tunnel IP in IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER
068) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER
069) "IPSec" - Driver IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER
070) "IRENUM" - Servizio enumeratore infrarossi
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER
071) "isapnp" - Driver bus PnP ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER
072) "Kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER
073) "kmixer" - Mixer wave audio del kernel Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER
074) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
075) "L8042Kbd" - Logitech SetPoint Keyboard Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\L8042Kbd.sys
---> TYPE = KERNEL_DRIVER
076) "L8042mou" - SetPoint PS/2 Mouse Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\L8042mou.Sys
---> TYPE = KERNEL_DRIVER
077) "LBeepKE" - LBeepKE
---> STAT = (RUNNING) Started automatically
---> FILE = System32\Drivers\LBeepKE.sys
---> TYPE = KERNEL_DRIVER
078) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
079) "LMouKE" - SetPoint Mouse Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\LMouKE.Sys
---> TYPE = KERNEL_DRIVER
080) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
081) "Modem"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
082) "motccgp" - Motorola USB Composite Device Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motccgp.sys
---> TYPE = KERNEL_DRIVER
083) "motccgpfl" - MotCcgpFlService
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motccgpfl.sys
---> TYPE = KERNEL_DRIVER
084) "motmodem" - Motorola USB CDC ACM Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motmodem.sys
---> TYPE = KERNEL_DRIVER
085) "MotoSwitchService" - MotoSwitch Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motswch.sys
---> TYPE = KERNEL_DRIVER
086) "Motousbnet" - Motorola USB Networking Driver Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\Motousbnet.sys
---> TYPE = KERNEL_DRIVER
087) "Mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER
088) "MountMgr" - Gestore installazione (Mounting)
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
089) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
090) "MRxDAV" - Redirector del client WebDav
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER
091) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER
092) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
093) "MSKSSRV" - Proxy di servizio di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER
094) "MSPCLOCK" - Proxy clock di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER
095) "MSPQM" - Proxy di gestione qualità di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER
096) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER
097) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER
098) "NDIS" - Driver di sistema NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
099) "NdisTapi" - Driver TAPI NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER
100) "Ndisuio" - Protocollo I/O modalità utente su NDIS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER
101) "NdisWan" - Driver WAN NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER
102) "NDProxy" - multi:Proxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
103) "NetBIOS" - Interfaccia NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER
104) "NetBT" - NetBios su Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER
105) "nmwcd" - Nokia USB Phone Parent
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ccdcmb.sys
---> TYPE = KERNEL_DRIVER
106) "nmwcdc" - Nokia USB Generic
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ccdcmbo.sys
---> TYPE = KERNEL_DRIVER
107) "nmwcdnsu" - Nokia USB Flashing Phone Parent
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdnsu.sys
---> TYPE = KERNEL_DRIVER
108) "nmwcdnsuc" - Nokia USB Flashing Generic
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdnsuc.sys
---> TYPE = KERNEL_DRIVER
109) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
110) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
111) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
112) "NwlnkFlt" - Driver filtro traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER
113) "NwlnkFwd" - Driver inoltratore traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER
114) "ossrv" - Creative OS Services Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ctoss2k.sys
---> TYPE = KERNEL_DRIVER
115) "P17" - SB Live! 24-bit
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\P17.sys
---> TYPE = KERNEL_DRIVER
116) "P17xfi" - Sound Blaster X-Fi Xtreme Audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\P17xfi.sys
---> TYPE = KERNEL_DRIVER
117) "p17xfilt"
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\p17xfilt.sys
---> TYPE = KERNEL_DRIVER
118) "Parport" - Driver della porta parallela
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER
119) "PartMgr" - Gestore partizioni
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
120) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER
121) "pccsmcfd" - PCCS Mode Change Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\pccsmcfd.sys
---> TYPE = KERNEL_DRIVER
122) "PCI" - Driver bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER
123) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
124) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER
125) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
126) "pcouffin" - VSO Software pcouffin
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\pcouffin.sys
---> TYPE = KERNEL_DRIVER
127) "PCTAppEvent" - PCTAppEvent Driver
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\drivers\PCTAppEvent.sys
---> TYPE = KERNEL_DRIVER
128) "pctgntdi" - pctgntdi
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\WINDOWS\system32\drivers\pctgntdi.sys
---> TYPE = KERNEL_DRIVER
129) "pctplfw" - pctplfw
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\pctplfw.sys
---> TYPE = KERNEL_DRIVER
130) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
131) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
132) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
133) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
134) "perc2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
135) "perc2hib"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
136) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER
137) "PSched" - Utilità di pianificazione pacchetti QoS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psched.sys
---> TYPE = KERNEL_DRIVER
138) "Ptilink" - Driver Direct Parallel Link
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ptilink.sys
---> TYPE = KERNEL_DRIVER
139) "ql1080"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
140) "Ql10wnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
141) "ql12160"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
142) "ql1240"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
143) "ql1280"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
144) "RasAcd" - Driver connessione automatica Accesso remoto
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER
145) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER
146) "RasPppoe" - Driver PPPOE di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER
147) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspti.sys
---> TYPE = KERNEL_DRIVER
148) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER
149) "RDPCDD"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER
150) "rdpdr" - Driver redirector periferica Terminal Server
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rdpdr.sys
---> TYPE = KERNEL_DRIVER
151) "RDPWD"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
152) "redbook" - Driver filtro riproduzione CD-ROM audio digitale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\redbook.sys
---> TYPE = KERNEL_DRIVER
153) "rtl8139" - Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\RTL8139.SYS
---> TYPE = KERNEL_DRIVER
154) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\secdrv.sys
---> TYPE = KERNEL_DRIVER
155) "serenum" - Driver filtro Serenum
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\serenum.sys
---> TYPE = KERNEL_DRIVER
156) "Serial" - Driver della porta seriale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\serial.sys
---> TYPE = KERNEL_DRIVER
157) "SFilter" - PCTools Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\pctfw.sys
---> TYPE = KERNEL_DRIVER
158) "Sfloppy"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
159) "Simbad"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
160) "Sparrow"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
161) "splitter" - Frazionatore audio del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
---> TYPE = KERNEL_DRIVER
162) "sr" - Driver filtro Ripristino configurazione di sistema
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\sr.sys
---> TYPE = FILE_SYSTEM_DRIVER
163) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER
164) "ssmdrv" - ssmdrv
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ssmdrv.sys
---> TYPE = KERNEL_DRIVER
165) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER
166) "swmidi" - Sintetizzatore Wavetable GS kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
---> TYPE = KERNEL_DRIVER
167) "symc810"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
168) "symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
169) "sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
170) "sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
171) "sysaudio" - Periferica audio di sistema Microsoft Kernel
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
---> TYPE = KERNEL_DRIVER
172) "Tcpip" - Driver protocollo TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER
173) "TDPIPE"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
174) "TDTCP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
175) "TermDD" - Driver della periferica terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER
176) "TosIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
177) "uagp35" - Filtro Microsoft AGPv3.5
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\uagp35.sys
---> TYPE = KERNEL_DRIVER
178) "Udfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
179) "ultra"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
180) "Update" - Driver aggiornamento microcodice
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\update.sys
---> TYPE = KERNEL_DRIVER
181) "upperdev"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbser_lowerflt.sys
---> TYPE = KERNEL_DRIVER
182) "usbccgp" - Driver principale generico USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbccgp.sys
---> TYPE = KERNEL_DRIVER
183) "usbehci" - Driver Miniport controller enhanced host USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER
184) "usbhub" - Hub abilitato USB2
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER
185) "usbprint" - Classe stampanti USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = KERNEL_DRIVER
186) "usbscan" - Driver scanner USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
---> TYPE = KERNEL_DRIVER
187) "usbser" - USB Modem Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\usbser.sys
---> TYPE = KERNEL_DRIVER
188) "UsbserFilt"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbser_lowerfltj.sys
---> TYPE = KERNEL_DRIVER
189) "usbstor" - Driver archiviazione di massa USB
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER
190) "usbuhci" - Driver Miniport Controller Universal Host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER
191) "VgaSave" - Controller video VGA.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER
192) "ViaIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\viaide.sys
---> TYPE = KERNEL_DRIVER
193) "videX32"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\videX32.sys
---> TYPE = KERNEL_DRIVER
194) "VolSnap"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
195) "Wanarp" - Driver ARP IP di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER
196) "Wdf01000" - Wdf01000
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\wdf01000.sys
---> TYPE = KERNEL_DRIVER
197) "WDICA"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
198) "wdmaud" - Driver di compatibilità audio Microsoft WINMM WDM
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
---> TYPE = KERNEL_DRIVER
199) "WpdUsb" - WpdUsb
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wpdusb.sys
---> TYPE = KERNEL_DRIVER
200) "WS2IFSL" - Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys
---> TYPE = KERNEL_DRIVER
201) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\WudfPf.sys
---> TYPE = KERNEL_DRIVER
202) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wudfrd.sys
---> TYPE = KERNEL_DRIVER
203) "xfilt" - VIA SATA IDE Hot-plug Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\xfilt.sys
---> TYPE = KERNEL_DRIVER
-----HKLM\system\currentcontrolset\services-----
000) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
001) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> TYPE = OWN_SERVICE
002) "AntiVirMailService" - Avira AntiVir MailGuard
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\avmailc.exe\
---> TYPE = OWN_SERVICE
003) "AntiVirSchedulerService" - Avira AntiVir Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\sched.exe\
---> TYPE = OWN_SERVICE
004) "AntiVirService" - Avira AntiVir Guard
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\avguard.exe\
---> TYPE = OWN_SERVICE
005) "AntiVirWebService" - Avira AntiVir WebGuard
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE\
---> TYPE = OWN_SERVICE
006) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
007) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> TYPE = OWN_SERVICE
008) "Ati HotKey Poller"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\Ati2evxx.exe
---> TYPE = OWN_SERVICE
009) "ATI Smart" - ATI Smart
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ati2sgag.exe
---> TYPE = OWN_SERVICE
010) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
011) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
012) "Browser" - Browser di computer
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
013) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe
---> TYPE = SHARE_SERVICE
014) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\clipsrv.exe
---> TYPE = OWN_SERVICE
015) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE
016) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE
017) "Creative Service for CDROM Access" - Creative Service for CDROM Access
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\CTsvcCDA.exe
---> TYPE = OWN_SERVICE
018) "CryptSvc" - CryptSvc
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
019) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> TYPE = SHARE_SERVICE
020) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
021) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
---> TYPE = SHARE_SERVICE
022) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
023) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
024) "Dot3svc" - Configurazione automatica reti cablate
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k dot3svc
---> TYPE = SHARE_SERVICE
025) "EapHost" - Servizio Extensible Authentication Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k eapsvcs
---> TYPE = SHARE_SERVICE
026) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
027) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE
028) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
029) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
030) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
---> TYPE = OWN_SERVICE
031) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
032) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
033) "hkmsvc" - Servizio gestione chiavi e certificati di integrità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
034) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
---> TYPE = SHARE_SERVICE
035) "idsvc" - Windows CardSpace
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\
---> TYPE = SHARE_SERVICE
036) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe
---> TYPE = OWN_SERVICE
037) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
038) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
039) "LBTServ" - Logitech Bluetooth Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
---> TYPE = OWN_SERVICE
040) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
041) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
042) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe
---> TYPE = OWN_SERVICE
043) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe
---> TYPE = OWN_SERVICE
044) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
---> TYPE = SHARE_SERVICE
045) "napagent" - Agente protezione accesso alla rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
046) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE
047) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE
048) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
049) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
050) "NetTcpPortSharing" - Net.Tcp Port Sharing Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\
---> TYPE = SHARE_SERVICE
051) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
052) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
053) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
054) "PCToolsFirewallPlus" - PC Tools Firewall Plus
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\PC Tools Firewall Plus\FWService.exe
---> TYPE = OWN_SERVICE
055) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE
056) "PolicyAgent" - Servizi IPSEC
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
057) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
058) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
059) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
060) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
---> TYPE = OWN_SERVICE
061) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
062) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
063) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe
---> TYPE = OWN_SERVICE
064) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> TYPE = OWN_SERVICE
065) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe
---> TYPE = OWN_SERVICE
066) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
067) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
---> TYPE = SHARE_SERVICE
068) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
069) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
070) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
071) "ServiceLayer" - ServiceLayer
---> STAT = (RUNNING) Started manually
---> FILE = \C:\Programmi\PC Connectivity Solution\ServiceLayer.exe\
---> TYPE = OWN_SERVICE
072) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
073) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
074) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> TYPE = OWN_SERVICE
075) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
076) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
077) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> TYPE = SHARE_SERVICE
078) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{079764BF-3207-40E0-871A-318297C0EE01}
---> TYPE = OWN_SERVICE
079) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
---> TYPE = OWN_SERVICE
080) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
081) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> TYPE = SHARE_SERVICE
082) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
083) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\tlntsvr.exe
---> TYPE = OWN_SERVICE
084) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
085) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
086) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
---> TYPE = OWN_SERVICE
087) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
---> TYPE = OWN_SERVICE
088) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
089) "WebClient" - WebClient
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = OWN_SERVICE
090) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Windows Defender\MsMpEng.exe\
---> TYPE = OWN_SERVICE
091) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
092) "Winsock"
---> STAT = (RUNNING) Started manually
---> TYPE = ADAPTER
093) "WMDM PMSP Service" - WMDM PMSP Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\MsPMSPSv.exe
---> TYPE = OWN_SERVICE
094) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
095) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
096) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe
---> TYPE = OWN_SERVICE
097) "WMPNetworkSvc" - Servizio di condivisione in rete Windows Media Player
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\Windows Media Player\WMPNetwk.exe\
---> TYPE = OWN_SERVICE
098) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
099) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
100) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
---> TYPE = SHARE_SERVICE
101) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
102) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
===================== SVCHOST INSTANCES =====================
HTTPFilter
+---- HTTPFilter
+---- %SystemRoot%\System32\w3ssl.dll
LocalService
+---- Alerter
+---- %SystemRoot%\system32\alrsvc.dll
+---- WebClient
+---- %SystemRoot%\System32\webclnt.dll
+---- LmHosts
+---- %SystemRoot%\System32\lmhsvc.dll
+---- RemoteRegistry
+---- %SystemRoot%\system32\regsvc.dll
+---- upnphost
+---- %SystemRoot%\System32\upnphost.dll
+---- SSDPSRV
+---- %SystemRoot%\System32\ssdpsrv.dll
NetworkService
+---- DnsCache
+---- %SystemRoot%\System32\dnsrslvr.dll
netsvcs
+---- 6to4
+---- AppMgmt
+---- %SystemRoot%\System32\appmgmts.dll
+---- AudioSrv
+---- %SystemRoot%\System32\audiosrv.dll
+---- Browser
+---- %SystemRoot%\System32\browser.dll
+---- CryptSvc
+---- %SystemRoot%\System32\cryptsvc.dll
+---- DMServer
+---- %SystemRoot%\System32\dmserver.dll
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- ERSvc
+---- %SystemRoot%\System32\ersvc.dll
+---- EventSystem
+---- C:\WINDOWS\system32\es.dll
+---- FastUserSwitchingCompatibility
+---- %SystemRoot%\System32\shsvcs.dll
+---- HidServ
+---- %SystemRoot%\System32\hidserv.dll
+---- Ias
+---- Iprip
+---- Irmon
+---- LanmanServer
+---- %SystemRoot%\System32\srvsvc.dll
+---- LanmanWorkstation
+---- %SystemRoot%\System32\wkssvc.dll
+---- Messenger
+---- %SystemRoot%\System32\msgsvc.dll
+---- Netman
+---- %SystemRoot%\System32\netman.dll
+---- Nla
+---- %SystemRoot%\System32\mswsock.dll
+---- Ntmssvc
+---- %SystemRoot%\system32\ntmssvc.dll
+---- NWCWorkstation
+---- Nwsapagent
+---- Rasauto
+---- %SystemRoot%\System32\rasauto.dll
+---- Rasman
+---- %SystemRoot%\System32\rasmans.dll
+---- Remoteaccess
+---- %SystemRoot%\System32\mprdim.dll
+---- Schedule
+---- %SystemRoot%\system32\schedsvc.dll
+---- Seclogon
+---- %SystemRoot%\System32\seclogon.dll
+---- SENS
+---- %SystemRoot%\system32\sens.dll
+---- Sharedaccess
+---- %SystemRoot%\System32\ipnathlp.dll
+---- SRService
+---- %SystemRoot%\system32\srsvc.dll
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
+---- Themes
+---- %SystemRoot%\System32\shsvcs.dll
+---- TrkWks
+---- %SystemRoot%\system32\trkwks.dll
+---- W32Time
+---- %systemroot%\system32\w32time.dll
+---- WZCSVC
+---- %SystemRoot%\System32\wzcsvc.dll
+---- Wmi
+---- %SystemRoot%\System32\advapi32.dll
+---- WmdmPmSp
+---- winmgmt
+---- %SystemRoot%\system32\wbem\WMIsvc.dll
+---- wscsvc
+---- %SYSTEMROOT%\system32\wscsvc.dll
+---- xmlprov
+---- %SystemRoot%\System32\xmlprov.dll
+---- BITS
+---- %systemroot%\system32\qmgr.dll
+---- wuauserv
+---- C:\WINDOWS\system32\wuauserv.dll
+---- ShellHWDetection
+---- %SystemRoot%\System32\shsvcs.dll
+---- WmdmPmSN
+---- C:\WINDOWS\system32\MsPMSNSv.dll
+---- napagent
+---- %SystemRoot%\System32\qagentrt.dll
+---- hkmsvc
+---- %SystemRoot%\System32\kmsvc.dll
+---- helpsvc
+---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
DcomLaunch
+---- DcomLaunch
+---- %SystemRoot%\system32\rpcss.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
rpcss
+---- RpcSs
+---- %SystemRoot%\System32\rpcss.dll
imgsvc
+---- StiSvc
+---- %SystemRoot%\system32\wiaservc.dll
termsvcs
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
WudfServiceGroup
+---- WUDFSvc
+---- %SystemRoot%\System32\WUDFSvc.dll
eapsvcs
+---- eaphost
+---- %SystemRoot%\System32\eapsvc.dll
dot3svc
+---- dot3svc
+---- %SystemRoot%\System32\dot3svc.dll
===================== LOADED MODULES =====================
*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown
System pid: 4
Command line: <no command line>
smss.exe pid: 1060
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
csrss.exe pid: 1124
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75af0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\CSRSRV.dll
0x75b00000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll
0x75b10000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll
winlogon.exe pid: 1152
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x8b000 \??\C:\WINDOWS\system32\winlogon.exe
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x11000 6.14.0010.4133 C:\WINDOWS\system32\Ati2evxx.dll
0x47190000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x01630000 0x12000 4.80.0103.0000 c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
0x01560000 0x24000 4.80.0103.0000 c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
services.exe pid: 1196
Command line: C:\WINDOWS\system32\services.exe
Base Size Version Path
0x01000000 0x1d000 5.01.2600.5755 C:\WINDOWS\system32\services.exe
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77b40000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\SCESRV.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x7dbb0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\umpnpmgr.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x474b0000 0xf000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcAdProc.dll
0x772d0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\eventlog.dll
lsass.exe pid: 1208
Command line: C:\WINDOWS\system32\lsass.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\lsass.exe
0x753e0000 0xb6000 5.01.2600.5834 C:\WINDOWS\system32\LSASRV.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x743d0000 0x6e000 5.01.2600.5512 C:\WINDOWS\system32\SAMSRV.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x4d200000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\msprivs.dll
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74440000 0x65000 5.01.2600.5512 C:\WINDOWS\system32\netlogon.dll
0x76780000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x7e8c0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\wdigest.dll
0x00f60000 0x31000 5.01.2600.5512 C:\WINDOWS\system32\scecli.dll
0x74320000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\pstorsvc.dll
0x74340000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\psbase.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
ati2evxx.exe pid: 1404
Command line: C:\WINDOWS\system32\Ati2evxx.exe
Base Size Version Path
0x00400000 0x6b000 6.14.0010.4133 C:\WINDOWS\system32\Ati2evxx.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ae0000 0x10000 6.14.0010.2500 C:\WINDOWS\system32\Ati2edxx.dll
svchost.exe pid: 1420
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
svchost.exe pid: 1500
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
MsMpEng.exe pid: 1636
Command line: "C:\Programmi\Windows Defender\MsMpEng.exe"
Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Programmi\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Programmi\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Programmi\Windows Defender\MpClient.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5a100000 0x6f4000 1.01.5202.0000 C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{55386110-E3AA-4258-B9E4-D54A5B014DE8}\mpengine.dll
0x00ec0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\mprtplug.dll
0x60800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\MpAsDesc.dll
0x76590000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\SensApi.dll
svchost.exe pid: 1680
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x4cf40000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x745c0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76030000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x72960000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x01960000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\System32\SCHANNEL.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76760000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74f20000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll
0x776e0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74ed0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\System32\HNETCFG.DLL
0x02760000 0x34000 5.01.2600.5512 c:\windows\system32\credui.dll
0x73640000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x73b40000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x76780000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f120000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x50040000 0x1bc000 7.02.6001.0788 C:\WINDOWS\system32\wuaueng.dll
0x750e0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x742f0000 0xb000 5.01.2600.5512 c:\windows\system32\WINIPSEC.DLL
0x58080000 0x48000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x58100000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x580e0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58110000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58130000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58120000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x723c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x70040000 0x9e000 2001.12.4414.0700 C:\WINDOWS\System32\catsrvut.dll
0x70100000 0x3d000 2001.12.4414.0700 C:\WINDOWS\System32\catsrv.dll
0x61df0000 0x9000 2001.12.4414.0700 C:\WINDOWS\System32\MfcSubs.dll
0x50640000 0xa000 7.02.6001.0788 C:\WINDOWS\system32\wups.dll
0x50e60000 0xc000 7.02.6001.0788 C:\WINDOWS\system32\wups2.dll
0x74910000 0x11e000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x506a0000 0x8a000 7.02.6001.0788 C:\WINDOWS\system32\wuapi.dll
svchost.exe pid: 1728
Command line: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x111c0000 0x10000 6.00.6001.18000 c:\windows\system32\wudfsvc.dll
0x00670000 0x2b000 6.00.6001.18000 c:\windows\system32\WUDFPlatform.dll
svchost.exe pid: 1872
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
svchost.exe pid: 2040
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
spoolsv.exe pid: 352
Command line: C:\WINDOWS\system32\spoolsv.exe
Base Size Version Path
0x01000000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\spoolsv.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x50400000 0x15000 5.07.0000.0000 C:\WINDOWS\system32\E_FLMAHE.DLL
0x3f420000 0x1b000 6.01.2600.5635 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
ati2evxx.exe pid: 372
Command line: Ati2evxx.exe -Client
Base Size Version Path
0x00400000 0x6b000 6.14.0010.4133 C:\WINDOWS\system32\Ati2evxx.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00c30000 0x10000 6.14.0010.2500 C:\WINDOWS\system32\Ati2edxx.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
explorer.exe pid: 480
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x17e000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x75f30000 0x104000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x00280000 0x46e000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x00700000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x5ba40000 0x82000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x60060000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x02e10000 0x34000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x02e50000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x033c0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x761e0000 0x23000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a80000 0xd000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x75f10000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x75f20000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x04a50000 0x1d6000 1.06.0002.0014 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x69940000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\faultrep.dll
0x5f210000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\olepro32.dll
0x43270000 0x9000 8.00.6001.18828 C:\WINDOWS\system32\jsproxy.dll
0x6c6b0000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x059c0000 0x9a000 7.01.0108.0000 C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
0x06810000 0xe4000 7.01.0154.0000 C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x05a60000 0x9000 7.01.0069.0000 C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
0x06400000 0x8e000 7.01.0021.0000 C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
0x73b10000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
0x74a70000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll
0x05210000 0x508000 2.00.0042.0002 C:\Programmi\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
0x73aa0000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x014e0000 0x13000 1.00.0000.0001 C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
0x05b10000 0x3b2000 6.00.2900.5512 C:\WINDOWS\system32\zipfldr.dll
0x01520000 0x2b000 C:\Programmi\WinRAR\rarext.dll
sched.exe pid: 520
Command line: "C:\Programmi\Avira\AntiVir Desktop\sched.exe"
CLI.exe pid: 672
Command line: "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x791b0000 0x269000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x008f0000 0x45000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x79780000 0x20e000 1.01.4322.2443 c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
0x79990000 0x33e000 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d01e3220\mscorlib.dll
0x79510000 0x13000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
0x79430000 0x4d000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
0x7b610000 0x1f8000 1.01.4322.2032 c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
0x7b810000 0x2e2000 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecba824d\system.windows.forms.dll
0x11000000 0xc000 1.02.2349.28178 c:\programmi\ati technologies\ati.ace\cli.implementation.dll
0x02e10000 0xc000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\log.foundation.dll
0x03030000 0x14000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.dll
0x03050000 0xe000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\log.foundation.service.dll
0x03060000 0x8000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\log.foundation.shared.dll
0x7b0a0000 0x130000 1.01.4322.2443 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
0x7b1d0000 0x1e4000 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bbd2063\system.dll
0x030b0000 0xa000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
0x7bc10000 0x14a000 1.01.4322.2032 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
0x7bd60000 0x202000 c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7efd980c\system.xml.dll
0x79640000 0x52000 1.01.4322.2032 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x03700000 0x18000 1.02.2349.28582 c:\programmi\ati technologies\ati.ace\cli.component.runtime.dll
0x03720000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\aticccom.dll
0x03730000 0xa000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\aem.foundation.dll
0x7b490000 0x76000 1.01.4322.2032 c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
0x03750000 0x17000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
0x7b510000 0xce000 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cdb8df7\system.drawing.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79e60000 0x42000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x042a0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x04580000 0x10000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.shared.dll
0x047a0000 0x4c000 1.02.2349.28559 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.runtime.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x04830000 0xc000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.component.runtime.shared.dll
0x04a50000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.foundation.dll
0x04a60000 0xe000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.graphics.i0601.dll
0x04b90000 0xa000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x7a090000 0x138000 1.01.4322.2443 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
0x05190000 0x4a000 1.02.2349.28150 c:\windows\system32\atidemgr.dll
0x051e0000 0x5e000 1.01.4322.2032 c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
0x05250000 0xb000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x05590000 0xc000 1.02.2349.28270 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.runtime.dll
0x055a0000 0xa000 1.02.2302.19274 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.shared.dll
0x055b0000 0xc000 1.02.2349.28171 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll
0x055c0000 0xa000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll
0x055d0000 0xc000 1.02.2349.28337 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll
0x055f0000 0xa000 1.02.2208.30001 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll
0x05600000 0xc000 1.02.2349.28269 c:\programmi\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll
0x05610000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll
0x05620000 0x10000 1.02.2349.28383 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll
0x05630000 0xe000 1.02.2349.28376 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll
0x05640000 0xe000 1.02.2349.28287 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll
0x05860000 0xa000 1.02.2208.30007 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll
0x05870000 0xe000 1.02.2349.28460 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll
0x05880000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll
0x05890000 0xe000 1.02.2349.28421 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll
0x058a0000 0xc000 1.02.2208.30001 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll
0x058b0000 0xc000 1.02.2349.28361 c:\programmi\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll
0x058c0000 0xa000 1.02.2208.29989 c:\programmi\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll
0x058e0000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.videooverlay.shared.dll
0x058f0000 0xa000 1.02.2349.28369 c:\programmi\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll
0x05900000 0xa000 1.02.2349.28353 c:\programmi\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll
0x05910000 0xa000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll
0x05b20000 0xc000 1.02.2349.28345 c:\programmi\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll
0x05b30000 0xc000 1.02.2349.28506 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll
0x05b50000 0x12000 1.02.2236.29147 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll
0x05b70000 0xc000 1.02.2349.28303 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll
0x05b80000 0x12000 1.02.2236.29162 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll
0x05ba0000 0xa000 1.02.2349.28481 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll
0x05bb0000 0xa000 1.02.2208.29994 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll
0x05bd0000 0xa000 1.02.2349.28287 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll
0x05bf0000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll
0x05c00000 0x10000 1.02.2349.28498 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll
0x05c10000 0xc000 1.02.2236.29179 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll
0x05c20000 0xa000 1.02.2236.29132 c:\programmi\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll
0x05c30000 0x10000 1.02.2349.28311 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll
0x05c40000 0xc000 1.02.2236.29197 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll
0x05c60000 0x12000 1.02.2349.28474 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll
0x05c80000 0x12000 1.02.2349.28467 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll
0x05ca0000 0xe000 1.02.2349.28490 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll
0x05cb0000 0xe000 1.02.2236.29212 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll
0x05cc0000 0xe000 1.02.2349.28295 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll
0x05ce0000 0xe000 1.02.2236.29221 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll
0x05cf0000 0x16000 1.02.2349.28398 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll
0x05d10000 0xa000 1.02.2279.31385 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll
0x05d20000 0xa000 1.02.2349.28413 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll
0x05d30000 0x10000 1.02.2349.28391 c:\programmi\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll
0x05d40000 0xa000 1.02.2208.29989 c:\programmi\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll
0x05d60000 0xc000 1.02.2349.28444 c:\programmi\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll
0x05d70000 0x8000 1.02.2349.28429 c:\programmi\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll
0x05d80000 0xc000 1.02.2349.28436 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll
0x05d90000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll
0x05da0000 0x8000 1.02.2349.28321 c:\programmi\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll
0x05db0000 0x8000 1.02.2208.30002 c:\programmi\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll
0x05dd0000 0x12000 1.02.2232.28756 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll
0x05e00000 0x10000 1.02.2232.28758 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll
0x05e30000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.graphics.i0600.dll
0x05e40000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll
0x05e70000 0xa000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll
0x05e80000 0x8000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll
0x05e90000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.graphics.i0602.dll
0x05ea0000 0x8000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll
0x05eb0000 0x8000 1.02.2349.28162 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.runtime.dll
0x05fe0000 0x12000 1.02.2343.18612 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll
0x06010000 0x12000 1.02.2343.18635 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll
0x06040000 0x8000 1.02.2279.31374 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll
0x06050000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll
0x06070000 0x8000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll
0x05060000 0xa000 1.02.2208.30002 c:\programmi\ati technologies\ati.ace\apm.foundation.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x050d0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x05100000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
FirewallGUI.exe pid: 656
Command line: "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
Base Size Version Path
0x00400000 0x32c000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x66bb0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\inetmib1.dll
0x71ef0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\snmpapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x10000000 0x36b000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\Objects.dll
0x5dd60000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\RPCNS4.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x01900000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x01920000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x01b60000 0x340000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\FirewallPlugin.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x026a0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x74dc0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x3fac0000 0x5ad000 8.00.6001.18828 C:\WINDOWS\system32\mshtml.dll
0x03090000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x74680000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
avguard.exe pid: 888
Command line: "C:\Programmi\Avira\AntiVir Desktop\avguard.exe"
MSASCui.exe pid: 900
Command line: "C:\Programmi\Windows Defender\MSASCui.exe" -hide
Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Programmi\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Programmi\Windows Defender\MpClient.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9c000 1.01.1593.0000 C:\Programmi\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Programmi\Windows Defender\MpRtMon.DLL
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x74910000 0x11e000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x60800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\MpAsDesc.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll
CTSVCCDA.EXE pid: 248
Command line: C:\WINDOWS\system32\CTsvcCDA.exe
Base Size Version Path
0x00400000 0xf000 1.00.0001.0000 C:\WINDOWS\system32\CTsvcCDA.exe
avgnt.exe pid: 1272
Command line: "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
rundll32.exe pid: 1440
Command line: "C:\WINDOWS\system32\Rundll32.exe" SPIRun.dll,RunDLLEntry
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\Rundll32.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x009b0000 0x6000 1.00.0000.0002 C:\WINDOWS\system32\SPIRun.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ba0000 0x24000 1.00.0000.0014 C:\WINDOWS\SYSTEM32\OemSpi.dll
0x73e80000 0x5c000 5.03.2600.5512 C:\WINDOWS\SYSTEM32\DSOUND.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
VolPanlu.exe pid: 1448
Command line: "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
Base Size Version Path
0x00400000 0x2c000 2.20.0011.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
0x10000000 0x11000 1.00.0002.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSeu.dll
0x00330000 0x53000 1.04.0000.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTAudEp.dll
0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x61000000 0x10000 2.10.0003.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ed0000 0x2a000 2.30.0000.0000 C:\Programmi\Creative\ShareDLL\CADI\ctcadi.dll
0x00f20000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x00f70000 0x1d000 0.00.0002.0005 C:\Programmi\Creative\ShareDLL\CADI\ctdmzspi.dll
0x00fa0000 0x1c000 0.00.0000.0014 C:\Programmi\Creative\ShareDLL\CADI\ctaudspi.dll
0x00fd0000 0x1b000 0.00.0000.0010 C:\Programmi\Creative\ShareDLL\CADI\ctpxspi.dll
0x01000000 0x1c000 0.00.0000.0012 C:\Programmi\Creative\ShareDLL\CADI\ctmbspi.dll
0x01030000 0x1c000 0.00.0000.0010 C:\Programmi\Creative\ShareDLL\CADI\ctksspi.dll
0x01060000 0x24000 1.00.0000.0014 C:\WINDOWS\SYSTEM32\OemSpi.dll
0x73e80000 0x5c000 5.03.2600.5512 C:\WINDOWS\SYSTEM32\DSOUND.dll
0x021c0000 0x19000 1.00.0000.0002 C:\Programmi\Creative\ShareDLL\CADI\dbacs.dll
0x023c0000 0x14000 2.00.0001.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\mxlibu.dll
0x023f0000 0x2d000 3.01.0018.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTThemeU.dll
0x02420000 0xc000 3.01.0002.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CtrlSrcU.dll
0x02430000 0xe000 1.02.0000.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTIniFu.dll
0x02450000 0x55000 3.01.0030.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl.sku
0x024b0000 0x27000 3.01.0021.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl2.sku
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x024e0000 0x1e000 3.01.0016.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl3.sku
0x02500000 0x1e000 3.01.0015.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\RtxCtrl.sku
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
LogitechDesktopMessenger.exe pid: 1564
Command line: "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
Base Size Version Path
0x00400000 0x8000 2.01.0002.0000 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
0x00900000 0x21e000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\backWeb.dll
0x10000000 0x39000 4.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwsec.dll
0x00840000 0xf000 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\clntutil.dll
0x71ef0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\snmpapi.dll
0x00850000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00db0000 0x2a000 7.02.0000.0137 C:\PROGRA~1\Logitech\DESKTO~1\8876480\720~1.137\program\EN\ClientRC.dll
0x698e0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\feclient.dll
0x00e50000 0xa000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
0x01560000 0x25000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWfiles.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x017a0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x66bb0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\inetmib1.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x01c90000 0xa000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWDocMapExt-8876480.dll
0x01ca0000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x01cf0000 0x84000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWDocMapExt.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x3fac0000 0x5ad000 8.00.6001.18828 C:\WINDOWS\system32\mshtml.dll
0x02000000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x02050000 0xa000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
0x02070000 0x1c000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwscriptext.dll
0x02a40000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll
0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll
0x606d0000 0x21000 5.07.0000.18066 C:\WINDOWS\system32\wshom.ocx
0x02b20000 0x21000 2.01.0002.0000 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
msmsgs.exe pid: 1596
Command line: "C:\Programmi\Messenger\msmsgs.exe" /background
Base Size Version Path
0x01000000 0x1c4000 4.07.0000.3001 C:\Programmi\Messenger\msmsgs.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x10000000 0x6f000 5.01.2600.5512 C:\WINDOWS\system32\XPOB2RES.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x776e0000 0x44000 2001.12.4414.0706 C:\WINDOWS\system32\es.dll
0x01260000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x76bc0000 0x34000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x75e20000 0x19000 4.07.0000.3002 C:\Programmi\Messenger\msgsc.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
AWC.exe pid: 1880
Command line: "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
Base Size Version Path
0x00400000 0x240000 3.03.0004.0666 C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
0x40000000 0xc6000 7.00.0004.0453 C:\Programmi\IObit\Advanced SystemCare 3\rtl70.bpl
0x00640000 0x157000 7.00.0004.0453 C:\Programmi\IObit\Advanced SystemCare 3\vcl70.bpl
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x007a0000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40220000 0x3b000 7.00.0004.0453 C:\Programmi\IObit\Advanced SystemCare 3\vclx70.bpl
0x00350000 0x53000 1.00.0000.0000 C:\Programmi\IObit\Advanced SystemCare 3\WinSkinD7R.bpl
0x10000000 0xe000 C:\Programmi\IObit\Advanced SystemCare 3\NtfsData.dll
0x003c0000 0x21000 C:\Programmi\IObit\Advanced SystemCare 3\STFix.dll
0x003f0000 0xf000 C:\Programmi\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
0x00990000 0xa000 1.00.0000.0032 C:\Programmi\IObit\Advanced SystemCare 3\Routine.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x5f210000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\olepro32.dll
0x59110000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\Wship6.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x5ab30000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemdisp.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x73540000 0x53000 5.01.2600.5512 C:\WINDOWS\system32\mstask.dll
0x01b90000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x01d60000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
PCSuite.exe pid: 1892
Command line: "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
Base Size Version Path
0x00400000 0x15d000 7.01.0040.0000 C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
0x67000000 0x1f0000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtCore4.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x65000000 0x700000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtGui4.dll
0x61000000 0x59000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtXml4.dll
0x00370000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x52000 7.01.0005.0000 C:\Programmi\Nokia\Nokia PC Suite 7\CDC.dll
0x4fd60000 0x1a6000 5.03.2600.5512 C:\WINDOWS\system32\d3d9.dll
0x6deb0000 0x6000 5.03.2600.5512 C:\WINDOWS\system32\d3d8thk.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x01170000 0x6000 7.00.0012.0000 C:\Programmi\Nokia\Nokia PC Suite 7\PCSL.dll
0x01290000 0x9c000 7.00.0126.0000 C:\Programmi\PC Connectivity Solution\ConnAPI.dll
0x01450000 0x148000 7.00.0155.0000 C:\Programmi\PC Connectivity Solution\DAAPI.dll
0x016c0000 0x44000 7.00.0019.0000 C:\Programmi\PC Connectivity Solution\PCCS_ABAPI.dll
0x01930000 0x125000 7.01.0015.0000 C:\Programmi\Nokia\Nokia PC Suite 7\styles\NGLStyle.dll
0x01a60000 0x21000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
0x01a90000 0x8000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
0x66000000 0x3e000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtSvg4.dll
0x01cc0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x02640000 0x32000 7.00.0043.0000 C:\Programmi\PC Connectivity Solution\ConfServer.dll
0x74910000 0x11e000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x03990000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
MsPMSPSv.exe pid: 2020
Command line: C:\WINDOWS\system32\MsPMSPSv.exe
Base Size Version Path
0x01000000 0xd000 7.00.0000.1954 C:\WINDOWS\system32\MsPMSPSv.exe
SetPoint.exe pid: 644
Command line: "C:\Programmi\Logitech\SetPoint\SetPoint.exe"
Base Size Version Path
0x00400000 0xc6000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\SetPoint.exe
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x10900000 0x13000 4.80.0103.0000 C:\WINDOWS\system32\KemXML.dll
0x10800000 0x2a000 4.80.0103.0000 C:\WINDOWS\system32\kemutb.dll
0x10700000 0x28000 4.80.0103.0000 C:\WINDOWS\system32\KemUtil.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x10b00000 0x1b000 4.80.0103.0000 C:\WINDOWS\system32\KemWnd.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x12a00000 0xa000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\SetPointCOM.dll
0x10000000 0x7000 C:\Programmi\Logitech\SetPoint\khalwrapper.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00ae0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00f30000 0x107000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\Macros\MacroCore.dll
0x12300000 0x8000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\IMHook.dll
0x1f900000 0x2a000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\WebBrowserSupport.dll
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x01070000 0x22000 4.70.0026.0000 C:\Programmi\Logitech\SetPoint\Macros\MacroAppSwitch.dll
0x010b0000 0x2f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KhalApi.dll
0x01240000 0x24000 4.80.0103.0000 C:\Programmi\File comuni\LogiShrd\bluetooth\LBTServ.dll
0x10e00000 0x11000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\kgame.dll
0x10d00000 0xf000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\GameHook.dll
0x10a00000 0x1f000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\LCabHandler.dll
0x10f00000 0x3d000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\Macros\MacroMedia.dll
0x10300000 0xb000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\KEMHook.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x01f10000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll
avmailc.exe pid: 128
Command line: "C:\Programmi\Avira\AntiVir Desktop\avmailc.exe"
avwebgrd.exe pid: 2056
Command line: "C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE"
KHALMNPR.exe pid: 2388
Command line: KHALMNPR.EXE /API
Base Size Version Path
0x00400000 0xd000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
0x10000000 0x2f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALAPI.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00f70000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00fd0000 0x24000 4.80.0103.0000 C:\Programmi\File comuni\LogiShrd\bluetooth\LBTServ.dll
0x74a70000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\cfgmgr32.dll
0x01020000 0x19000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALITCH.DLL
0x01060000 0x1d000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALMW.DLL
0x010a0000 0x2f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALHPP.DLL
0x01170000 0x22000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALMOU.DLL
0x011c0000 0x1f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALHID.DLL
0x01200000 0x1b000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALUSB.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
alg.exe pid: 3396
Command line: C:\WINDOWS\System32\alg.exe
Base Size Version Path
0x01000000 0xd000 5.01.2600.5512 C:\WINDOWS\System32\alg.exe
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\System32\ATL.DLL
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
ServiceLayer.exe pid: 3484
Command line: "C:\Programmi\PC Connectivity Solution\ServiceLayer.exe"
Base Size Version Path
0x00400000 0xa0000 7.00.0124.0000 C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
0x10000000 0x6a000 7.00.0006.0000 C:\Programmi\PC Connectivity Solution\PCCS_DBEngine.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
NclRSSrv.exe pid: 3716
Command line: {F1E6C4F5-39C0-43FF-B929-55E2DA2E6D80}
Base Size Version Path
0x00400000 0x23000 7.00.0007.0000 C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
NclUSBSrv.exe pid: 3848
Command line: {EF37675B-E6B6-4D7D-B158-7E716E476984}
Base Size Version Path
0x00400000 0x25000 7.00.0015.0000 C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
CLI.exe pid: 3260
Command line: "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" -hide Wizard
Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x791b0000 0x269000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x008f0000 0x45000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x79780000 0x20e000 1.01.4322.2443 c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
0x79990000 0x33e000 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d01e3220\mscorlib.dll
0x79510000 0x13000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79430000 0x4d000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
0x7b610000 0x1f8000 1.01.4322.2032 c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
0x7b810000 0x2e2000 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecba824d\system.windows.forms.dll
0x11000000 0xc000 1.02.2349.28178 c:\programmi\ati technologies\ati.ace\cli.implementation.dll
0x02e50000 0xc000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\log.foundation.dll
0x03070000 0x14000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.dll
0x03090000 0xe000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\log.foundation.service.dll
0x030a0000 0x8000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\log.foundation.shared.dll
0x7b0a0000 0x130000 1.01.4322.2443 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
0x7b1d0000 0x1e4000 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bbd2063\system.dll
0x030f0000 0xa000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
0x7bc10000 0x14a000 1.01.4322.2032 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
0x7bd60000 0x202000 c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7efd980c\system.xml.dll
0x79640000 0x52000 1.01.4322.2032 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
0x03500000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x03770000 0x9c000 1.02.2349.28247 c:\programmi\ati technologies\ati.ace\cli.component.wizard.dll
0x03810000 0xe000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.clients.dll
0x03820000 0xa000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.component.wizard.shared.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x039f0000 0x18000 1.02.2349.28582 c:\programmi\ati technologies\ati.ace\cli.component.runtime.dll
0x03a20000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\aticccom.dll
0x03a30000 0x10000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.shared.dll
0x03a40000 0xa000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\aem.foundation.dll
0x03a50000 0xa000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
0x03a70000 0x18000 1.02.2349.28255 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.wizard.dll
0x03a90000 0x8000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.wizard.shared.dll
0x7b490000 0x76000 1.01.4322.2032 c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
0x7b510000 0xce000 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cdb8df7\system.drawing.dll
0x03aa0000 0x130000 1.02.2349.28225 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.wizard.dll
0x03bd0000 0x130000 1.02.2349.28232 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.wizard.dll
0x03d10000 0x68000 1.02.2349.28216 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.wizard.dll
0x03e80000 0x68000 1.02.2349.28271 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.wizard.dll
0x03ef0000 0x28000 1.02.2349.28200 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.wizard.dll
0x03f20000 0x28000 1.02.2349.28208 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.wizard.dll
0x03f50000 0x246000 1.02.2349.28240 c:\programmi\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.wizard.dll
0x041f0000 0x22000 1.02.2349.28179 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.wizard.dll
0x041c0000 0x17000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x04320000 0x74000 1.02.2349.28186 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.wizard.dll
0x79e60000 0x42000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
0x04b30000 0x80000 1.02.2349.28171 c:\programmi\ati technologies\ati.ace\cli.aspect.transcode.local.wizard.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x05370000 0x54000 1.02.2349.28194 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.wizard.dll
0x053d0000 0xc000 1.02.2236.29179 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll
0x053f0000 0x8000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll
0x05820000 0xc000 1.02.2236.29197 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x05810000 0x8000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll
0x05ab0000 0xa000 1.02.2236.29132 c:\programmi\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll
0x05ac0000 0xa000 1.02.2208.29994 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll
0x05ae0000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll
0x05af0000 0x12000 1.02.2343.18635 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll
0x05b10000 0x12000 1.02.2343.18612 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll
0x05b40000 0x12000 1.02.2232.28756 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll
0x05b60000 0xc000 1.02.2208.30001 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll
0x05b70000 0x4a000 1.02.0000.0000 c:\programmi\ati technologies\ati.ace\cli.aspect.transcode.local.shared.dll
0x05bd0000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\atixclib.dll
0x05bf0000 0x2b000 9.12.0000.60312 C:\Programmi\File comuni\ATI Technologies\Multimedia\atixcode.dll
0x05c20000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x05c50000 0x209000 9.12.0000.60312 C:\Programmi\File comuni\ATI Technologies\Multimedia\atidvcr.dll
0x05e60000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll
0x7a090000 0x138000 1.01.4322.2443 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
CLI.exe pid: 3272
Command line: "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray
Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x791b0000 0x269000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x008f0000 0x45000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x79780000 0x20e000 1.01.4322.2443 c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
0x79990000 0x33e000 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d01e3220\mscorlib.dll
0x79510000 0x13000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79430000 0x4d000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
0x7b610000 0x1f8000 1.01.4322.2032 c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
0x7b810000 0x2e2000 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecba824d\system.windows.forms.dll
0x11000000 0xc000 1.02.2349.28178 c:\programmi\ati technologies\ati.ace\cli.implementation.dll
0x02e50000 0xc000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\log.foundation.dll
0x03070000 0x14000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.dll
0x03090000 0xe000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\log.foundation.service.dll
0x030a0000 0x8000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\log.foundation.shared.dll
0x7b0a0000 0x130000 1.01.4322.2443 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
0x7b1d0000 0x1e4000 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bbd2063\system.dll
0x030f0000 0xa000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
0x7bc10000 0x14a000 1.01.4322.2032 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
0x7bd60000 0x202000 c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7efd980c\system.xml.dll
0x79640000 0x52000 1.01.4322.2032 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
0x03500000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x03770000 0x6c000 1.02.2349.28521 c:\programmi\ati technologies\ati.ace\cli.component.systemtray.dll
0x037e0000 0x10000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.shared.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x039b0000 0x18000 1.02.2349.28582 c:\programmi\ati technologies\ati.ace\cli.component.runtime.dll
0x039d0000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\aticccom.dll
0x039f0000 0xa000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
0x03a00000 0xa000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\aem.foundation.dll
0x03a10000 0xa000 1.02.2208.30002 c:\programmi\ati technologies\ati.ace\apm.foundation.dll
0x7b490000 0x76000 1.01.4322.2032 c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
0x7b510000 0xce000 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cdb8df7\system.drawing.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x03a90000 0x12000 1.02.2349.28521 c:\programmi\ati technologies\ati.ace\it\cli.component.systemtray.resources.dll
0x7a090000 0x138000 1.01.4322.2443 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
0x03b00000 0x17000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x79e60000 0x42000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
FWService.exe pid: 2744
Command line: "C:\Programmi\PC Tools Firewall Plus\FWService.exe"
Base Size Version Path
0x00400000 0x23000 5.00.0000.0036 C:\Programmi\PC Tools Firewall Plus\FWService.exe
0x10000000 0x36b000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\Objects.dll
0x5dd60000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\RPCNS4.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66bb0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\inetmib1.dll
0x71ef0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\snmpapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x01340000 0x31c000 5.00.0000.0040 C:\Programmi\PC Tools Firewall Plus\FirewallWrapper.dll
0x01a00000 0x2d000 2.00.0001.0006 C:\Programmi\PC Tools Firewall Plus\PCTWSC.dll
0x01ce0000 0x77000 1.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\PluginDllFW.dll
0x01d80000 0x5d000 1.00.0000.0037 C:\Programmi\File comuni\PC Tools\GenTDI\GenericTdiDll.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x03650000 0xbd000 1.00.0000.0082 C:\Programmi\File comuni\PC Tools\KDS\KDSInterface.dll
0x03730000 0x78000 1.00.0000.0068 C:\Programmi\File comuni\PC Tools\KDS\KDSAppEvent.dll
0x76590000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\SensApi.dll
0x750e0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\Cabinet.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x055d0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
ctfmon.exe pid: 412
Command line: ctfmon.exe
Base Size Version Path
0x00400000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\ctfmon.exe
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x60060000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\MSUTB.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
svchost.exe pid: 6052
Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x75a20000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll
0x74a70000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll
0x73aa0000 0x15000 5.01.2600.5627 c:\windows\system32\mscms.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x73b10000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
sys88607.exe pid: 4728
Command line: "C:\Documents and Settings\vincenzo\Desktop\sys88607.exe"
Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\vincenzo\Desktop\sys88607.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
runme.exe pid: 4144
Command line: runme.exe
Base Size Version Path
0x00400000 0x62000 3.06.0000.0002 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp\runme.exe
0x73390000 0x153000 6.00.0098.0002 C:\WINDOWS\system32\MSVBVM60.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll
0x01610000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x01a30000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll
wscntfy.exe pid: 5084
Command line: C:\WINDOWS\system32\wscntfy.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\wscntfy.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
cmd.exe pid: 13164
Command line: cmd /c uuoywfrygn.exe > tempd.txt
Base Size Version Path
0x4ad00000 0x64000 5.01.2600.5512 C:\WINDOWS\system32\cmd.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
uuoywfrygn.exe pid: 13204
Command line: uuoywfrygn.exe
Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp\uuoywfrygn.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
===================== NTFS ADS =====================
===================== ENCRYPTED FILES =====================
===================== HIDDEN OBJECTS =====================
===================== RUSTOCK ROOTKIT DETECTION =====================
===================== MASTER BOOT RECORD =====================
===================== NETWORK SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\-----
~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~
Nome host . . . . . . . . . . . . . . : casa-b8be587135
Suffisso DNS primario . . . . . . . :
Tipo nodo . . . . . . . . . : Sconosciuto
Proxy WINS abilitato . . . . . . . . : No
Scheda Ethernet Connessione alla rete locale (LAN):
Stato supporto . . . . . . . . . . . : Supporto disconnesso
Descrizione . . . . . . . . . . . . . : NIC Fast Ethernet PCI Realtek RTL8139 Family
Scheda Ethernet Connessione alla rete locale (LAN) 2:
Stato supporto . . . . . . . . . . . : Supporto disconnesso
Descrizione . . . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
-----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
\{0DE2E021-F55A-4710-9F74-7AF2139CC51E} NameServer= 192.168.1.1
~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~
Connessioni attive
Proto Indirizzo locale Indirizzo esterno Stato PID
TCP casa-b8be587135:epmap 0.0.0.0:0 LISTENING 1500
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
-- componente/i sconosciuto/i --
[svchost.exe]
TCP casa-b8be587135:microsoft-ds 0.0.0.0:0 LISTENING 4
[Sistema]
TCP casa-b8be587135:44080 0.0.0.0:0 LISTENING 2056
[AVWEBGRD.EXE]
TCP casa-b8be587135:44110 0.0.0.0:0 LISTENING 128
[avmailc.exe]
TCP casa-b8be587135:1025 0.0.0.0:0 LISTENING 672
[cli.exe]
TCP casa-b8be587135:1027 0.0.0.0:0 LISTENING 3396
[alg.exe]
TCP casa-b8be587135:1034 0.0.0.0:0 LISTENING 3272
[cli.exe]
TCP casa-b8be587135:1037 0.0.0.0:0 LISTENING 3260
[cli.exe]
TCP casa-b8be587135:1030 localhost:44080 CLOSE_WAIT 1892
[PCSuite.exe]
UDP casa-b8be587135:microsoft-ds *:* 4
[Sistema]
UDP casa-b8be587135:9370 *:* 1564
[LogitechDesktopMessenger.exe]
UDP casa-b8be587135:ntp *:* 1680
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP casa-b8be587135:1038 *:* 1880
[AWC.exe]
~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~
Nome cond. Risorsa Nota
IPC$ IPC remoto
D$ D:\ Condivisione predefinita
F$ F:\ Condivisione predefinita
ADMIN$ C:\WINDOWS Amministrazione remota
C$ C:\ Condivisione predefinita
E$ E:\ Condivisione predefinita
~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~
Nessuna connessione
~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~
-----C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Connections\Pbk\rasphone.pbk
===================== HOSTS FILE =====================
127.0.0.1 localhost
===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\
===================== UNINSTALL LIST =====================
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----
===================== HIJACKTHIS LOG =====================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7.55.53, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\vincenzo\Desktop\sys88607.exe
C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp\runme.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DE2E021-F55A-4710-9F74-7AF2139CC51E}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 18779 bytes
==========================================
Scan completed in 469,7 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman:
www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell:
www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer:
www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work
vSystemScan -
www.suspectfile.com - ver. 3.6.2 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\vincenzo\Desktop\sys88607.exe
Running in: User mode
Date: 29/10/2009
Time: 0.02.31
Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log
===================== ACCOUNTS ON THIS PC =====================
Users on this computer:
Is Admin? | Username
Yes | Administrator
| ASPNET
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)
Yes | vincenzo
### users folders
03/08/2009 13.41.47 (DIR) 0 byte 87 days old -- All Users
08/08/2009 14.53.37 (DIR) 0 byte 82 days old -- yfl
15/10/2009 10.25.26 (DIR) 0 byte 14 days old -- Default User
15/10/2009 10.39.10 (DIR) 0 byte 14 days old -- NetworkService
15/10/2009 10.54.35 (DIR) 0 byte 14 days old -- LocalService
28/10/2009 11.39.49 (DIR) 0 byte 1 days old -- vincenzo
### startup files in users folders
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\vincenzo\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
===================== RECENT FILES =====================
Listing files newer than 60 days
---- recent files in C:\
03/08/2009 15:24:04 -- 28/10/2009 23:58:51 (DIR) ---- 0 days old -- C:\WINDOWS
03/08/2009 15:29:36 -- 28/10/2009 23:49:10 (DIR) HS-- 0 days old -- C:\System Volume Information
03/08/2009 15:30:56 -- 28/10/2009 11:32:14 (DIR) --R- 0 days old -- C:\Programmi
15/10/2009 23:10:46 -- 15/10/2009 23:10:46 (DIR) ---- 13 days old -- C:\RECYCLER
03/08/2009 15:29:36 -- 13/09/2009 13:55:22 (DIR) ---- 45 days old -- C:\Documents and Settings
03/08/2009 15:24:03 -- 28/10/2009 23:23:002145386496 HS-A 0 days old -- C:\pagefile.sys
28/10/2009 13:30:38 -- 28/10/2009 13:30:38 21088 ---A 0 days old -- C:\ComboFix.txt
---- recent files in C:\DOCUME~1\vincenzo\IMPOST~1\Temp\
29/10/2009 00:01:41 -- 29/10/2009 00:02:31 (DIR) ---- 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp
28/10/2009 23:26:02 -- 28/10/2009 23:26:02 (DIR) ---- 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\WPDNSE
23/09/2009 15:29:37 -- 28/10/2009 23:25:22 (DIR) H--- 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\NGLATempNokia
29/10/2009 00:01:41 -- 29/10/2009 00:01:41 55 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\systemscan.ini
29/10/2009 00:01:41 -- 29/10/2009 00:01:41 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\~DF7A7.tmp
28/10/2009 23:27:31 -- 28/10/2009 23:27:31 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\Perflib_Perfdata_cbc.dat
28/10/2009 23:27:30 -- 28/10/2009 23:27:30 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\Perflib_Perfdata_cc8.dat
28/10/2009 23:25:59 -- 28/10/2009 23:25:59 16384 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\Perflib_Perfdata_2a0.dat
23/09/2009 15:29:13 -- 28/10/2009 23:25:46 9498 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\NGLALog.txt
28/10/2009 23:24:35 -- 03/08/2009 14:11:26 24613 ---A 0 days old -- C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
---- recent files in C:\WINDOWS\
13/09/2009 22:35:31 -- 28/10/2009 23:49:08 (DIR) ---- 0 days old -- C:\WINDOWS\ERDNT
28/10/2009 13:30:41 -- 28/10/2009 23:43:24 (DIR) ---- 0 days old -- C:\WINDOWS\temp
26/10/2009 12:41:05 -- 28/10/2009 23:28:07 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch
03/08/2009 13:40:19 -- 28/10/2009 23:26:25 (DIR) -S-- 0 days old -- C:\WINDOWS\Tasks
03/08/2009 15:24:04 -- 28/10/2009 13:14:21 (DIR) ---- 0 days old -- C:\WINDOWS\system32
03/08/2009 15:24:04 -- 28/10/2009 13:14:21 (DIR) ---- 0 days old -- C:\WINDOWS\AppPatch
03/08/2009 15:31:01 -- 28/10/2009 11:32:22 (DIR) HS-- 0 days old -- C:\WINDOWS\Installer
26/10/2009 12:38:37 -- 27/10/2009 10:02:08 (DIR) ---- 1 days old -- C:\WINDOWS\SoftwareDistribution
03/08/2009 13:41:36 -- 26/10/2009 12:41:04 (DIR) -S-- 2 days old -- C:\WINDOWS\Downloaded Program Files
03/08/2009 13:52:12 -- 18/10/2009 13:54:55 (DIR) -SR- 10 days old -- C:\WINDOWS\assembly
03/08/2009 13:52:12 -- 18/10/2009 13:52:32 (DIR) ---- 10 days old -- C:\WINDOWS\Microsoft.NET
03/08/2009 15:24:04 -- 17/10/2009 17:08:15 (DIR) ---- 11 days old -- C:\WINDOWS\Debug
03/08/2009 15:24:04 -- 16/10/2009 17:02:42 (DIR) ---- 12 days old -- C:\WINDOWS\WinSxS
03/08/2009 15:24:04 -- 16/10/2009 17:00:45 (DIR) H--- 12 days old -- C:\WINDOWS\inf
03/08/2009 14:58:46 -- 16/10/2009 17:00:22 (DIR) H--- 12 days old -- C:\WINDOWS\$hf_mig$
16/10/2009 17:00:18 -- 16/10/2009 17:00:18 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB958869$
16/10/2009 16:57:40 -- 16/10/2009 16:57:41 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB969059$
16/10/2009 16:57:17 -- 16/10/2009 16:57:19 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB954155_WM9$
16/10/2009 16:57:12 -- 16/10/2009 16:57:13 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB974112$
16/10/2009 16:57:05 -- 16/10/2009 16:57:07 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB975025$
16/10/2009 16:56:58 -- 16/10/2009 16:56:59 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB974571$
16/10/2009 16:55:49 -- 16/10/2009 16:55:50 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB971486$
16/10/2009 16:55:40 -- 16/10/2009 16:55:41 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB973525$
16/10/2009 16:55:32 -- 16/10/2009 16:55:33 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB975467$
03/08/2009 17:44:05 -- 13/10/2009 22:56:41 (DIR) ---- 15 days old -- C:\WINDOWS\network diagnostic
03/08/2009 15:24:04 -- 10/10/2009 13:28:48 (DIR) ---- 18 days old -- C:\WINDOWS\Help
03/08/2009 14:44:49 -- 10/10/2009 13:28:46 (DIR) H--- 18 days old -- C:\WINDOWS\$NtUninstallwmp11$
03/08/2009 15:24:04 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\WINDOWS\security
03/08/2009 20:37:13 -- 08/10/2009 16:53:05 (DIR) ---- 20 days old -- C:\WINDOWS\VistaMizer
03/08/2009 15:24:04 -- 08/10/2009 16:53:05 (DIR) ---- 20 days old -- C:\WINDOWS\repair
23/09/2009 15:34:07 -- 23/09/2009 15:34:09 (DIR) H--- 35 days old -- C:\WINDOWS\$NtUninstallWudf01007$
20/09/2009 16:56:49 -- 20/09/2009 16:56:49 (DIR) H--- 38 days old -- C:\WINDOWS\$NtUninstallWdf01005$
18/09/2009 21:59:00 -- 18/09/2009 21:59:00 (DIR) H--- 40 days old -- C:\WINDOWS\$NtUninstallWdf01007$
06/08/2009 21:23:34 -- 08/09/2009 20:51:10 (DIR) ---- 50 days old -- C:\WINDOWS\Motive
08/09/2009 20:39:39 -- 08/09/2009 20:39:41 (DIR) H--- 50 days old -- C:\WINDOWS\$NtUninstallKB968816_WM9$
08/09/2009 20:39:35 -- 08/09/2009 20:39:36 (DIR) H--- 50 days old -- C:\WINDOWS\$NtUninstallKB956844$
07/09/2009 13:16:07 -- 07/09/2009 13:16:08 (DIR) H--- 51 days old -- C:\WINDOWS\$NtUninstallKB968389$
28/10/2009 23:58:51 -- 28/10/2009 23:58:56 50 ---A 0 days old -- C:\WINDOWS\wiaservc.log
28/10/2009 23:58:51 -- 28/10/2009 23:58:51 0 ---A 0 days old -- C:\WINDOWS\Sti_Trace.log
28/10/2009 23:58:51 -- 28/10/2009 23:58:51 159 ---A 0 days old -- C:\WINDOWS\wiadebug.log
28/10/2009 13:03:04 -- 28/10/2009 23:26:35 984 ---A 0 days old -- C:\WINDOWS\setupapi.log
28/10/2009 13:01:55 -- 28/10/2009 23:25:46 0 ---A 0 days old -- C:\WINDOWS\0.log
03/08/2009 13:41:26 -- 28/10/2009 23:24:43 2060785 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log
03/08/2009 13:45:13 -- 28/10/2009 23:23:15 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat
03/08/2009 13:46:27 -- 28/10/2009 13:37:44 32544 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt
31/08/2001 15:00:00 -- 28/10/2009 13:23:31 227 ---A 0 days old -- C:\WINDOWS\system.ini
03/08/2009 14:01:47 -- 22/10/2009 13:51:42 11 ---A 6 days old -- C:\WINDOWS\SBWIN.INI
26/08/2009 15:32:08 -- 01/10/2009 22:17:35 65 ---A 27 days old -- C:\WINDOWS\FISHUI.INI
29/09/2009 22:42:08 -- 30/09/2009 13:28:38 975 H-RA 28 days old -- C:\WINDOWS\ctfile.rfc
29/09/2009 22:47:43 -- 06/10/2006 07:17:34 53248 ---- 29 days old -- C:\WINDOWS\Ctregrun.exe
29/09/2009 22:42:14 -- 12/09/2007 13:11:28 765952 ---A 29 days old -- C:\WINDOWS\OALInst.exe
29/09/2009 22:38:14 -- 29/09/2009 22:38:14 29 ---A 29 days old -- C:\WINDOWS\sfbm.INI
20/09/2009 16:57:29 -- 20/09/2009 18:24:46 4898 ---A 38 days old -- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
14/09/2009 21:56:25 -- 14/09/2009 21:56:25 0 ---A 44 days old -- C:\WINDOWS\nsreg.dat
---- recent files in C:\WINDOWS\system\
---- recent files in C:\WINDOWS\system32\
03/08/2009 13:39:54 -- 28/10/2009 23:49:10 (DIR) ---- 0 days old -- C:\WINDOWS\system32\Restore
03/08/2009 15:30:11 -- 28/10/2009 23:25:58 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2
03/08/2009 15:24:04 -- 28/10/2009 13:30:42 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers
03/08/2009 15:30:11 -- 26/10/2009 12:40:30 (DIR) ---- 2 days old -- C:\WINDOWS\system32\CatRoot
03/08/2009 15:24:04 -- 22/10/2009 13:54:11 (DIR) HSR- 6 days old -- C:\WINDOWS\system32\dllcache
03/08/2009 15:24:04 -- 08/10/2009 20:44:10 (DIR) ---- 20 days old -- C:\WINDOWS\system32\inetsrv
03/08/2009 13:37:50 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\WINDOWS\system32\MsDtc
03/08/2009 15:24:04 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\WINDOWS\system32\config
03/08/2009 14:10:44 -- 30/09/2009 13:27:34 (DIR) ---- 28 days old -- C:\WINDOWS\system32\ReinstallBackups
18/09/2009 21:57:25 -- 23/09/2009 15:22:12 (DIR) ---- 35 days old -- C:\WINDOWS\system32\DRVSTORE
04/09/2009 12:33:27 -- 04/09/2009 12:39:15 (DIR) ---- 54 days old -- C:\WINDOWS\system32\Adobe
03/08/2009 13:40:12 -- 04/09/2009 12:39:13 (DIR) ---- 54 days old -- C:\WINDOWS\system32\Macromed
03/08/2009 13:42:42 -- 26/10/2009 12:40:37 23392 ---A 2 days old -- C:\WINDOWS\system32\nscompat.tlb
03/08/2009 13:42:43 -- 26/10/2009 12:40:37 16832 ---A 2 days old -- C:\WINDOWS\system32\amcompat.tlb
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 489390 ---A 3 days old -- C:\WINDOWS\system32\perfh010.dat
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 71232 ---A 3 days old -- C:\WINDOWS\system32\perfc009.dat
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 441476 ---A 3 days old -- C:\WINDOWS\system32\perfh009.dat
31/08/2001 15:00:00 -- 25/10/2009 14:16:10 84106 ---A 3 days old -- C:\WINDOWS\system32\perfc010.dat
03/08/2009 15:31:02 -- 25/10/2009 14:16:10 1099900 ---A 3 days old -- C:\WINDOWS\system32\PerfStringBackup.INI
31/08/2001 15:00:00 -- 24/10/2009 13:29:59 2228 ---A 4 days old -- C:\WINDOWS\system32\wpa.dbl
29/09/2009 22:08:18 -- 22/10/2009 13:53:59 1076 ---A 6 days old -- C:\WINDOWS\system32\settings.sfm
29/09/2009 22:08:18 -- 22/10/2009 13:53:59 1076 ---A 6 days old -- C:\WINDOWS\system32\settingsbkup.sfm
10/10/2009 13:29:07 -- 08/07/2008 14:06:04 18808 ---- 18 days old -- C:\WINDOWS\system32\spmsg.dll
03/10/2009 16:50:28 -- 01/10/2009 10:29:14 195440 ---- 25 days old -- C:\WINDOWS\system32\MpSigStub.exe
03/08/2009 15:50:50 -- 02/10/2009 19:01:57 25198016 ---A 26 days old -- C:\WINDOWS\system32\mrt.exe
01/10/2009 22:21:34 -- 01/10/2009 22:32:01 7055 ---A 27 days old -- C:\WINDOWS\system32\EPPICResdb0000
01/10/2009 22:21:34 -- 01/10/2009 22:32:01 121 ---A 27 days old -- C:\WINDOWS\system32\EPPICResdb
30/09/2009 12:32:20 -- 30/09/2009 13:27:22 413696 ---A 28 days old -- C:\WINDOWS\system32\wrap_oal.dll
30/09/2009 13:26:43 -- 18/03/2008 16:02:02 22833304 ---A 28 days old -- C:\WINDOWS\system32\AppSetup.exe
30/09/2009 12:51:53 -- 20/04/2007 14:28:50 3118 ---- 28 days old -- C:\WINDOWS\system32\AudioDrv.ini
30/09/2009 12:49:05 -- 13/12/2000 11:21:10 7572224 ---- 28 days old -- C:\WINDOWS\system32\CT8MGM.SF2
29/09/2009 22:48:41 -- 12/06/2003 22:25:40 7062 ---A 29 days old -- C:\WINDOWS\system32\audiopid.vxd
29/09/2009 22:47:44 -- 22/05/2000 09:58:00 647872 ---- 29 days old -- C:\WINDOWS\system32\Mscomct2.ocx
29/09/2009 22:42:38 -- 23/11/2006 01:55:48 782336 --RA 29 days old -- C:\WINDOWS\system32\tmpC2.tmp
23/09/2009 15:20:35 -- 09/02/2009 07:37:50 659968 ---A 35 days old -- C:\WINDOWS\system32\nmwcdcocls.dll
23/09/2009 14:16:53 -- 09/02/2009 07:37:48 91136 ---A 35 days old -- C:\WINDOWS\system32\nmwcdcls.dll
20/09/2009 13:34:48 -- 13/11/2006 13:45:54 1419232 ---A 38 days old -- C:\WINDOWS\system32\wdfcoinstaller01005.dll
18/09/2009 21:59:05 -- 21/03/2008 12:57:18 14640 ---- 40 days old -- C:\WINDOWS\system32\spmsgXP_2k3.dll
18/09/2009 21:57:26 -- 27/03/2008 16:49:38 1112288 ---A 40 days old -- C:\WINDOWS\system32\wdfcoinstaller01007.dll
19/08/2004 16:39:18 -- 11/09/2009 15:17:34 136192 ---A 47 days old -- C:\WINDOWS\system32\msv1_0.dll
19/08/2004 16:39:18 -- 04/09/2009 22:03:04 58880 ---A 54 days old -- C:\WINDOWS\system32\msasn1.dll
19/08/2004 16:38:08 -- 01/09/2009 15:46:18 282654 ---A 57 days old -- C:\WINDOWS\system32\msaud32.acm
19/08/2004 16:39:30 -- 29/08/2009 08:56:22 916480 ---- 60 days old -- C:\WINDOWS\system32\wininet.dll
19/08/2004 16:39:30 -- 29/08/2009 08:56:21 1208832 ---A 60 days old -- C:\WINDOWS\system32\urlmon.dll
19/08/2004 16:39:22 -- 29/08/2009 08:56:20 206848 ---A 60 days old -- C:\WINDOWS\system32\occache.dll
19/08/2004 16:39:18 -- 29/08/2009 08:56:19 5940224 ---- 60 days old -- C:\WINDOWS\system32\mshtml.dll
13/08/2007 17:54:10 -- 29/08/2009 08:56:14 594432 ---A 60 days old -- C:\WINDOWS\system32\msfeeds.dll
19/08/2004 16:39:16 -- 29/08/2009 08:56:14 25600 ---- 60 days old -- C:\WINDOWS\system32\jsproxy.dll
13/08/2007 17:54:10 -- 29/08/2009 08:56:14 55296 ---A 60 days old -- C:\WINDOWS\system32\msfeedsbs.dll
19/08/2004 16:39:48 -- 29/08/2009 08:56:14 1469440 ---A 60 days old -- C:\WINDOWS\system32\inetcpl.cpl
13/08/2007 17:34:04 -- 29/08/2009 08:56:13 1985536 ---A 60 days old -- C:\WINDOWS\system32\iertutil.dll
19/08/2004 16:39:14 -- 29/08/2009 08:56:11 184320 ---A 60 days old -- C:\WINDOWS\system32\iepeers.dll
13/08/2007 17:54:10 -- 29/08/2009 08:56:10 11069440 ---A 60 days old -- C:\WINDOWS\system32\ieframe.dll
19/08/2004 16:39:14 -- 29/08/2009 08:56:05 387584 ---- 60 days old -- C:\WINDOWS\system32\iedkcs32.dll
---- recent files in C:\WINDOWS\system32\drivers\
03/08/2009 15:24:04 -- 28/10/2009 13:20:18 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers\etc
03/08/2009 14:43:48 -- 23/09/2009 15:33:45 (DIR) ---- 35 days old -- C:\WINDOWS\system32\drivers\UMDF
30/09/2009 12:32:05 -- 10/10/2007 18:31:08 1664384 ---A 28 days old -- C:\WINDOWS\system32\drivers\p17xfilt.sys
29/09/2009 22:42:48 -- 07/08/2006 18:30:52 162176 ---A 29 days old -- C:\WINDOWS\system32\drivers\ctusfsyn.sys
23/09/2009 15:34:25 -- 23/09/2009 15:34:25 0 H--A 35 days old -- C:\WINDOWS\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
23/09/2009 15:34:22 -- 23/09/2009 15:34:22 0 H--A 35 days old -- C:\WINDOWS\system32\drivers\MsftWdf_user_01_07_00.Wdf
23/09/2009 15:33:25 -- 23/09/2009 15:33:25 0 H--A 35 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
23/09/2009 15:21:03 -- 26/08/2008 09:26:12 18816 ---A 35 days old -- C:\WINDOWS\system32\drivers\pccsmcfd.sys
23/09/2009 15:20:38 -- 19/03/2009 13:48:12 8320 ---A 35 days old -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
23/09/2009 15:20:37 -- 19/03/2009 13:48:18 136704 ---A 35 days old -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys
23/09/2009 15:20:37 -- 09/02/2009 07:37:56 7808 ---A 35 days old -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
23/09/2009 15:20:36 -- 09/02/2009 07:37:48 7808 ---A 35 days old -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
23/09/2009 15:20:35 -- 09/02/2009 07:37:46 17664 ---A 35 days old -- C:\WINDOWS\system32\drivers\ccdcmb.sys
23/09/2009 15:20:35 -- 09/02/2009 07:37:46 22016 ---A 35 days old -- C:\WINDOWS\system32\drivers\ccdcmbo.sys
20/09/2009 18:27:55 -- 29/01/2009 16:11:20 6016 ---A 38 days old -- C:\WINDOWS\system32\drivers\motfilt.sys
20/09/2009 18:27:55 -- 29/01/2009 15:42:12 23296 ---A 38 days old -- C:\WINDOWS\system32\drivers\Motousbnet.sys
20/09/2009 18:21:12 -- 29/01/2009 03:15:54 23680 ---A 38 days old -- C:\WINDOWS\system32\drivers\motmodem.sys
20/09/2009 16:57:08 -- 20/09/2009 16:57:08 0 H--A 38 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
20/09/2009 16:57:06 -- 20/09/2009 16:57:06 0 H--A 38 days old -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
20/09/2009 13:35:17 -- 13/04/2008 19:45:36 26112 ---A 38 days old -- C:\WINDOWS\system32\drivers\usbser.sys
19/09/2009 20:45:42 -- 11/05/2009 09:12:28 28520 ---A 39 days old -- C:\WINDOWS\system32\drivers\ssmdrv.sys
19/09/2009 20:45:42 -- 13/02/2009 11:29:15 22360 ---A 39 days old -- C:\WINDOWS\system32\drivers\avgntmgr.sys
19/09/2009 20:45:42 -- 30/03/2009 09:33:11 96104 ---A 39 days old -- C:\WINDOWS\system32\drivers\avipbb.sys
19/09/2009 20:45:42 -- 13/02/2009 11:17:49 45416 ---A 39 days old -- C:\WINDOWS\system32\drivers\avgntdd.sys
19/09/2009 13:26:20 -- 19/09/2009 13:26:20 0 H--A 39 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
19/09/2009 13:26:19 -- 19/09/2009 13:26:19 0 H--A 39 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
18/09/2009 21:59:33 -- 18/09/2009 21:59:33 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motfilt_01007.Wdf
18/09/2009 21:59:32 -- 18/09/2009 21:59:32 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
18/09/2009 21:59:14 -- 18/09/2009 21:59:14 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
18/09/2009 21:59:11 -- 18/09/2009 21:59:11 0 H--A 40 days old -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
18/09/2009 21:57:27 -- 02/11/2007 14:51:30 6400 ---A 40 days old -- C:\WINDOWS\system32\drivers\motswch.sys
03/08/2009 15:44:19 -- 10/09/2009 13:54:06 38224 ---A 48 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
03/08/2009 15:44:18 -- 10/09/2009 13:53:50 19160 ---A 48 days old -- C:\WINDOWS\system32\drivers\mbam.sys
---- recent files in C:\WINDOWS\temp\
28/10/2009 23:43:24 -- 28/10/2009 23:43:26 814 ---A 0 days old -- C:\WINDOWS\temp\MpCmdRun.log
---- recent files in C:\Programmi\
14/09/2009 21:56:01 -- 28/10/2009 23:32:25 (DIR) ---- 0 days old -- C:\Programmi\Mozilla Firefox
03/08/2009 15:30:56 -- 28/10/2009 13:14:20 (DIR) ---- 0 days old -- C:\Programmi\File comuni
28/10/2009 11:32:14 -- 28/10/2009 11:32:14 (DIR) ---- 0 days old -- C:\Programmi\Microsoft Silverlight
26/10/2009 12:38:38 -- 26/10/2009 12:38:46 (DIR) H--- 2 days old -- C:\Programmi\WindowsUpdate
03/08/2009 13:59:38 -- 22/10/2009 13:51:28 (DIR) ---- 6 days old -- C:\Programmi\Creative
03/08/2009 13:39:36 -- 22/10/2009 13:16:01 (DIR) ---- 6 days old -- C:\Programmi\Internet Explorer
03/08/2009 15:44:18 -- 16/10/2009 08:27:31 (DIR) ---- 12 days old -- C:\Programmi\Malwarebytes' Anti-Malware
17/08/2009 13:55:06 -- 15/10/2009 11:26:55 (DIR) ---- 13 days old -- C:\Programmi\SpywareBlaster
03/08/2009 13:38:42 -- 10/10/2009 13:29:08 (DIR) ---- 18 days old -- C:\Programmi\Windows Media Player
29/09/2009 22:45:08 -- 30/09/2009 13:39:03 (DIR) H--- 28 days old -- C:\Programmi\Creative Installation Information
03/08/2009 13:50:54 -- 30/09/2009 13:29:18 (DIR) H--- 28 days old -- C:\Programmi\InstallShield Installation Information
23/09/2009 14:16:52 -- 23/09/2009 15:39:19 (DIR) ---- 35 days old -- C:\Programmi\Nokia
23/09/2009 15:20:55 -- 23/09/2009 15:20:57 (DIR) ---- 35 days old -- C:\Programmi\PC Connectivity Solution
23/09/2009 14:21:00 -- 23/09/2009 14:21:00 (DIR) ---- 35 days old -- C:\Programmi\DIFX
08/08/2009 22:27:39 -- 20/09/2009 19:51:35 (DIR) ---- 38 days old -- C:\Programmi\VirusTotalUploader
19/09/2009 20:45:38 -- 19/09/2009 20:45:38 (DIR) ---- 39 days old -- C:\Programmi\Avira
13/09/2009 23:06:13 -- 13/09/2009 23:06:13 (DIR) ---- 45 days old -- C:\Programmi\Trend Micro
13/09/2009 13:36:55 -- 13/09/2009 13:36:55 (DIR) ---- 45 days old -- C:\Programmi\Brice Lambson
12/09/2009 16:08:30 -- 12/09/2009 16:11:58 (DIR) ---- 46 days old -- C:\Programmi\Spybot - Search & Destroy
06/08/2009 21:22:28 -- 08/09/2009 20:52:08 (DIR) ---- 50 days old -- C:\Programmi\Motive
---- recent files in C:\Programmi\File comuni\
30/09/2009 10:38:31 -- 30/09/2009 10:38:31 (DIR) ---- 28 days old -- C:\Programmi\File comuni\Creative
23/09/2009 15:21:47 -- 23/09/2009 15:39:19 (DIR) ---- 35 days old -- C:\Programmi\File comuni\Nokia
23/09/2009 15:21:54 -- 23/09/2009 15:21:54 (DIR) ---- 35 days old -- C:\Programmi\File comuni\PCSuite
18/09/2009 21:56:48 -- 20/09/2009 19:54:54 (DIR) ---- 38 days old -- C:\Programmi\File comuni\Motorola Shared
---- recent files in C:\Documents and Settings\vincenzo\Dati applicazioni\
08/08/2009 20:13:27 -- 11/10/2009 19:28:23 (DIR) ---- 17 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\vlc
08/08/2009 19:24:19 -- 08/10/2009 16:53:06 (DIR) ---- 20 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Vso
03/08/2009 14:08:49 -- 29/09/2009 22:57:01 (DIR) ---- 29 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Creative
23/09/2009 14:20:57 -- 23/09/2009 15:33:49 (DIR) ---- 35 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\PC Suite
23/09/2009 14:21:36 -- 23/09/2009 15:33:42 (DIR) ---- 35 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Nokia
19/09/2009 20:50:07 -- 19/09/2009 20:50:07 (DIR) ---- 39 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Avira
03/08/2009 13:47:32 -- 19/09/2009 20:29:54 (DIR) -S-- 39 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Microsoft
14/09/2009 21:56:12 -- 14/09/2009 21:56:12 (DIR) ---- 44 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Mozilla
03/08/2009 18:14:01 -- 04/09/2009 12:34:31 (DIR) ---- 54 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\Adobe
08/08/2009 19:25:35 -- 07/09/2009 19:14:17 668 ---A 51 days old -- C:\Documents and Settings\vincenzo\Dati applicazioni\vso_ts_preview.xml
---- recent files in C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\
03/08/2009 13:47:32 -- 28/10/2009 11:32:23 (DIR) ---- 0 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\Microsoft
14/09/2009 21:56:12 -- 14/09/2009 21:56:12 (DIR) ---- 44 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\Mozilla
03/08/2009 22:26:10 -- 28/10/2009 13:37:34 4312030 H--A 0 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\IconCache.db
05/08/2009 13:23:31 -- 09/09/2009 17:04:03 8704 ---A 49 days old -- C:\Documents and Settings\vincenzo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
===================== DUPLICATE FILES IN BAK FOLDERS =====================
No BAK folders found
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ATICCC"="\"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe\" runtime -Delay"
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 \"EPSON Stylus Photo R240 Series\" /O6 \"USB001\" /M \"Stylus Photo R240\""
"00PCTFW"="\"C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe\" -s"
"Windows Defender"="\"C:\Programmi\Windows Defender\MSASCui.exe\" -hide"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"SMSTray"="C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe"
"avgnt"="\"C:\Programmi\Avira\AntiVir Desktop\avgnt.exe\" /min"
"P17Helper"="Rundll32 SPIRun.dll,RunDLLEntry"
"VolPanel"="\"C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe\" /r"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"
"Advanced SystemCare 3"="\"C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe\" /startup"
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 \"EPSON Stylus Photo R240 Series\" /M \"Stylus Photo R240\" /EF \"HKCU\""
"PC Suite Tray"="\"C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe\" -onlytray"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%Systemroot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"="LogonUI.EXE"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"@="Internet Explorer User Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"
[Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"@="Internet Explorer Machine Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\dimsntfy]
"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"
[Winlogon\Notify\LBTWlgn]
"DLLName"="c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll"
[Winlogon\Notify\LBTWlgn\Event]
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[runonceex]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
[Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]
#### HKCR\CLSID\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\InprocServer32 @="C:\Programmi\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll"
@="PDF-XChange Viewer IE-Plugin"
"NoExplorer"=dword:00000001
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00002cd9
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP"="1723:TCP:*:Enaxxxxx@xxxxxres.dll,-22015"
"1701:UDP"="1701:UDP:*:Enaxxxxx@xxxxxres.dll,-22016"
"500:UDP"="500:UDP:*:Enaxxxxx@xxxxxres.dll,-22017"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP"="1723:TCP:*:Enaxxxxx@xxxxxres.dll,-22015"
"1701:UDP"="1701:UDP:*:Enaxxxxx@xxxxxres.dll,-22016"
"500:UDP"="500:UDP:*:Enaxxxxx@xxxxxres.dll,-22017"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{0DE2E021-F55A-4710-9F74-7AF2139CC51E}"=dword:00000001
"{32D1AB01-00D6-47B6-9820-0A2CFDBA9B29}"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{06B9249B-9FA2-492D-A3F9-CB16C4B493E7}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="Internet Explorer - Aggiornamento versione"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\msdxm.ocx"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="\"C:\WINDOWS\system32\rundll32.exe\" \"C:\WINDOWS\system32\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\msdxm.ocx"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\msdxm.ocx"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
"ComponentID"="M953297"
"@="Microsoft .NET Framework 1.1 Security Update (KB953297)"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\ServiceModel 3.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11481 (0x2CD9)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11477 (0x2CD5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sr\Parameters FirstRun REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sr\Parameters FirstRun REG_DWORD 1 (0x1)
Result compared: Different
===================== Advanced startup entries analysis =====================
HKLM\SOFTWARE\Microsoft\windows\currentversion\run
ATICCC = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe -- 02/01/2006 16:41:22 -- 02/01/2006 16:41:22 -- 45056
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8 SHA1: 7ed5e3c120ab41303d5f8084a307845f9e0e1cc1
[1] .text [2] .rsrc [3] .reloc
EPSON Stylus Photo R240 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE -- 03/08/2009 14:15:51 -- 25/04/2005 05:00:00 -- 98304
MD5: 84eeb34cef30cbb4992d8332f818a4b3 SHA1: e8f30b562ea0535b75aedf7f7150744658dd05f6
[1] .text [2] .rdata [3] .data [4] .rsrc
00PCTFW = "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe -- 03/08/2009 14:33:21 -- 23/02/2009 08:49:16 -- 2652056
MD5: 64f635240db9fb0c6e6ca7725ed56544 SHA1: 573a08c63694fc0c22d26220f039e4f6bef63eaa
[1] .text [2] .rdata [3] .data [4] .text1 [5] .adata [6] .data1 [7] .pdata [8] .rsrc
Windows Defender = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
C:\Programmi\Windows Defender\MSASCui.exe -- 03/11/2006 18:20:12 -- 03/11/2006 18:20:12 -- 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac SHA1: 6761523a26c96461b4051d6932cb3ade36a2efb2
[1] .text [2] .data [3] .rsrc
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
C:\WINDOWS\KHALMNPR.EXE -- 17/06/2009 17:55:10 -- 17/06/2009 17:55:10 -- 55824
MD5: e42a642e162b0468b2c4e9d803079c7f SHA1: 2c22a6a3c331b873f21b85cb04f2cb7a95f41ec9
[1] .text [2] .rdata [3] .data [4] .rsrc
SMSTray = C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe -- 26/08/2009 14:56:03 -- 14/12/2007 16:19:26 -- 132624
MD5: d2084c2112cba266e08ed2a601e3c020 SHA1: af644dc033c28c680426dfa507cb42dc4cc7f511
[1] .text [2] .rdata [3] .data [4] .rsrc
avgnt = "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe -- 19/09/2009 20:45:40 -- 02/03/2009 12:08:52 -- 209153
MD5: 29680a793f690eef4aaa68479d2a6df8 SHA1: a07ceabce79b3354c25fdd5e20d765cdcd0174f7
[1] .text [2] .rdata [3] .data [4] .rsrc
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry
C:\WINDOWS\system32\Rundll32.exe -- 19/08/2004 16:39:46 -- 14/04/2008 03:14:18 -- 35328
MD5: 76e398fc77bf3a487fe94e3a743227ec SHA1: 5ad417a246a53452028be14b182fb001d278bc56
[1] .text [2] .data [3] .rsrc
VolPanel = "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe -- 30/09/2009 12:48:45 -- 28/02/2007 16:50:50 -- 180224
MD5: ed191c327a6695b35f614bd420e9eb5d SHA1: 124d0b481a76f400c4b03338c78277370ad18505
[1] .text [2] .rdata [3] .data [4] .rsrc
HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
HKCU\SOFTWARE\Microsoft\windows\currentversion\run
LDM = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -- 03/08/2009 14:11:27 -- 03/08/2009 14:11:26 -- 32768
MD5: 5588812731c64305f2579dd8215037e0 SHA1: 3c79a9f3ee8e88891f59c97b28cf1b8ed48b1412
[1] .text [2] .rdata [3] .data [4] .rsrc
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
C:\Programmi\Messenger\msmsgs.exe -- 03/08/2009 13:38:38 -- 14/04/2008 03:14:13 -- 1832448
MD5: 1a44b2db4977c6b76f95eb3d794dd0eb SHA1: 846c82d2153fbf56b7cc15f1aba9221be1905f1a
Error Opening File
Advanced SystemCare 3 = "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe -- 03/08/2009 15:06:29 -- 30/06/2009 08:55:40 -- 2329224
MD5: 77e448287453408a88cd9a02192c6df5 SHA1: ebb80f57717b34007ece6c35f11ce2118d44a8bf
[1] CODE [2] DATA [3] BSS [4] .idata [5] .tls [6] .rdata [7] .reloc [8] .rsrc
EPSON Stylus Photo R240 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE -- 03/08/2009 14:15:51 -- 25/04/2005 05:00:00 -- 98304
MD5: 84eeb34cef30cbb4992d8332f818a4b3 SHA1: e8f30b562ea0535b75aedf7f7150744658dd05f6
[1] .text [2] .rdata [3] .data [4] .rsrc
PC Suite Tray = "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe -- 25/06/2009 14:12:42 -- 25/06/2009 14:12:42 -- 1414144
MD5: 762a5bd25ff00d0376959a8611b327ac SHA1: 289d8551dee607dc68bb14534a6822c06f4078b2
[1] .text [2] .rdata [3] .data [4] .rsrc
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe -- 19/08/2004 16:39:36 -- 14/04/2008 03:14:03 -- 25088
MD5: 91b6aac828f8bbe1796275424e44dfb0 SHA1: bba10ca2cce9f5fe42e4d765da6d425c7d5c0a85
[1] .text [2] .data [3] .rsrc
HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
===================== AUTOPLAY SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)
-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000143
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000143
Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = False
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = True
DRIVE_CDROM = True
DRIVE_RAMDISK = False
RESERVED = True
~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~
No autorun.inf files found.
===================== SCHEDULED JOBS =====================
jobs found in C:\WINDOWS:
31/08/2001 15.00.00 65 byte 2981 days old -- C:\WINDOWS\tasks\desktop.ini
28/10/2009 10.44.26 440 byte 1 days old -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41D9AF44-36DF-49B7-9D28-447EBDC1E788}.job
28/10/2009 23.23.19 6 byte 1 days old -- C:\WINDOWS\tasks\SA.DAT
28/10/2009 23.24.25 366 byte 1 days old -- C:\WINDOWS\tasks\AWC AutoSweep.job
28/10/2009 23.26.27 322 byte 1 days old -- C:\WINDOWS\tasks\MP Scheduled Scan.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 27/10/2009 23.10.25
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 27/10/2009 23.11.49
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 8.18.21
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 8.20.00
Esito: Operazione completata con un codice di uscita (0).
"MP Scheduled Scan.job" (MpCmdRun.exe)
Avviata 28/10/2009 8.38.21
"MP Scheduled Scan.job" (MpCmdRun.exe)
Terminata 28/10/2009 8.38.32
Esito: Operazione completata con un codice di uscita (0).
"User_Feed_Synchronization-{41D9AF44-36DF-49B7-9D28-447EBDC1E788}.job" (msfeedssync.exe)
Avviata 28/10/2009 10.44.00
"User_Feed_Synchronization-{41D9AF44-36DF-49B7-9D28-447EBDC1E788}.job" (msfeedssync.exe)
Terminata 28/10/2009 10.44.26
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 11.24.24
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 11.25.33
Esito: Operazione completata con un codice di uscita (0).
"MP Scheduled Scan.job" (MpCmdRun.exe)
Avviata 28/10/2009 11.44.29
"MP Scheduled Scan.job" (MpCmdRun.exe)
Terminata 28/10/2009 11.44.54
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 12.59.28
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 13.00.33
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 13.19.31
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 13.19.45
Esito: Operazione completata con un codice di uscita (0).
"AWC AutoSweep.job" (AutoSweep.exe)
Avviata 28/10/2009 23.23.19
"AWC AutoSweep.job" (AutoSweep.exe)
Terminata 28/10/2009 23.24.25
Esito: Operazione completata con un codice di uscita (0).
===================== LIST OF ALL SERVICES & DRIVERS =====================
-----HKLM\system\currentcontrolset\services-----
000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
002) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER
003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
005) "aec" - Eliminatore di eco acustico del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER
006) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER
007) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
008) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
010) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
011) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
012) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
013) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
014) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
015) "AsyncMac" - Driver per supporti asincroni RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER
016) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER
017) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
018) "ati2mtag"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ati2mtag.sys
---> TYPE = KERNEL_DRIVER
019) "Atmarpc" - Protocollo client ARP ATM
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER
020) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER
021) "avgio" - avgio
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Programmi\Avira\AntiVir Desktop\avgio.sys
---> TYPE = KERNEL_DRIVER
022) "avgntflt" - avgntflt
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\avgntflt.sys
---> TYPE = FILE_SYSTEM_DRIVER
023) "avipbb" - avipbb
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\avipbb.sys
---> TYPE = KERNEL_DRIVER
024) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
025) "BTCFilterService" - USB Networking Driver Filter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motfilt.sys
---> TYPE = KERNEL_DRIVER
026) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\ComboFix\catchme.sys
---> TYPE = KERNEL_DRIVER
027) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
028) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
029) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
030) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
031) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER
032) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
033) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
034) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
035) "ctsfm2k" - Creative SoundFont Management Device Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ctsfm2k.sys
---> TYPE = KERNEL_DRIVER
036) "CTUSFSYN" - Creative SoundFont Synthesizer
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ctusfsyn.sys
---> TYPE = KERNEL_DRIVER
037) "dac2w2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
038) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
039) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER
040) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER
041) "dmio" - Driver Gestione dischi logici
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER
042) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER
043) "DMusic" - Sintetizzatore DLS Microsoft Kernel
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER
044) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
045) "drmkaud" - Decodificatore audio DRM del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER
046) "Fastfat"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
047) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER
048) "FETND5BV" - VIA Rhine-Family Fast Ethernet Adapter Driver Service
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fetnd5bv.sys
---> TYPE = KERNEL_DRIVER
049) "FETNDIS" - Driver NT scheda Fast Ethernet VIA PCI 10/100Mb
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\fetnd5.sys
---> TYPE = KERNEL_DRIVER
050) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
051) "Flpydisk" - Driver disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER
052) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER
053) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER
054) "gameenum" - Enumeratore porta giochi
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\gameenum.sys
---> TYPE = KERNEL_DRIVER
055) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER
056) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
057) "HTTP" - HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER
058) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
059) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
060) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER
061) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER
062) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
063) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
064) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER
065) "Ip6Fw" - Driver Windows Firewall IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = KERNEL_DRIVER
066) "IpFilterDriver" - Driver filtro traffico IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER
067) "IpInIp" - Driver tunnel IP in IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER
068) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER
069) "IPSec" - Driver IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER
070) "IRENUM" - Servizio enumeratore infrarossi
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER
071) "isapnp" - Driver bus PnP ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER
072) "Kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER
073) "kmixer" - Mixer wave audio del kernel Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER
074) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
075) "L8042Kbd" - Logitech SetPoint Keyboard Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\L8042Kbd.sys
---> TYPE = KERNEL_DRIVER
076) "L8042mou" - SetPoint PS/2 Mouse Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\L8042mou.Sys
---> TYPE = KERNEL_DRIVER
077) "LBeepKE" - LBeepKE
---> STAT = (RUNNING) Started automatically
---> FILE = System32\Drivers\LBeepKE.sys
---> TYPE = KERNEL_DRIVER
078) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
079) "LMouKE" - SetPoint Mouse Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\LMouKE.Sys
---> TYPE = KERNEL_DRIVER
080) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
081) "Modem"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
082) "motccgp" - Motorola USB Composite Device Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motccgp.sys
---> TYPE = KERNEL_DRIVER
083) "motccgpfl" - MotCcgpFlService
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motccgpfl.sys
---> TYPE = KERNEL_DRIVER
084) "motmodem" - Motorola USB CDC ACM Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motmodem.sys
---> TYPE = KERNEL_DRIVER
085) "MotoSwitchService" - MotoSwitch Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\motswch.sys
---> TYPE = KERNEL_DRIVER
086) "Motousbnet" - Motorola USB Networking Driver Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\Motousbnet.sys
---> TYPE = KERNEL_DRIVER
087) "Mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER
088) "MountMgr" - Gestore installazione (Mounting)
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
089) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
090) "MRxDAV" - Redirector del client WebDav
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER
091) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER
092) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
093) "MSKSSRV" - Proxy di servizio di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER
094) "MSPCLOCK" - Proxy clock di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER
095) "MSPQM" - Proxy di gestione qualità di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER
096) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER
097) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER
098) "NDIS" - Driver di sistema NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
099) "NdisTapi" - Driver TAPI NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER
100) "Ndisuio" - Protocollo I/O modalità utente su NDIS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER
101) "NdisWan" - Driver WAN NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER
102) "NDProxy" - multi:Proxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
103) "NetBIOS" - Interfaccia NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER
104) "NetBT" - NetBios su Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER
105) "nmwcd" - Nokia USB Phone Parent
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ccdcmb.sys
---> TYPE = KERNEL_DRIVER
106) "nmwcdc" - Nokia USB Generic
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ccdcmbo.sys
---> TYPE = KERNEL_DRIVER
107) "nmwcdnsu" - Nokia USB Flashing Phone Parent
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdnsu.sys
---> TYPE = KERNEL_DRIVER
108) "nmwcdnsuc" - Nokia USB Flashing Generic
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdnsuc.sys
---> TYPE = KERNEL_DRIVER
109) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
110) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
111) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
112) "NwlnkFlt" - Driver filtro traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER
113) "NwlnkFwd" - Driver inoltratore traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER
114) "ossrv" - Creative OS Services Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ctoss2k.sys
---> TYPE = KERNEL_DRIVER
115) "P17" - SB Live! 24-bit
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\P17.sys
---> TYPE = KERNEL_DRIVER
116) "P17xfi" - Sound Blaster X-Fi Xtreme Audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\P17xfi.sys
---> TYPE = KERNEL_DRIVER
117) "p17xfilt"
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\p17xfilt.sys
---> TYPE = KERNEL_DRIVER
118) "Parport" - Driver della porta parallela
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER
119) "PartMgr" - Gestore partizioni
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
120) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER
121) "pccsmcfd" - PCCS Mode Change Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\pccsmcfd.sys
---> TYPE = KERNEL_DRIVER
122) "PCI" - Driver bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER
123) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
124) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER
125) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
126) "pcouffin" - VSO Software pcouffin
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\pcouffin.sys
---> TYPE = KERNEL_DRIVER
127) "PCTAppEvent" - PCTAppEvent Driver
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\drivers\PCTAppEvent.sys
---> TYPE = KERNEL_DRIVER
128) "pctgntdi" - pctgntdi
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\WINDOWS\system32\drivers\pctgntdi.sys
---> TYPE = KERNEL_DRIVER
129) "pctplfw" - pctplfw
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\pctplfw.sys
---> TYPE = KERNEL_DRIVER
130) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
131) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
132) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
133) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
134) "perc2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
135) "perc2hib"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
136) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER
137) "PSched" - Utilità di pianificazione pacchetti QoS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psched.sys
---> TYPE = KERNEL_DRIVER
138) "Ptilink" - Driver Direct Parallel Link
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ptilink.sys
---> TYPE = KERNEL_DRIVER
139) "ql1080"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
140) "Ql10wnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
141) "ql12160"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
142) "ql1240"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
143) "ql1280"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
144) "RasAcd" - Driver connessione automatica Accesso remoto
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER
145) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER
146) "RasPppoe" - Driver PPPOE di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER
147) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspti.sys
---> TYPE = KERNEL_DRIVER
148) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER
149) "RDPCDD"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER
150) "rdpdr" - Driver redirector periferica Terminal Server
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rdpdr.sys
---> TYPE = KERNEL_DRIVER
151) "RDPWD"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
152) "redbook" - Driver filtro riproduzione CD-ROM audio digitale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\redbook.sys
---> TYPE = KERNEL_DRIVER
153) "rtl8139" - Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\RTL8139.SYS
---> TYPE = KERNEL_DRIVER
154) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\secdrv.sys
---> TYPE = KERNEL_DRIVER
155) "serenum" - Driver filtro Serenum
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\serenum.sys
---> TYPE = KERNEL_DRIVER
156) "Serial" - Driver della porta seriale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\serial.sys
---> TYPE = KERNEL_DRIVER
157) "SFilter" - PCTools Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\pctfw.sys
---> TYPE = KERNEL_DRIVER
158) "Sfloppy"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
159) "Simbad"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
160) "Sparrow"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
161) "splitter" - Frazionatore audio del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
---> TYPE = KERNEL_DRIVER
162) "sr" - Driver filtro Ripristino configurazione di sistema
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\sr.sys
---> TYPE = FILE_SYSTEM_DRIVER
163) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER
164) "ssmdrv" - ssmdrv
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ssmdrv.sys
---> TYPE = KERNEL_DRIVER
165) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER
166) "swmidi" - Sintetizzatore Wavetable GS kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
---> TYPE = KERNEL_DRIVER
167) "symc810"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
168) "symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
169) "sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
170) "sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
171) "sysaudio" - Periferica audio di sistema Microsoft Kernel
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
---> TYPE = KERNEL_DRIVER
172) "Tcpip" - Driver protocollo TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER
173) "TDPIPE"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
174) "TDTCP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
175) "TermDD" - Driver della periferica terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER
176) "TosIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
177) "uagp35" - Filtro Microsoft AGPv3.5
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\uagp35.sys
---> TYPE = KERNEL_DRIVER
178) "Udfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
179) "ultra"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
180) "Update" - Driver aggiornamento microcodice
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\update.sys
---> TYPE = KERNEL_DRIVER
181) "upperdev"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbser_lowerflt.sys
---> TYPE = KERNEL_DRIVER
182) "usbccgp" - Driver principale generico USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbccgp.sys
---> TYPE = KERNEL_DRIVER
183) "usbehci" - Driver Miniport controller enhanced host USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER
184) "usbhub" - Hub abilitato USB2
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER
185) "usbprint" - Classe stampanti USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = KERNEL_DRIVER
186) "usbscan" - Driver scanner USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
---> TYPE = KERNEL_DRIVER
187) "usbser" - USB Modem Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\usbser.sys
---> TYPE = KERNEL_DRIVER
188) "UsbserFilt"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbser_lowerfltj.sys
---> TYPE = KERNEL_DRIVER
189) "usbstor" - Driver archiviazione di massa USB
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER
190) "usbuhci" - Driver Miniport Controller Universal Host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER
191) "VgaSave" - Controller video VGA.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER
192) "ViaIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\viaide.sys
---> TYPE = KERNEL_DRIVER
193) "videX32"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\videX32.sys
---> TYPE = KERNEL_DRIVER
194) "VolSnap"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
195) "Wanarp" - Driver ARP IP di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER
196) "Wdf01000" - Wdf01000
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\wdf01000.sys
---> TYPE = KERNEL_DRIVER
197) "WDICA"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
198) "wdmaud" - Driver di compatibilità audio Microsoft WINMM WDM
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
---> TYPE = KERNEL_DRIVER
199) "WpdUsb" - WpdUsb
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wpdusb.sys
---> TYPE = KERNEL_DRIVER
200) "WS2IFSL" - Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys
---> TYPE = KERNEL_DRIVER
201) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\WudfPf.sys
---> TYPE = KERNEL_DRIVER
202) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wudfrd.sys
---> TYPE = KERNEL_DRIVER
203) "xfilt" - VIA SATA IDE Hot-plug Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\xfilt.sys
---> TYPE = KERNEL_DRIVER
-----HKLM\system\currentcontrolset\services-----
000) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
001) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> TYPE = OWN_SERVICE
002) "AntiVirMailService" - Avira AntiVir MailGuard
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\avmailc.exe\
---> TYPE = OWN_SERVICE
003) "AntiVirSchedulerService" - Avira AntiVir Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\sched.exe\
---> TYPE = OWN_SERVICE
004) "AntiVirService" - Avira AntiVir Guard
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\avguard.exe\
---> TYPE = OWN_SERVICE
005) "AntiVirWebService" - Avira AntiVir WebGuard
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE\
---> TYPE = OWN_SERVICE
006) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
007) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> TYPE = OWN_SERVICE
008) "Ati HotKey Poller"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\Ati2evxx.exe
---> TYPE = OWN_SERVICE
009) "ATI Smart" - ATI Smart
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ati2sgag.exe
---> TYPE = OWN_SERVICE
010) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
011) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
012) "Browser" - Browser di computer
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
013) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe
---> TYPE = SHARE_SERVICE
014) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\clipsrv.exe
---> TYPE = OWN_SERVICE
015) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE
016) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE
017) "Creative Service for CDROM Access" - Creative Service for CDROM Access
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\CTsvcCDA.exe
---> TYPE = OWN_SERVICE
018) "CryptSvc" - CryptSvc
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
019) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> TYPE = SHARE_SERVICE
020) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
021) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
---> TYPE = SHARE_SERVICE
022) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
023) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
024) "Dot3svc" - Configurazione automatica reti cablate
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k dot3svc
---> TYPE = SHARE_SERVICE
025) "EapHost" - Servizio Extensible Authentication Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k eapsvcs
---> TYPE = SHARE_SERVICE
026) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
027) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE
028) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
029) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
030) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
---> TYPE = OWN_SERVICE
031) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
032) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
033) "hkmsvc" - Servizio gestione chiavi e certificati di integrità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
034) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
---> TYPE = SHARE_SERVICE
035) "idsvc" - Windows CardSpace
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\
---> TYPE = SHARE_SERVICE
036) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe
---> TYPE = OWN_SERVICE
037) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
038) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
039) "LBTServ" - Logitech Bluetooth Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
---> TYPE = OWN_SERVICE
040) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
041) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
042) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe
---> TYPE = OWN_SERVICE
043) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe
---> TYPE = OWN_SERVICE
044) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
---> TYPE = SHARE_SERVICE
045) "napagent" - Agente protezione accesso alla rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
046) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE
047) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE
048) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
049) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
050) "NetTcpPortSharing" - Net.Tcp Port Sharing Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\
---> TYPE = SHARE_SERVICE
051) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
052) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
053) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
054) "PCToolsFirewallPlus" - PC Tools Firewall Plus
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\PC Tools Firewall Plus\FWService.exe
---> TYPE = OWN_SERVICE
055) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE
056) "PolicyAgent" - Servizi IPSEC
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
057) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
058) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
059) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
060) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
---> TYPE = OWN_SERVICE
061) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
062) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
063) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe
---> TYPE = OWN_SERVICE
064) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> TYPE = OWN_SERVICE
065) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe
---> TYPE = OWN_SERVICE
066) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
067) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
---> TYPE = SHARE_SERVICE
068) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
069) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
070) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
071) "ServiceLayer" - ServiceLayer
---> STAT = (RUNNING) Started manually
---> FILE = \C:\Programmi\PC Connectivity Solution\ServiceLayer.exe\
---> TYPE = OWN_SERVICE
072) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
073) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
074) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> TYPE = OWN_SERVICE
075) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
076) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
077) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> TYPE = SHARE_SERVICE
078) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{079764BF-3207-40E0-871A-318297C0EE01}
---> TYPE = OWN_SERVICE
079) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
---> TYPE = OWN_SERVICE
080) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
081) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> TYPE = SHARE_SERVICE
082) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
083) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\tlntsvr.exe
---> TYPE = OWN_SERVICE
084) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
085) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
086) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
---> TYPE = OWN_SERVICE
087) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
---> TYPE = OWN_SERVICE
088) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
089) "WebClient" - WebClient
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = OWN_SERVICE
090) "WinDefend" - Windows Defender
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Windows Defender\MsMpEng.exe\
---> TYPE = OWN_SERVICE
091) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
092) "Winsock"
---> STAT = (RUNNING) Started manually
---> TYPE = ADAPTER
093) "WMDM PMSP Service" - WMDM PMSP Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\MsPMSPSv.exe
---> TYPE = OWN_SERVICE
094) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
095) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
096) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe
---> TYPE = OWN_SERVICE
097) "WMPNetworkSvc" - Servizio di condivisione in rete Windows Media Player
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\Windows Media Player\WMPNetwk.exe\
---> TYPE = OWN_SERVICE
098) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
099) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
100) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
---> TYPE = SHARE_SERVICE
101) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
102) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
===================== SVCHOST INSTANCES =====================
HTTPFilter
+---- HTTPFilter
+---- %SystemRoot%\System32\w3ssl.dll
LocalService
+---- Alerter
+---- %SystemRoot%\system32\alrsvc.dll
+---- WebClient
+---- %SystemRoot%\System32\webclnt.dll
+---- LmHosts
+---- %SystemRoot%\System32\lmhsvc.dll
+---- RemoteRegistry
+---- %SystemRoot%\system32\regsvc.dll
+---- upnphost
+---- %SystemRoot%\System32\upnphost.dll
+---- SSDPSRV
+---- %SystemRoot%\System32\ssdpsrv.dll
NetworkService
+---- DnsCache
+---- %SystemRoot%\System32\dnsrslvr.dll
netsvcs
+---- 6to4
+---- AppMgmt
+---- %SystemRoot%\System32\appmgmts.dll
+---- AudioSrv
+---- %SystemRoot%\System32\audiosrv.dll
+---- Browser
+---- %SystemRoot%\System32\browser.dll
+---- CryptSvc
+---- %SystemRoot%\System32\cryptsvc.dll
+---- DMServer
+---- %SystemRoot%\System32\dmserver.dll
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- ERSvc
+---- %SystemRoot%\System32\ersvc.dll
+---- EventSystem
+---- C:\WINDOWS\system32\es.dll
+---- FastUserSwitchingCompatibility
+---- %SystemRoot%\System32\shsvcs.dll
+---- HidServ
+---- %SystemRoot%\System32\hidserv.dll
+---- Ias
+---- Iprip
+---- Irmon
+---- LanmanServer
+---- %SystemRoot%\System32\srvsvc.dll
+---- LanmanWorkstation
+---- %SystemRoot%\System32\wkssvc.dll
+---- Messenger
+---- %SystemRoot%\System32\msgsvc.dll
+---- Netman
+---- %SystemRoot%\System32\netman.dll
+---- Nla
+---- %SystemRoot%\System32\mswsock.dll
+---- Ntmssvc
+---- %SystemRoot%\system32\ntmssvc.dll
+---- NWCWorkstation
+---- Nwsapagent
+---- Rasauto
+---- %SystemRoot%\System32\rasauto.dll
+---- Rasman
+---- %SystemRoot%\System32\rasmans.dll
+---- Remoteaccess
+---- %SystemRoot%\System32\mprdim.dll
+---- Schedule
+---- %SystemRoot%\system32\schedsvc.dll
+---- Seclogon
+---- %SystemRoot%\System32\seclogon.dll
+---- SENS
+---- %SystemRoot%\system32\sens.dll
+---- Sharedaccess
+---- %SystemRoot%\System32\ipnathlp.dll
+---- SRService
+---- %SystemRoot%\system32\srsvc.dll
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
+---- Themes
+---- %SystemRoot%\System32\shsvcs.dll
+---- TrkWks
+---- %SystemRoot%\system32\trkwks.dll
+---- W32Time
+---- %systemroot%\system32\w32time.dll
+---- WZCSVC
+---- %SystemRoot%\System32\wzcsvc.dll
+---- Wmi
+---- %SystemRoot%\System32\advapi32.dll
+---- WmdmPmSp
+---- winmgmt
+---- %SystemRoot%\system32\wbem\WMIsvc.dll
+---- wscsvc
+---- %SYSTEMROOT%\system32\wscsvc.dll
+---- xmlprov
+---- %SystemRoot%\System32\xmlprov.dll
+---- BITS
+---- %systemroot%\system32\qmgr.dll
+---- wuauserv
+---- C:\WINDOWS\system32\wuauserv.dll
+---- ShellHWDetection
+---- %SystemRoot%\System32\shsvcs.dll
+---- WmdmPmSN
+---- C:\WINDOWS\system32\MsPMSNSv.dll
+---- napagent
+---- %SystemRoot%\System32\qagentrt.dll
+---- hkmsvc
+---- %SystemRoot%\System32\kmsvc.dll
+---- helpsvc
+---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
DcomLaunch
+---- DcomLaunch
+---- %SystemRoot%\system32\rpcss.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
rpcss
+---- RpcSs
+---- %SystemRoot%\System32\rpcss.dll
imgsvc
+---- StiSvc
+---- %SystemRoot%\system32\wiaservc.dll
termsvcs
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
WudfServiceGroup
+---- WUDFSvc
+---- %SystemRoot%\System32\WUDFSvc.dll
eapsvcs
+---- eaphost
+---- %SystemRoot%\System32\eapsvc.dll
dot3svc
+---- dot3svc
+---- %SystemRoot%\System32\dot3svc.dll
===================== LOADED MODULES =====================
*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown
System pid: 4
Command line: <no command line>
smss.exe pid: 1060
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
csrss.exe pid: 1124
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75af0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\CSRSRV.dll
0x75b00000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll
0x75b10000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll
winlogon.exe pid: 1152
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x8b000 \??\C:\WINDOWS\system32\winlogon.exe
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x11000 6.14.0010.4133 C:\WINDOWS\system32\Ati2evxx.dll
0x47190000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x01630000 0x12000 4.80.0103.0000 c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
0x01560000 0x24000 4.80.0103.0000 c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
services.exe pid: 1196
Command line: C:\WINDOWS\system32\services.exe
Base Size Version Path
0x01000000 0x1d000 5.01.2600.5755 C:\WINDOWS\system32\services.exe
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77b40000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\SCESRV.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x7dbb0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\umpnpmgr.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x474b0000 0xf000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcAdProc.dll
0x772d0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\eventlog.dll
lsass.exe pid: 1208
Command line: C:\WINDOWS\system32\lsass.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\lsass.exe
0x753e0000 0xb6000 5.01.2600.5834 C:\WINDOWS\system32\LSASRV.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x743d0000 0x6e000 5.01.2600.5512 C:\WINDOWS\system32\SAMSRV.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x4d200000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\msprivs.dll
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74440000 0x65000 5.01.2600.5512 C:\WINDOWS\system32\netlogon.dll
0x76780000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x7e8c0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\wdigest.dll
0x00f60000 0x31000 5.01.2600.5512 C:\WINDOWS\system32\scecli.dll
0x74320000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\pstorsvc.dll
0x74340000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\psbase.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
ati2evxx.exe pid: 1404
Command line: C:\WINDOWS\system32\Ati2evxx.exe
Base Size Version Path
0x00400000 0x6b000 6.14.0010.4133 C:\WINDOWS\system32\Ati2evxx.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ae0000 0x10000 6.14.0010.2500 C:\WINDOWS\system32\Ati2edxx.dll
svchost.exe pid: 1420
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
svchost.exe pid: 1500
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
MsMpEng.exe pid: 1636
Command line: "C:\Programmi\Windows Defender\MsMpEng.exe"
Base Size Version Path
0x01000000 0x4000 1.01.1593.0000 C:\Programmi\Windows Defender\MsMpEng.exe
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x5c800000 0x44000 1.01.1593.0000 C:\Programmi\Windows Defender\MpSvc.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Programmi\Windows Defender\MpClient.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5a100000 0x6f4000 1.01.5202.0000 C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{55386110-E3AA-4258-B9E4-D54A5B014DE8}\mpengine.dll
0x00ec0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x5e800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\mprtplug.dll
0x60800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\MpAsDesc.dll
0x76590000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\SensApi.dll
svchost.exe pid: 1680
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x4cf40000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x745c0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76030000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x72960000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x01960000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\System32\SCHANNEL.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x76760000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74f20000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll
0x776e0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74ed0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\System32\HNETCFG.DLL
0x02760000 0x34000 5.01.2600.5512 c:\windows\system32\credui.dll
0x73640000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x73b40000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x76780000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f120000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x50040000 0x1bc000 7.02.6001.0788 C:\WINDOWS\system32\wuaueng.dll
0x750e0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x742f0000 0xb000 5.01.2600.5512 c:\windows\system32\WINIPSEC.DLL
0x58080000 0x48000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x58100000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x580e0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58110000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58130000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58120000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x723c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x70040000 0x9e000 2001.12.4414.0700 C:\WINDOWS\System32\catsrvut.dll
0x70100000 0x3d000 2001.12.4414.0700 C:\WINDOWS\System32\catsrv.dll
0x61df0000 0x9000 2001.12.4414.0700 C:\WINDOWS\System32\MfcSubs.dll
0x50640000 0xa000 7.02.6001.0788 C:\WINDOWS\system32\wups.dll
0x50e60000 0xc000 7.02.6001.0788 C:\WINDOWS\system32\wups2.dll
0x74910000 0x11e000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x506a0000 0x8a000 7.02.6001.0788 C:\WINDOWS\system32\wuapi.dll
svchost.exe pid: 1728
Command line: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x111c0000 0x10000 6.00.6001.18000 c:\windows\system32\wudfsvc.dll
0x00670000 0x2b000 6.00.6001.18000 c:\windows\system32\WUDFPlatform.dll
svchost.exe pid: 1872
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
svchost.exe pid: 2040
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
spoolsv.exe pid: 352
Command line: C:\WINDOWS\system32\spoolsv.exe
Base Size Version Path
0x01000000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\spoolsv.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x50400000 0x15000 5.07.0000.0000 C:\WINDOWS\system32\E_FLMAHE.DLL
0x3f420000 0x1b000 6.01.2600.5635 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
ati2evxx.exe pid: 372
Command line: Ati2evxx.exe -Client
Base Size Version Path
0x00400000 0x6b000 6.14.0010.4133 C:\WINDOWS\system32\Ati2evxx.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00c30000 0x10000 6.14.0010.2500 C:\WINDOWS\system32\Ati2edxx.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
explorer.exe pid: 480
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x17e000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x75f30000 0x104000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x00280000 0x46e000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x00700000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x5ba40000 0x82000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x60060000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x02e10000 0x34000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x02e50000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x033c0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x761e0000 0x23000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a80000 0xd000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x75f10000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x75f20000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x04a50000 0x1d6000 1.06.0002.0014 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x69940000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\faultrep.dll
0x5f210000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\olepro32.dll
0x43270000 0x9000 8.00.6001.18828 C:\WINDOWS\system32\jsproxy.dll
0x6c6b0000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x059c0000 0x9a000 7.01.0108.0000 C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
0x06810000 0xe4000 7.01.0154.0000 C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x05a60000 0x9000 7.01.0069.0000 C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
0x06400000 0x8e000 7.01.0021.0000 C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
0x73b10000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
0x74a70000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll
0x05210000 0x508000 2.00.0042.0002 C:\Programmi\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
0x73aa0000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x014e0000 0x13000 1.00.0000.0001 C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
0x05b10000 0x3b2000 6.00.2900.5512 C:\WINDOWS\system32\zipfldr.dll
0x01520000 0x2b000 C:\Programmi\WinRAR\rarext.dll
sched.exe pid: 520
Command line: "C:\Programmi\Avira\AntiVir Desktop\sched.exe"
CLI.exe pid: 672
Command line: "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x791b0000 0x269000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x008f0000 0x45000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x79780000 0x20e000 1.01.4322.2443 c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
0x79990000 0x33e000 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d01e3220\mscorlib.dll
0x79510000 0x13000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
0x79430000 0x4d000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
0x7b610000 0x1f8000 1.01.4322.2032 c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
0x7b810000 0x2e2000 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecba824d\system.windows.forms.dll
0x11000000 0xc000 1.02.2349.28178 c:\programmi\ati technologies\ati.ace\cli.implementation.dll
0x02e10000 0xc000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\log.foundation.dll
0x03030000 0x14000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.dll
0x03050000 0xe000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\log.foundation.service.dll
0x03060000 0x8000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\log.foundation.shared.dll
0x7b0a0000 0x130000 1.01.4322.2443 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
0x7b1d0000 0x1e4000 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bbd2063\system.dll
0x030b0000 0xa000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
0x7bc10000 0x14a000 1.01.4322.2032 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
0x7bd60000 0x202000 c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7efd980c\system.xml.dll
0x79640000 0x52000 1.01.4322.2032 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x03700000 0x18000 1.02.2349.28582 c:\programmi\ati technologies\ati.ace\cli.component.runtime.dll
0x03720000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\aticccom.dll
0x03730000 0xa000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\aem.foundation.dll
0x7b490000 0x76000 1.01.4322.2032 c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
0x03750000 0x17000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
0x7b510000 0xce000 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cdb8df7\system.drawing.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79e60000 0x42000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x042a0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x04580000 0x10000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.shared.dll
0x047a0000 0x4c000 1.02.2349.28559 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.runtime.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x04830000 0xc000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.component.runtime.shared.dll
0x04a50000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.foundation.dll
0x04a60000 0xe000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.graphics.i0601.dll
0x04b90000 0xa000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x7a090000 0x138000 1.01.4322.2443 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
0x05190000 0x4a000 1.02.2349.28150 c:\windows\system32\atidemgr.dll
0x051e0000 0x5e000 1.01.4322.2032 c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
0x05250000 0xb000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x05590000 0xc000 1.02.2349.28270 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.runtime.dll
0x055a0000 0xa000 1.02.2302.19274 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.shared.dll
0x055b0000 0xc000 1.02.2349.28171 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll
0x055c0000 0xa000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll
0x055d0000 0xc000 1.02.2349.28337 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll
0x055f0000 0xa000 1.02.2208.30001 c:\programmi\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll
0x05600000 0xc000 1.02.2349.28269 c:\programmi\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll
0x05610000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll
0x05620000 0x10000 1.02.2349.28383 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll
0x05630000 0xe000 1.02.2349.28376 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll
0x05640000 0xe000 1.02.2349.28287 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll
0x05860000 0xa000 1.02.2208.30007 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll
0x05870000 0xe000 1.02.2349.28460 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll
0x05880000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll
0x05890000 0xe000 1.02.2349.28421 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll
0x058a0000 0xc000 1.02.2208.30001 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll
0x058b0000 0xc000 1.02.2349.28361 c:\programmi\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll
0x058c0000 0xa000 1.02.2208.29989 c:\programmi\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll
0x058e0000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.videooverlay.shared.dll
0x058f0000 0xa000 1.02.2349.28369 c:\programmi\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll
0x05900000 0xa000 1.02.2349.28353 c:\programmi\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll
0x05910000 0xa000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll
0x05b20000 0xc000 1.02.2349.28345 c:\programmi\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll
0x05b30000 0xc000 1.02.2349.28506 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll
0x05b50000 0x12000 1.02.2236.29147 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll
0x05b70000 0xc000 1.02.2349.28303 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll
0x05b80000 0x12000 1.02.2236.29162 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll
0x05ba0000 0xa000 1.02.2349.28481 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll
0x05bb0000 0xa000 1.02.2208.29994 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll
0x05bd0000 0xa000 1.02.2349.28287 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll
0x05bf0000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll
0x05c00000 0x10000 1.02.2349.28498 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll
0x05c10000 0xc000 1.02.2236.29179 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll
0x05c20000 0xa000 1.02.2236.29132 c:\programmi\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll
0x05c30000 0x10000 1.02.2349.28311 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll
0x05c40000 0xc000 1.02.2236.29197 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll
0x05c60000 0x12000 1.02.2349.28474 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll
0x05c80000 0x12000 1.02.2349.28467 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll
0x05ca0000 0xe000 1.02.2349.28490 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll
0x05cb0000 0xe000 1.02.2236.29212 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll
0x05cc0000 0xe000 1.02.2349.28295 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll
0x05ce0000 0xe000 1.02.2236.29221 c:\programmi\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll
0x05cf0000 0x16000 1.02.2349.28398 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll
0x05d10000 0xa000 1.02.2279.31385 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll
0x05d20000 0xa000 1.02.2349.28413 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll
0x05d30000 0x10000 1.02.2349.28391 c:\programmi\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll
0x05d40000 0xa000 1.02.2208.29989 c:\programmi\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll
0x05d60000 0xc000 1.02.2349.28444 c:\programmi\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll
0x05d70000 0x8000 1.02.2349.28429 c:\programmi\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll
0x05d80000 0xc000 1.02.2349.28436 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll
0x05d90000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll
0x05da0000 0x8000 1.02.2349.28321 c:\programmi\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll
0x05db0000 0x8000 1.02.2208.30002 c:\programmi\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll
0x05dd0000 0x12000 1.02.2232.28756 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll
0x05e00000 0x10000 1.02.2232.28758 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll
0x05e30000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.graphics.i0600.dll
0x05e40000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll
0x05e70000 0xa000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll
0x05e80000 0x8000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll
0x05e90000 0x8000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\dem.graphics.i0602.dll
0x05ea0000 0x8000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll
0x05eb0000 0x8000 1.02.2349.28162 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.runtime.dll
0x05fe0000 0x12000 1.02.2343.18612 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll
0x06010000 0x12000 1.02.2343.18635 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll
0x06040000 0x8000 1.02.2279.31374 c:\programmi\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll
0x06050000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll
0x06070000 0x8000 1.02.2208.29988 c:\programmi\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll
0x05060000 0xa000 1.02.2208.30002 c:\programmi\ati technologies\ati.ace\apm.foundation.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x050d0000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x05100000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
FirewallGUI.exe pid: 656
Command line: "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
Base Size Version Path
0x00400000 0x32c000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x66bb0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\inetmib1.dll
0x71ef0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\snmpapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x10000000 0x36b000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\Objects.dll
0x5dd60000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\RPCNS4.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x01900000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x01920000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x01b60000 0x340000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\FirewallPlugin.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x026a0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x74dc0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x3fac0000 0x5ad000 8.00.6001.18828 C:\WINDOWS\system32\mshtml.dll
0x03090000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x74680000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
avguard.exe pid: 888
Command line: "C:\Programmi\Avira\AntiVir Desktop\avguard.exe"
MSASCui.exe pid: 900
Command line: "C:\Programmi\Windows Defender\MSASCui.exe" -hide
Base Size Version Path
0x01000000 0xd7000 1.01.1593.0000 C:\Programmi\Windows Defender\MSASCui.exe
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x5b800000 0x4f000 1.01.1593.0000 C:\Programmi\Windows Defender\MpClient.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x61800000 0x9c000 1.01.1593.0000 C:\Programmi\Windows Defender\MsMpRes.dll
0x5d800000 0xac000 1.01.1593.0000 C:\Programmi\Windows Defender\MpRtMon.DLL
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x74910000 0x11e000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x60800000 0xf000 1.01.1593.0000 C:\Programmi\Windows Defender\MpAsDesc.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll
CTSVCCDA.EXE pid: 248
Command line: C:\WINDOWS\system32\CTsvcCDA.exe
Base Size Version Path
0x00400000 0xf000 1.00.0001.0000 C:\WINDOWS\system32\CTsvcCDA.exe
avgnt.exe pid: 1272
Command line: "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
rundll32.exe pid: 1440
Command line: "C:\WINDOWS\system32\Rundll32.exe" SPIRun.dll,RunDLLEntry
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\Rundll32.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x009b0000 0x6000 1.00.0000.0002 C:\WINDOWS\system32\SPIRun.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ba0000 0x24000 1.00.0000.0014 C:\WINDOWS\SYSTEM32\OemSpi.dll
0x73e80000 0x5c000 5.03.2600.5512 C:\WINDOWS\SYSTEM32\DSOUND.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
VolPanlu.exe pid: 1448
Command line: "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
Base Size Version Path
0x00400000 0x2c000 2.20.0011.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
0x10000000 0x11000 1.00.0002.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSeu.dll
0x00330000 0x53000 1.04.0000.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTAudEp.dll
0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x61000000 0x10000 2.10.0003.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ed0000 0x2a000 2.30.0000.0000 C:\Programmi\Creative\ShareDLL\CADI\ctcadi.dll
0x00f20000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x00f70000 0x1d000 0.00.0002.0005 C:\Programmi\Creative\ShareDLL\CADI\ctdmzspi.dll
0x00fa0000 0x1c000 0.00.0000.0014 C:\Programmi\Creative\ShareDLL\CADI\ctaudspi.dll
0x00fd0000 0x1b000 0.00.0000.0010 C:\Programmi\Creative\ShareDLL\CADI\ctpxspi.dll
0x01000000 0x1c000 0.00.0000.0012 C:\Programmi\Creative\ShareDLL\CADI\ctmbspi.dll
0x01030000 0x1c000 0.00.0000.0010 C:\Programmi\Creative\ShareDLL\CADI\ctksspi.dll
0x01060000 0x24000 1.00.0000.0014 C:\WINDOWS\SYSTEM32\OemSpi.dll
0x73e80000 0x5c000 5.03.2600.5512 C:\WINDOWS\SYSTEM32\DSOUND.dll
0x021c0000 0x19000 1.00.0000.0002 C:\Programmi\Creative\ShareDLL\CADI\dbacs.dll
0x023c0000 0x14000 2.00.0001.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\mxlibu.dll
0x023f0000 0x2d000 3.01.0018.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTThemeU.dll
0x02420000 0xc000 3.01.0002.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CtrlSrcU.dll
0x02430000 0xe000 1.02.0000.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\CTIniFu.dll
0x02450000 0x55000 3.01.0030.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl.sku
0x024b0000 0x27000 3.01.0021.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl2.sku
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x024e0000 0x1e000 3.01.0016.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl3.sku
0x02500000 0x1e000 3.01.0015.0000 C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\RtxCtrl.sku
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
LogitechDesktopMessenger.exe pid: 1564
Command line: "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
Base Size Version Path
0x00400000 0x8000 2.01.0002.0000 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
0x00900000 0x21e000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\backWeb.dll
0x10000000 0x39000 4.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwsec.dll
0x00840000 0xf000 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\clntutil.dll
0x71ef0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\snmpapi.dll
0x00850000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00db0000 0x2a000 7.02.0000.0137 C:\PROGRA~1\Logitech\DESKTO~1\8876480\720~1.137\program\EN\ClientRC.dll
0x698e0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\feclient.dll
0x00e50000 0xa000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
0x01560000 0x25000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWfiles.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x017a0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x66bb0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\inetmib1.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x01c90000 0xa000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWDocMapExt-8876480.dll
0x01ca0000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x01cf0000 0x84000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWDocMapExt.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x3fac0000 0x5ad000 8.00.6001.18828 C:\WINDOWS\system32\mshtml.dll
0x02000000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x02050000 0xa000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
0x02070000 0x1c000 7.02.0000.0137 C:\Programmi\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwscriptext.dll
0x02a40000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll
0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll
0x606d0000 0x21000 5.07.0000.18066 C:\WINDOWS\system32\wshom.ocx
0x02b20000 0x21000 2.01.0002.0000 C:\Programmi\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
msmsgs.exe pid: 1596
Command line: "C:\Programmi\Messenger\msmsgs.exe" /background
Base Size Version Path
0x01000000 0x1c4000 4.07.0000.3001 C:\Programmi\Messenger\msmsgs.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x10000000 0x6f000 5.01.2600.5512 C:\WINDOWS\system32\XPOB2RES.DLL
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x776e0000 0x44000 2001.12.4414.0706 C:\WINDOWS\system32\es.dll
0x01260000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x76bc0000 0x34000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x75e20000 0x19000 4.07.0000.3002 C:\Programmi\Messenger\msgsc.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
AWC.exe pid: 1880
Command line: "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
Base Size Version Path
0x00400000 0x240000 3.03.0004.0666 C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
0x40000000 0xc6000 7.00.0004.0453 C:\Programmi\IObit\Advanced SystemCare 3\rtl70.bpl
0x00640000 0x157000 7.00.0004.0453 C:\Programmi\IObit\Advanced SystemCare 3\vcl70.bpl
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x007a0000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40220000 0x3b000 7.00.0004.0453 C:\Programmi\IObit\Advanced SystemCare 3\vclx70.bpl
0x00350000 0x53000 1.00.0000.0000 C:\Programmi\IObit\Advanced SystemCare 3\WinSkinD7R.bpl
0x10000000 0xe000 C:\Programmi\IObit\Advanced SystemCare 3\NtfsData.dll
0x003c0000 0x21000 C:\Programmi\IObit\Advanced SystemCare 3\STFix.dll
0x003f0000 0xf000 C:\Programmi\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
0x00990000 0xa000 1.00.0000.0032 C:\Programmi\IObit\Advanced SystemCare 3\Routine.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x5f210000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\olepro32.dll
0x59110000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\Wship6.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x5ab30000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemdisp.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x73540000 0x53000 5.01.2600.5512 C:\WINDOWS\system32\mstask.dll
0x01b90000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x01d60000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
PCSuite.exe pid: 1892
Command line: "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
Base Size Version Path
0x00400000 0x15d000 7.01.0040.0000 C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
0x67000000 0x1f0000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtCore4.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x65000000 0x700000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtGui4.dll
0x61000000 0x59000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtXml4.dll
0x00370000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x10000000 0x52000 7.01.0005.0000 C:\Programmi\Nokia\Nokia PC Suite 7\CDC.dll
0x4fd60000 0x1a6000 5.03.2600.5512 C:\WINDOWS\system32\d3d9.dll
0x6deb0000 0x6000 5.03.2600.5512 C:\WINDOWS\system32\d3d8thk.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x01170000 0x6000 7.00.0012.0000 C:\Programmi\Nokia\Nokia PC Suite 7\PCSL.dll
0x01290000 0x9c000 7.00.0126.0000 C:\Programmi\PC Connectivity Solution\ConnAPI.dll
0x01450000 0x148000 7.00.0155.0000 C:\Programmi\PC Connectivity Solution\DAAPI.dll
0x016c0000 0x44000 7.00.0019.0000 C:\Programmi\PC Connectivity Solution\PCCS_ABAPI.dll
0x01930000 0x125000 7.01.0015.0000 C:\Programmi\Nokia\Nokia PC Suite 7\styles\NGLStyle.dll
0x01a60000 0x21000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
0x01a90000 0x8000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
0x66000000 0x3e000 4.04.0001.0000 C:\Programmi\Nokia\Nokia PC Suite 7\QtSvg4.dll
0x01cc0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x02640000 0x32000 7.00.0043.0000 C:\Programmi\PC Connectivity Solution\ConfServer.dll
0x74910000 0x11e000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x03990000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
MsPMSPSv.exe pid: 2020
Command line: C:\WINDOWS\system32\MsPMSPSv.exe
Base Size Version Path
0x01000000 0xd000 7.00.0000.1954 C:\WINDOWS\system32\MsPMSPSv.exe
SetPoint.exe pid: 644
Command line: "C:\Programmi\Logitech\SetPoint\SetPoint.exe"
Base Size Version Path
0x00400000 0xc6000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\SetPoint.exe
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x10900000 0x13000 4.80.0103.0000 C:\WINDOWS\system32\KemXML.dll
0x10800000 0x2a000 4.80.0103.0000 C:\WINDOWS\system32\kemutb.dll
0x10700000 0x28000 4.80.0103.0000 C:\WINDOWS\system32\KemUtil.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x10b00000 0x1b000 4.80.0103.0000 C:\WINDOWS\system32\KemWnd.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x12a00000 0xa000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\SetPointCOM.dll
0x10000000 0x7000 C:\Programmi\Logitech\SetPoint\khalwrapper.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00ae0000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00f30000 0x107000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\Macros\MacroCore.dll
0x12300000 0x8000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\IMHook.dll
0x1f900000 0x2a000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\WebBrowserSupport.dll
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x01070000 0x22000 4.70.0026.0000 C:\Programmi\Logitech\SetPoint\Macros\MacroAppSwitch.dll
0x010b0000 0x2f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KhalApi.dll
0x01240000 0x24000 4.80.0103.0000 C:\Programmi\File comuni\LogiShrd\bluetooth\LBTServ.dll
0x10e00000 0x11000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\kgame.dll
0x10d00000 0xf000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\GameHook.dll
0x10a00000 0x1f000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\LCabHandler.dll
0x10f00000 0x3d000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\Macros\MacroMedia.dll
0x10300000 0xb000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\KEMHook.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x01f10000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll
avmailc.exe pid: 128
Command line: "C:\Programmi\Avira\AntiVir Desktop\avmailc.exe"
avwebgrd.exe pid: 2056
Command line: "C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE"
KHALMNPR.exe pid: 2388
Command line: KHALMNPR.EXE /API
Base Size Version Path
0x00400000 0xd000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
0x10000000 0x2f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALAPI.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00f70000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00fd0000 0x24000 4.80.0103.0000 C:\Programmi\File comuni\LogiShrd\bluetooth\LBTServ.dll
0x74a70000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\cfgmgr32.dll
0x01020000 0x19000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALITCH.DLL
0x01060000 0x1d000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALMW.DLL
0x010a0000 0x2f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALHPP.DLL
0x01170000 0x22000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALMOU.DLL
0x011c0000 0x1f000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALHID.DLL
0x01200000 0x1b000 4.82.0011.0000 C:\Programmi\File comuni\Logishrd\KHAL2\KHALUSB.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
alg.exe pid: 3396
Command line: C:\WINDOWS\System32\alg.exe
Base Size Version Path
0x01000000 0xd000 5.01.2600.5512 C:\WINDOWS\System32\alg.exe
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\System32\ATL.DLL
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x10000000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
ServiceLayer.exe pid: 3484
Command line: "C:\Programmi\PC Connectivity Solution\ServiceLayer.exe"
Base Size Version Path
0x00400000 0xa0000 7.00.0124.0000 C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
0x10000000 0x6a000 7.00.0006.0000 C:\Programmi\PC Connectivity Solution\PCCS_DBEngine.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
NclRSSrv.exe pid: 3716
Command line: {F1E6C4F5-39C0-43FF-B929-55E2DA2E6D80}
Base Size Version Path
0x00400000 0x23000 7.00.0007.0000 C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
NclUSBSrv.exe pid: 3848
Command line: {EF37675B-E6B6-4D7D-B158-7E716E476984}
Base Size Version Path
0x00400000 0x25000 7.00.0015.0000 C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
CLI.exe pid: 3260
Command line: "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" -hide Wizard
Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x791b0000 0x269000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x008f0000 0x45000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x79780000 0x20e000 1.01.4322.2443 c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
0x79990000 0x33e000 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d01e3220\mscorlib.dll
0x79510000 0x13000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79430000 0x4d000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
0x7b610000 0x1f8000 1.01.4322.2032 c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
0x7b810000 0x2e2000 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecba824d\system.windows.forms.dll
0x11000000 0xc000 1.02.2349.28178 c:\programmi\ati technologies\ati.ace\cli.implementation.dll
0x02e50000 0xc000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\log.foundation.dll
0x03070000 0x14000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.dll
0x03090000 0xe000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\log.foundation.service.dll
0x030a0000 0x8000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\log.foundation.shared.dll
0x7b0a0000 0x130000 1.01.4322.2443 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
0x7b1d0000 0x1e4000 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bbd2063\system.dll
0x030f0000 0xa000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
0x7bc10000 0x14a000 1.01.4322.2032 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
0x7bd60000 0x202000 c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7efd980c\system.xml.dll
0x79640000 0x52000 1.01.4322.2032 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
0x03500000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x03770000 0x9c000 1.02.2349.28247 c:\programmi\ati technologies\ati.ace\cli.component.wizard.dll
0x03810000 0xe000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.clients.dll
0x03820000 0xa000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.component.wizard.shared.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x039f0000 0x18000 1.02.2349.28582 c:\programmi\ati technologies\ati.ace\cli.component.runtime.dll
0x03a20000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\aticccom.dll
0x03a30000 0x10000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.shared.dll
0x03a40000 0xa000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\aem.foundation.dll
0x03a50000 0xa000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
0x03a70000 0x18000 1.02.2349.28255 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.wizard.dll
0x03a90000 0x8000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.wizard.shared.dll
0x7b490000 0x76000 1.01.4322.2032 c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
0x7b510000 0xce000 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cdb8df7\system.drawing.dll
0x03aa0000 0x130000 1.02.2349.28225 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.wizard.dll
0x03bd0000 0x130000 1.02.2349.28232 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.wizard.dll
0x03d10000 0x68000 1.02.2349.28216 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.wizard.dll
0x03e80000 0x68000 1.02.2349.28271 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.wizard.dll
0x03ef0000 0x28000 1.02.2349.28200 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.wizard.dll
0x03f20000 0x28000 1.02.2349.28208 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.wizard.dll
0x03f50000 0x246000 1.02.2349.28240 c:\programmi\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.wizard.dll
0x041f0000 0x22000 1.02.2349.28179 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.wizard.dll
0x041c0000 0x17000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x04320000 0x74000 1.02.2349.28186 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.wizard.dll
0x79e60000 0x42000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
0x04b30000 0x80000 1.02.2349.28171 c:\programmi\ati technologies\ati.ace\cli.aspect.transcode.local.wizard.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x05370000 0x54000 1.02.2349.28194 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.wizard.dll
0x053d0000 0xc000 1.02.2236.29179 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll
0x053f0000 0x8000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll
0x05820000 0xc000 1.02.2236.29197 c:\programmi\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x05810000 0x8000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll
0x05ab0000 0xa000 1.02.2236.29132 c:\programmi\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll
0x05ac0000 0xa000 1.02.2208.29994 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll
0x05ae0000 0xa000 1.02.2208.29993 c:\programmi\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll
0x05af0000 0x12000 1.02.2343.18635 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll
0x05b10000 0x12000 1.02.2343.18612 c:\programmi\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll
0x05b40000 0x12000 1.02.2232.28756 c:\programmi\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll
0x05b60000 0xc000 1.02.2208.30001 c:\programmi\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll
0x05b70000 0x4a000 1.02.0000.0000 c:\programmi\ati technologies\ati.ace\cli.aspect.transcode.local.shared.dll
0x05bd0000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\atixclib.dll
0x05bf0000 0x2b000 9.12.0000.60312 C:\Programmi\File comuni\ATI Technologies\Multimedia\atixcode.dll
0x05c20000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x05c50000 0x209000 9.12.0000.60312 C:\Programmi\File comuni\ATI Technologies\Multimedia\atidvcr.dll
0x05e60000 0xa000 1.02.2208.29990 c:\programmi\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll
0x7a090000 0x138000 1.01.4322.2443 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
CLI.exe pid: 3272
Command line: "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray
Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x46000 2.00.50727.3053 C:\WINDOWS\system32\mscoree.dll
0x791b0000 0x269000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
0x008f0000 0x45000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x79780000 0x20e000 1.01.4322.2443 c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
0x79990000 0x33e000 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d01e3220\mscorlib.dll
0x79510000 0x13000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79430000 0x4d000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
0x7b610000 0x1f8000 1.01.4322.2032 c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
0x7b810000 0x2e2000 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecba824d\system.windows.forms.dll
0x11000000 0xc000 1.02.2349.28178 c:\programmi\ati technologies\ati.ace\cli.implementation.dll
0x02e50000 0xc000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\log.foundation.dll
0x03070000 0x14000 1.02.2208.29986 c:\programmi\ati technologies\ati.ace\cli.foundation.dll
0x03090000 0xe000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\log.foundation.service.dll
0x030a0000 0x8000 1.02.2208.29991 c:\programmi\ati technologies\ati.ace\log.foundation.shared.dll
0x7b0a0000 0x130000 1.01.4322.2443 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
0x7b1d0000 0x1e4000 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bbd2063\system.dll
0x030f0000 0xa000 1.02.2349.28575 c:\programmi\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
0x7bc10000 0x14a000 1.01.4322.2032 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
0x7bd60000 0x202000 c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7efd980c\system.xml.dll
0x79640000 0x52000 1.01.4322.2032 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
0x03500000 0x22000 9.00.0001.0001 C:\Programmi\Avira\AntiVir Desktop\avsda.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x03770000 0x6c000 1.02.2349.28521 c:\programmi\ati technologies\ati.ace\cli.component.systemtray.dll
0x037e0000 0x10000 1.02.2208.29987 c:\programmi\ati technologies\ati.ace\cli.caste.graphics.shared.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x039b0000 0x18000 1.02.2349.28582 c:\programmi\ati technologies\ati.ace\cli.component.runtime.dll
0x039d0000 0x8000 1.00.0000.0000 c:\programmi\ati technologies\ati.ace\aticccom.dll
0x039f0000 0xa000 1.11.0000.0000 c:\programmi\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
0x03a00000 0xa000 1.02.2208.29985 c:\programmi\ati technologies\ati.ace\aem.foundation.dll
0x03a10000 0xa000 1.02.2208.30002 c:\programmi\ati technologies\ati.ace\apm.foundation.dll
0x7b490000 0x76000 1.01.4322.2032 c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
0x7b510000 0xce000 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cdb8df7\system.drawing.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x4ebd0000 0x1ab000 5.02.6001.22319 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x03a90000 0x12000 1.02.2349.28521 c:\programmi\ati technologies\ati.ace\it\cli.component.systemtray.resources.dll
0x7a090000 0x138000 1.01.4322.2443 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
0x03b00000 0x17000 1.01.4322.2032 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
0x60080000 0x9000 2.00.50727.3053 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
0x79e60000 0x42000 1.01.4322.2443 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
FWService.exe pid: 2744
Command line: "C:\Programmi\PC Tools Firewall Plus\FWService.exe"
Base Size Version Path
0x00400000 0x23000 5.00.0000.0036 C:\Programmi\PC Tools Firewall Plus\FWService.exe
0x10000000 0x36b000 5.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\Objects.dll
0x5dd60000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\RPCNS4.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66bb0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\inetmib1.dll
0x71ef0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\snmpapi.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x01340000 0x31c000 5.00.0000.0040 C:\Programmi\PC Tools Firewall Plus\FirewallWrapper.dll
0x01a00000 0x2d000 2.00.0001.0006 C:\Programmi\PC Tools Firewall Plus\PCTWSC.dll
0x01ce0000 0x77000 1.00.0000.0038 C:\Programmi\PC Tools Firewall Plus\PluginDllFW.dll
0x01d80000 0x5d000 1.00.0000.0037 C:\Programmi\File comuni\PC Tools\GenTDI\GenericTdiDll.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x03650000 0xbd000 1.00.0000.0082 C:\Programmi\File comuni\PC Tools\KDS\KDSInterface.dll
0x03730000 0x78000 1.00.0000.0068 C:\Programmi\File comuni\PC Tools\KDS\KDSAppEvent.dll
0x76590000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\SensApi.dll
0x750e0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\Cabinet.dll
0x74e80000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x66750000 0x5e000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x055d0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
ctfmon.exe pid: 412
Command line: ctfmon.exe
Base Size Version Path
0x00400000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\ctfmon.exe
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x60060000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\MSUTB.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
svchost.exe pid: 6052
Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x75a20000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll
0x74a70000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll
0x73aa0000 0x15000 5.01.2600.5627 c:\windows\system32\mscms.dll
0x71cd0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x73b10000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll
sys88607.exe pid: 4728
Command line: "C:\Documents and Settings\vincenzo\Desktop\sys88607.exe"
Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\vincenzo\Desktop\sys88607.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
runme.exe pid: 4144
Command line: runme.exe
Base Size Version Path
0x00400000 0x62000 3.06.0000.0002 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp\runme.exe
0x73390000 0x153000 6.00.0098.0002 C:\WINDOWS\system32\MSVBVM60.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll
0x01610000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x01a30000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll
wscntfy.exe pid: 5084
Command line: C:\WINDOWS\system32\wscntfy.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\wscntfy.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x6000 7.02.0000.0137 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\IadHide5.dll
0x10100000 0xe000 4.80.0103.0000 C:\Programmi\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
cmd.exe pid: 13164
Command line: cmd /c uuoywfrygn.exe > tempd.txt
Base Size Version Path
0x4ad00000 0x64000 5.01.2600.5512 C:\WINDOWS\system32\cmd.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
uuoywfrygn.exe pid: 13204
Command line: uuoywfrygn.exe
Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp\uuoywfrygn.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
===================== NTFS ADS =====================
===================== ENCRYPTED FILES =====================
===================== HIDDEN OBJECTS =====================
===================== RUSTOCK ROOTKIT DETECTION =====================
===================== MASTER BOOT RECORD =====================
===================== NETWORK SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\-----
~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~
Nome host . . . . . . . . . . . . . . : casa-b8be587135
Suffisso DNS primario . . . . . . . :
Tipo nodo . . . . . . . . . : Sconosciuto
Proxy WINS abilitato . . . . . . . . : No
Scheda Ethernet Connessione alla rete locale (LAN):
Stato supporto . . . . . . . . . . . : Supporto disconnesso
Descrizione . . . . . . . . . . . . . : NIC Fast Ethernet PCI Realtek RTL8139 Family
Scheda Ethernet Connessione alla rete locale (LAN) 2:
Stato supporto . . . . . . . . . . . : Supporto disconnesso
Descrizione . . . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
-----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
\{0DE2E021-F55A-4710-9F74-7AF2139CC51E} NameServer= 192.168.1.1
~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~
Connessioni attive
Proto Indirizzo locale Indirizzo esterno Stato PID
TCP casa-b8be587135:epmap 0.0.0.0:0 LISTENING 1500
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
-- componente/i sconosciuto/i --
[svchost.exe]
TCP casa-b8be587135:microsoft-ds 0.0.0.0:0 LISTENING 4
[Sistema]
TCP casa-b8be587135:44080 0.0.0.0:0 LISTENING 2056
[AVWEBGRD.EXE]
TCP casa-b8be587135:44110 0.0.0.0:0 LISTENING 128
[avmailc.exe]
TCP casa-b8be587135:1025 0.0.0.0:0 LISTENING 672
[cli.exe]
TCP casa-b8be587135:1027 0.0.0.0:0 LISTENING 3396
[alg.exe]
TCP casa-b8be587135:1034 0.0.0.0:0 LISTENING 3272
[cli.exe]
TCP casa-b8be587135:1037 0.0.0.0:0 LISTENING 3260
[cli.exe]
TCP casa-b8be587135:1030 localhost:44080 CLOSE_WAIT 1892
[PCSuite.exe]
UDP casa-b8be587135:microsoft-ds *:* 4
[Sistema]
UDP casa-b8be587135:9370 *:* 1564
[LogitechDesktopMessenger.exe]
UDP casa-b8be587135:ntp *:* 1680
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP casa-b8be587135:1038 *:* 1880
[AWC.exe]
~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~
Nome cond. Risorsa Nota
IPC$ IPC remoto
D$ D:\ Condivisione predefinita
F$ F:\ Condivisione predefinita
ADMIN$ C:\WINDOWS Amministrazione remota
C$ C:\ Condivisione predefinita
E$ E:\ Condivisione predefinita
~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~
Nessuna connessione
~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~
-----C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Connections\Pbk\rasphone.pbk
===================== HOSTS FILE =====================
127.0.0.1 localhost
===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\
===================== UNINSTALL LIST =====================
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----
===================== HIJACKTHIS LOG =====================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7.55.53, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\vincenzo\Desktop\sys88607.exe
C:\DOCUME~1\vincenzo\IMPOST~1\Temp\nsv97.tmp\runme.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DE2E021-F55A-4710-9F74-7AF2139CC51E}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C16CECC0-EA9E-4645-AA4B-C0E1C2A9389D} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 18779 bytes
==========================================
Scan completed in 469,7 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman:
www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell:
www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer:
www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work