ARGOMENTO:

Ciao GHz , ciao ragazzi !!!

Mi sono beccato un virus !!!!


Prima che sia troppo tardi vi incollo il log di Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:13, on 30/07/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\BOINC\projects\www.ufluids.net\evolver_4.10_windows_intelx86.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Pierpaolo\Desktop\Programmi utili\RegSeeker\RegSeeker.exe
C:\Documents and Settings\Pierpaolo\Desktop\gmer\gmer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pierpaolo\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = it.start.mozilla.com...nt=firefox-a&rls=org.mozilla:it:official:
O2 - BHO: (no name) - {5be1539f-f92d-4d27-88e6-e7b7b4369fb7} - C:\WINDOWS\System32\ssqQiifE.dll
O2 - BHO: (no name) - {c4a3e954-b655-4b4e-9f4f-56918509f2fe} - (no file)
O2 - BHO: (no name) - {fbf85a20-ff88-4c46-90fb-b023e5c4eca0} - C:\WINDOWS\system32\ljJDTNDW.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: ljjdtndw - C:\WINDOWS\SYSTEM32\ljJDTNDW.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe

--
End of file - 2586 bytes


Vi prego aiutatemi !!!

...e non ditemi di formattare perchè non ci penso neanche !!!!

...come si usa GMER ????.....aiutoooooo !!!!

I file che sono pericolosi sono : liJdtn.dll

e il processo svchost.exe:exe.exe che non riesco a cancellare....senza contare che nel task manager mi si apre un Run32ll che non avevo mai prima.....

il pc perde il desktop e me lo devo riacchiappare con il taskmanager....aiutatemiiiiii !!!!

calma calma..
svchost sono normali processi di windows, giusto?
non puoi fermarli

ma scusa .. come hai fatto a prendere sto virus?
andavi in internet, hai scaricato qualcosa, allegati email ..... ??


ps
ovviamente hai già analizzato il log, vero?

EDIT
ah no scusa!
non avevo visto che il file era svchost.exe:exe.exe

Calma calma calma.

Calma.

Spiegaci un pò come è successo tutto.

Dal log direi che il virus c'è, bisogna capire che roba è ed estirparlo

Intanto con hijackthis fixa queste voci:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = it.start.mozilla.com...nt=firefox-a&rls=org.mozilla:it:official:
O2 - BHO: (no name) - {5be1539f-f92d-4d27-88e6-e7b7b4369fb7} - C:\WINDOWS\System32\ssqQiifE.dll
O2 - BHO: (no name) - {c4a3e954-b655-4b4e-9f4f-56918509f2fe} - (no file)
O2 - BHO: (no name) - {fbf85a20-ff88-4c46-90fb-b023e5c4eca0} - C:\WINDOWS\system32\ljJDTNDW.dll
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: ljjdtndw - C:\WINDOWS\SYSTEM32\ljJDTNDW.dll
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe

(li selezioni e poi clicchi su fix checked)

Poi scarica Prevx CSI da qui: info.prevx.com/downloadcsi.asp
Installalo, fai uno scan e copiaci i risultati.

Ciao,
GHz

Prevx CSI Log - Version v1.9.112.154
Log Generated: 30/7/2008 20:56, Type: 0
Some non-malicious files are not included in this log.
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] PX5: B6291379003D4824B2DE00BD2CEA4600000C1B30
C:\WINDOWS\System32\ntdll.dll InMem: 1 Det [G] PX5: 75D481CE004335AE9E050AB117486200256C36EA
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] PX5: A2ACB09F00998398104900C59832C500B79BCD14
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] PX5: DE804406000498297211007AC62C9D00E5144CD9
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] PX5: CD05C87C00A3B033B0CE0054E9FD0F00587D8037
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] PX5: B025E8C000B9E392384804F9CEFB41008465B6F6
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] PX5: 961877EE00FC03AE94DC081243C53100E615B84F
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] PX5: 3BA5729100C4AFD0D0960E1012E03B007BE80BD2
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] PX5: 1A3DE7700081EE0AD45303F0CD611600C146326E
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] PX5: E370FE0300F540AC66870984AB48540084642AEA
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] PX5: 8A46A31600AB9538140507E7943C2A00C9E44EC7
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\System32\sxs.dll InMem: 1 Det [G] PX5: A7E5BB37007ACA76E82709DCC352BD00EF57990D
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] PX5: 08995E4500E8C7FD9A0D067B45228B0086720078
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] PX5: 1BFA7A7700103984C8670003C2FE020016603100
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] PX5: 5E03B17C00AB6003EC43040371CC78007095FB24
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] PX5: B53A5CC800A3E179860C08884FA6E8007226B24C
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] PX5: E80D2047006255F2C8B0001FD4D69C008E851CEA
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] PX5: 3A670B0C00A1F1C73E3E00C6E6142E00E2561507
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] PX5: E22C652200136C2A7010001475FCD6009C75A4F2
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] PX5: 5794DA7800585299BA3004117A236500A67DD7CD
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] PX5: DA5387DA0001B19730C90A11E087A800CF5E80DB
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] PX5: 294A0B9300EAB86144B700532C9C3B0071A78159
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] PX5: 41125AD1009057C8AC42003596F41F00A2601BDC
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] PX5: 4E85272A00F909ADCC1F00FFDECE8800EDEE8B86
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] PX5: 7FF953DC007CBD50542C0E82C1298E007EAFDD90
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] PX5: 68009D86007DB6C2082B02384869240021257ADC
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] PX5: 146B6F1A005A58FF8C2802F784F3A8004C6FD71C
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] PX5: 47BE9F61004C4B066A71118E09DD2B0039E95F15
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] PX5: 5EC609B900871D2AF02301402403DE000E252C71
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] PX5: 810E260B002D87FD4058009B69469900C55A903B
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] PX5: 4AF9449E007D78D5B8150027312890004E85B1B5
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] PX5: 61B86A1200B91306260A0176889D060089DA1100
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] PX5: 21A23450005ACB3A4A4E0025D1D19F00258EFDCA
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] PX5: ED298CE5006607A5D2280EF6A698EA0002CE4F50
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: 2A22FEFF00A28D3670F67F7BB5BE37000B7BBA80
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 - {AEB6717E-7E19-11d0-97EE-00C04FD91972} [shell32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 - PostBootReminder [%SystemRoot%\system32\SHELL32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - CDBurn [%SystemRoot%\system32\SHELL32.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32 - {0E5CBF21-D15F-11D0-8301-00AA005B4383} [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F01-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F02-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 - [shell32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\InprocServer32 - BarSize [%SystemRoot%\system32\SHELL32.dll]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] PX5: 2742F4D6001A1420121D0642BD9C70006BF8BBB9
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] PX5: CA49FD3600371AAC821E08F8713435004A219980
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] PX5: F75EA9260099B0C4101C034A2C99C2005094692F
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] PX5: B04911B80045DD0B0017045C54D7B9006E17172F
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll InMem: 1 Det [G] PX5: 55F9AAD4003BD3490E600E5233CB73005E58B7A8
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] PX5: 49D39B6900BCBCA8804001EEAB14A90063984CFB
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] PX5: 07929B5100B8904FC0AE0164AE61D6001778811D
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] PX5: 56A0DE01009273BB10A300EF09037600B79BCD14
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] PX5: D2421767008A382898DC012D6045F800B79D9606
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] PX5: DB267CC4007C6D756CEA0175050B02008569874B
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] PX5: BA1F464B00A165EA42770059D472B8008E5FA1BD
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] PX5: A4D2FBE4009BFD7E1C0A03933E310100BFF15120
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] PX5: DF8DD8040095E337A41D02E9D9A7EE00B4B957C1
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] PX5: 68C0DE4000B710C660DA01AB3C862B0079FFB491
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] PX5: CB84869500683F0352EE01A62AA52A0099866A00
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] PX5: 1DF3A66F0095FA7904C402DB3A574900A0A9910E
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] PX5: C7AA9F42004DC3D4DA6900066CAECB00A9968491
C:\WINDOWS\System32\rsaenh.dll InMem: 1 Det [G] PX5: 21F573B20019B48F02B0021BE9687600BECDC2BD
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] PX5: AC589E6700D8AC42D6B200FA99795700D7E8DD57
C:\WINDOWS\system32\ljJDTNDW.dll InMem: 1 Det PX5: 6C6CDF36803F060E85720000BE224600396A80E5 Malware Group: Fraudulent Security Program
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0}\InprocServer32 - {FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} [C:\WINDOWS\system32\ljJDTNDW.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdtndw - DllName [ljJDTNDW.dll]
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] PX5: E924B01500B877E51AA30904D22F9E007EB9E316
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] PX5: 1AD73A75007BF080B09C08AE84F4E100AC678A91
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] PX5: B7F5EC5E00E343B2E86706410102B0007AE50206
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] PX5: C9CDF0CF00BB63F3205E02F2ADFAFB0085749E66
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] PX5: 1A8C035000CBE525B2C80137A2D2EB005D54C94C
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] PX5: A1FC032E005BD24C942D02311149F60069AA36E6
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] PX5: DC96945600C70ECAC6E304C906DE4E00F0D75AF1
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InprocServer32 - {750fdf0e-2a26-11d1-a3ea-080036587f03} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{10CFC467-4392-11d2-8DB4-00C04FA31A66}\InprocServer32 - {10CFC467-4392-11d2-8DB4-00C04FA31A66} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}\InprocServer32 - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] PX5: ACB3A24B002D702C56700024DBDDEA00DF308EFB
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave1 [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave2 [wdmaud.drv]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] PX5: 9752806A00394A6806580132AF62B400C8C37319
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] PX5: DEA48C72009CCDFA460700C5BC5014000DC188AA
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] PX5: 7896FAB30010862DE8610CFEFCA47300BC335D7D
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] PX5: CE0C308F001851C926DD07DE6D5BAF00F971A1B6
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] PX5: 6A108D5000E99B03A6B90103B548390022CD171F
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\System32\wbem\wbemprox.dll InMem: 1 Det [G] PX5: 3C50E653003593AE6E99007EDEF61600D68DF5A5
C:\WINDOWS\System32\wbem\wbemcomn.dll InMem: 1 Det [G] PX5: 76AB353300B6363946380394A1975500C846E98E
C:\WINDOWS\System32\wbem\wbemsvc.dll InMem: 1 Det [G] PX5: 61C3AD1E006BACBFBC7C00E27E0B0A00A89FF934
C:\WINDOWS\System32\wbem\fastprox.dll InMem: 1 Det [G] PX5: 5B9D5B7800740FB4EEBC083622BC0D0034879198
C:\WINDOWS\system32\Cabinet.dll InMem: 1 Det [G] PX5: E4AFF01A0011E000E6A500B3580358003CB95B91
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] PX5: D1E2B2AC00B20C5A8E6901A399C40C007A26D714
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] PX5: 8F77AB81008DBD55B68104CD2E18B700C3C9CA2E
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] PX5: 8DBED7A40043DAECA225011B175728007B4D9F03
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] PX5: D49F3EC30097426FA6D40083A7779A00CA8B657D
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] PX5: 3497453500AB7ECABA490085837914004B4DA583
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] PX5: 8A70A561007509F872410066CC9DF700B65D1F9F
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll InMem: 1 Det [G] PX5: F86DA5380028CF23F2BD1934F7DA2000DBB69A62
C:\WINDOWS\System32\mswsock.dll InMem: 1 Det [G] PX5: 41883D87005AADAB8440031A238C5600D6C23C9D
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] PX5: 3671F9F600ECAE5332450131286FF400165A3AB8
C:\WINDOWS\system32\netman.dll InMem: 1 Det [G] PX5: 9A37FD1F0068F46B42DF02CB0166CA00C8D4740F
C:\WINDOWS\system32\MPRAPI.dll InMem: 1 Det [G] PX5: F097F65B00980B913648013383501C00E4BD903F
C:\WINDOWS\system32\ACTIVEDS.dll InMem: 1 Det [G] PX5: 1F1619DE004A48B6C61B0279D20CC30042BAF755
C:\WINDOWS\system32\adsldpc.dll InMem: 1 Det [G] PX5: 9C8C11B300A7FE4E209A02222BBBF30014B8C33A
C:\WINDOWS\system32\ATL.DLL InMem: 1 Det [G] PX5: 5B584DA9328BE48A2470010350B34600B1E0AF7D
C:\WINDOWS\system32\rtutils.dll InMem: 1 Det [G] PX5: 51D495C60071D14E9C00005D422DEE006A0446C0
C:\WINDOWS\system32\RASAPI32.dll InMem: 1 Det [G] PX5: D4F5C3E80000710B463C032B7D452D0019BA076F
C:\WINDOWS\system32\rasman.dll InMem: 1 Det [G] PX5: 92BDE7940037C45FDA3600CDCC0ED200892B3738
C:\WINDOWS\system32\TAPI32.dll InMem: 1 Det [G] PX5: F750D14D000BD66C7E0B026800BE260024C2D819
C:\WINDOWS\system32\WZCSvc.DLL InMem: 1 Det [G] PX5: 9A3AAD7300C69B94D0E4026AFE4625009128CAFB
C:\WINDOWS\system32\WMI.dll InMem: 1 Det [G] PX5: 17AF569B00C36B651626008521D11100AA13719B
C:\WINDOWS\system32\DHCPCSVC.DLL InMem: 1 Det [G] PX5: 10411352006B43298295015066700900C73F6455
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] PX5: 7D1EFB4C004B545D3A77003C3B18C600D7C32D59
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] PX5: 6B513FDD00B45C04187A003B55A89600BCC110B2
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] PX5: 46E31A8C00691C1D447D006F9B5298000BDF8FC0
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] PX5: B39CA3EF00D5C8AA2E9500E3757A60008AA92823
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\System32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\System32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\System32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] PX5: 7A3D35F800F511164E0A0AF7C62D6D0023C87C30
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] PX5: 1F0436230014F1A17C8706A256836800164CC06E
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] PX5: E1E5E54600F8742DFCEE00A3038BCC007D076F50
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] PX5: 59816D9C00D51961B03700835DB752001FDCC3F2
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] PX5: 702EBFFE0006D9B30C89041DF0640F00ACE9EB52
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] PX5: DED1DF85005D349C12E506CECE888F0060F741EE
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] PX5: 06612A8200531DF98EB10222DA1B96000F50D860
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] PX5: EF38E2993602A09C205C06B5FDEF2E00715809F1
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] PX5: F7C27B510066DA4A0AC302B368E3DF002E4D8A73
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] PX5: DA5A0640002AD559B6FE00735160B000925A6B71
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] PX5: 272B0A5800D21B1CC2BE0242D21B0E0043C158BF
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] PX5: 46C614BB00A29377587502FF3F4821000353EF47
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] PX5: CCC91990004C247E3AE5034524F3A300325CF7AC
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] PX5: 51F3FB3500E797AE644A0084ABFC19000D329626
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] PX5: 184DBDC900534E5C647A00E8AE84F8009C2303CF
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] PX5: B28DD0F9007588444A0001E944A8E70075E88205
C:\WINDOWS\System32\dssenh.dll InMem: 1 Det [G] PX5: 20A9AD46008EFE53E09901067876BE00BA1B2543
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [GP] PX5: F574A9700026FFA5325F008B3E367400400A334E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\uploadmgr - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSp - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] PX5: C10DD217000A3FCFF41D03A5E7C6D400340FE26E
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] PX5: 9E0DBF34009D8B8B94F300450C0BB5005703C0C7
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] PX5: 68F8DE810068CB31D8BC013ED0575D0013A20FE2
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] PX5: 5C70508700298061C853000DB0C8300087CAD320
c:\windows\system32\certcli.dll InMem: 1 Det [G] PX5: 68ED7B4700FC326CD87A0209B1CFCF0055581124
c:\windows\system32\CRYPTUI.dll InMem: 1 Det [G] PX5: F3A2251C00C757BC58D907B1ED5BC3002037AF5E
c:\windows\system32\ESENT.dll InMem: 1 Det [G] PX5: E1BE2A5400687BF5B0E20FFB2137140050E4EE97
c:\windows\system32\dmserver.dll InMem: 1 Det [G] PX5: 4A5F635C007F858156A30035416B1100A3E21134
c:\windows\system32\es.dll InMem: 1 Det [G] PX5: 213C220300F088676E1603F3AE5BBA0018769E36
c:\windows\system32\mspmspsv.dll InMem: 1 Det [G] PX5: C1C0C5480026D481B88F00F4F21A7C004A9A20A1
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] PX5: A158CCD4002AB4748C9901FDD324330033DAA2C8
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] PX5: 79F24823002B33F83E0D06439108590046D206A5
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] PX5: FCBD866C00E2E65F728C006D64A3A0003377B7C1
c:\windows\system32\trkwks.dll InMem: 1 Det [G] PX5: D79A49D900401D673A22010070239400BAC252B4
c:\windows\system32\srsvc.dll InMem: 1 Det [G] PX5: 3917F20800A415FE606A020A5A6B74008C819466
c:\windows\system32\seclogon.dll InMem: 1 Det [G] PX5: 281F044C00488E8D52A5004C505F7C002A707221
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] PX5: 5B6B38F500969C9E5444013CC483100058D31F24
c:\windows\system32\sens.dll InMem: 1 Det [G] PX5: A46936A3006015C68C2700C087925B001E364FFF
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] PX5: 3BFF8A3600B48AD7622C116252C61700A158B749
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] PX5: 75F138DF00736C67F0C900BA96AA62000ADB579E
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] PX5: 6F44411200BBFA2B5C510001E5829700CED1F480
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] PX5: CAD5E2AB00C547F0DE330036EE7437000CA3FCBD
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] PX5: 332A336C000F401FD09000D0A0ACFA00C4C6503E
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] PX5: 3DCF9ACD00429085D63A00EF23CE3700330D9C18
c:\windows\system32\browser.dll InMem: 1 Det [G] PX5: 086CEF4300F6FC4CC0DB00E11D866D00EFA1F051
C:\WINDOWS\System32\mtxoci.dll InMem: 1 Det [G] PX5: 46694D4800B29C0C485101915DBA70000C36AF23
c:\windows\system32\termsrv.dll InMem: 1 Det [G] PX5: 66FCF9C600A91F4E0AF603DA9869BF0018A7A8AE
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] PX5: 73AE464E00E5C18322BE00237944E6009876A7B9
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] PX5: 74470C04004195C896AA014BC7744E005D92B0A6
C:\WINDOWS\system32\NETSHELL.dll InMem: 1 Det [G] PX5: 31F7B31300759F67DA931879AB89590003BD1737
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InprocServer32 - {7007ACC7-3202-11D1-AAD2-00805FC1270E} [C:\WINDOWS\system32\NETSHELL.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{992CFFA0-F557-101A-88EC-00DD010CCC48}\InprocServer32 - {992CFFA0-F557-101A-88EC-00DD010CCC48} [C:\WINDOWS\system32\NETSHELL.dll]
C:\WINDOWS\system32\credui.dll InMem: 1 Det [G] PX5: 0747A4D600E8A2F47A850263465F6F00BD56CF24
C:\WINDOWS\System32\upnp.dll InMem: 1 Det [G] PX5: B1CFA341006D72B8C238010465F6E800587480B7
C:\WINDOWS\System32\SSDPAPI.dll InMem: 1 Det [G] PX5: 4FA65F740054E62A68A5002D3CB9DD00D4B0AFCF
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] PX5: C282F1B70098D1879293032F311FC200A410F3A3
c:\windows\system32\rasmans.dll InMem: 1 Det [G] PX5: 845BC0F300511F9F70A5029E3078670040247F88
c:\windows\system32\netcfgx.dll InMem: 1 Det [G] PX5: 1F877F3D0060FE2D0A0B091B62536100BB6BCEFB
C:\WINDOWS\System32\hnetcfg.dll InMem: 1 Det [G] PX5: 200D75F000BF5613B6C703CE5B7A210079A02E38
C:\WINDOWS\System32\msi.dll InMem: 1 Det [G] PX5: EB4DC770003DE18E34941F3B3C2E07007A2F5649
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] PX5: 7F63751600B9AD4748A40736D8A7D8007896D706
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] PX5: 6D9363B3001A0304986F032BF9E25B00907047F0
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] PX5: 52C727B700B42BCAD204001D18905600ABE5AD31
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] PX5: CF6DED4D00527391E6CF0299BAE59000479DC689
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] PX5: 58EA41DF00D2E6A036960032B75B9B001C3F2F48
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] PX5: 3B7DC23500160A5E7E790005ECFC9700430AEE93
C:\WINDOWS\System32\wbem\wmiutils.dll InMem: 1 Det [G] PX5: DA940EC7004054EC822A01D797805A00AB8534BE
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] PX5: EDD8B05C0031416AD0DC0056C50FD900B91AEBB8
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] PX5: 2073002E00858C5D40AC00AB46501D0022A81F91
C:\WINDOWS\System32\wbem\repdrvfs.dll InMem: 1 Det [G] PX5: 915B337F00A786CF187A02B575C88D00B2F3E7E8
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] PX5: 5588FC7C002A54B8DED303F7FCDE9300D0B12702
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] PX5: 392B09610085FDEE702C00CD58EA8C003041DB6C
C:\WINDOWS\System32\HID.DLL InMem: 1 Det [G] PX5: 632C72360010D31E580A00F8DF32B00001379FDC
C:\WINDOWS\System32\wbem\wmiprvsd.dll InMem: 1 Det [G] PX5: E2120D8100C3A07936B30672CDC6B20026B2F630
C:\WINDOWS\System32\wbem\wbemess.dll InMem: 1 Det [G] PX5: 9C859E88006F898DF42003AE61EE5300630AE48D
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] PX5: 1719A11900615EB9F43F02D70C4B4600AE827E51
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] PX5: B6F176AB005D4CAE1AFA005B007E9F001BF663F0
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] PX5: CD7A20850036921986AA00D43B9E4400805167C9
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] PX5: 3F59240B00024736CE8600349F59980003E81E39
c:\windows\system32\rasauto.dll InMem: 1 Det [G] PX5: 6503647C003F3D0144CA01265C765B00AC2BAC50
C:\WINDOWS\System32\icmp.dll InMem: 1 Det [G] PX5: 13432CBE00A4C9330C1400FA26B03A00B79BCD14
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] PX5: 0CA362F2003CEEECE237096A8E7D4900DE1F3757
C:\WINDOWS\System32\wbem\ncprov.dll InMem: 1 Det [G] PX5: D16572A30068E70FEEDF006FDAEA1000096E48F1
C:\WINDOWS\System32\xactsrv.dll InMem: 1 Det [G] PX5: B960866F005108BB4EB9012C17A593005FBA6F1A
C:\WINDOWS\System32\NETRAP.dll InMem: 1 Det [G] PX5: E62497F600DDE8DB2A6A00653DB00B007F62CF74
C:\WINDOWS\System32\sensapi.dll InMem: 1 Det [G] PX5: 11CF9E7B00369B4B186300735CECF600288DABAE
C:\WINDOWS\System32\msxml3.dll InMem: 1 Det [G] PX5: 7C420A7F00B0458212F3113B9F1B33006E7077DF
C:\WINDOWS\System32\wbem\wbemcons.dll InMem: 1 Det [G] PX5: 9927DA54009D458402A7017E11CD98008840A8F2
C:\WINDOWS\system32\logonui.exe InMem: 1 Det [G] PX5: CFB1376D00ACBBEFB67407D3CA2BF300AAF2EB61
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - UIHost [logonui.exe]
C:\WINDOWS\system32\DUSER.dll InMem: 1 Det [G] PX5: 59721C2E0041B4ADFCFC03A02CDEA100E380199E
C:\WINDOWS\system32\MSIMG32.dll InMem: 1 Det [G] PX5: 9DD745B500ED5D1112CE008A3772FD001C8F233A
C:\WINDOWS\system32\OLEACC.dll InMem: 1 Det [G] PX5: 81D38A4800E8D21B7EF202F4F2585B00DE902D48
C:\WINDOWS\System32\shgina.dll InMem: 1 Det [G] PX5: 44E87AC500F32047F4ED006EDACE8A0071980AFA
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] PX5: 2E655DC100E1C75AACD2005809568700FFD2FD05
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] PX5: C874AB3D0021A591300300FD1A5FD300B7877213
c:\windows\system32\webclnt.dll InMem: 1 Det [G] PX5: 2A5C1DEC00642581F0B6008B5A3CF5008F260B76
c:\windows\system32\ssdpsrv.dll InMem: 1 Det [G] PX5: 3E6E2EA200AD7D379CBD00845A048100115847CD
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] PX5: AFAD24FA00653101C84A007A6AB55A00FB3624B0
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler - ImagePath [C:\WINDOWS\system32\spoolsv.exe]
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] PX5: 234FED480086B9A304F901901FD84F00E2AAA53D
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] PX5: D112274900C877F87E460458A8458E00C5E8ED47
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] PX5: 2F076C1600A916B3BCD600A243E7D2001C2DFB7A
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] PX5: E848766100C3E52A322C0037695DCC002D6D379B
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] PX5: 0AF564A600A02E56A017000E7EA44F00EB580E2E
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] PX5: 0212370300A09F943A880020A76A4000CE1DD902
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] PX5: 87B8F7A9001FCEC176D80126CF967100395BD3CC
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] PX5: CC9D8A5A00F27AE10AE201810FE73A00202C2453
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe InMem: 1 Det [G] PX5: 11D612770092CC30306717835C1F0700D14E46A1
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - D-Link AirPlus G [C:\Programmi\D-Link\AirPlus G\AirGCFG.exe]
C:\WINDOWS\System32\wlanapi.dll InMem: 1 Det [G] PX5: 8918C1C100FD6239909A031B740ACE00B46F5215
C:\WINDOWS\System32\ANIOApi.dll InMem: 1 Det [G] PX5: 0B88AF5F00F1FA5F90D0006E6755C700D393B767
C:\WINDOWS\System32\MFC42.DLL InMem: 1 Det [G] PX5: C3200BC83772F36330040FB75222D200AA126D14
C:\WINDOWS\System32\AQCKGen.dll InMem: 1 Det [G] PX5: C4926C9700432076C07000FA435A4C003E7F736D
C:\WINDOWS\System32\WlanApp.dll InMem: 1 Det [G] PX5: 18098EF900518CAD3076027C13959700C0D9EA2E
C:\WINDOWS\System32\oledlg.dll InMem: 1 Det [G] PX5: 0F4248FC00565555D4D101CBEA69C700971E3F45
C:\WINDOWS\System32\OLEPRO32.DLL InMem: 1 Det [G] PX5: 2E2AEC700025B890A0C901E434DFB10090ACF671
C:\WINDOWS\System32\MFC42LOC.DLL InMem: 1 Det [G] PX5: 50EC1EAC0042F609E0B8000596D265006CAB3F5E
C:\Programmi\D-Link\AirPlus G\WlanMon.dll InMem: 1 Det [G] PX5: 2A6AD333006F06D180B8012DDDE82A000868EF05
C:\Programmi\BOINC\boincmgr.exe InMem: 1 Det [GP] PX5: 53216C55006B086053403F35639E560006DCB690
C:\Programmi\BOINC\MSVCR80.dll InMem: 1 Det [G] PX5: 9A45456900EE9D7990C909755A3A5C00A6DAF154
C:\Programmi\BOINC\MSVCP80.dll InMem: 1 Det [G] PX5: 1CD79A6B00ACCCBD60660869F17C0900CE4B6B7D
C:\Programmi\BOINC\boinc.dll InMem: 1 Det [G] PX5: 21CDEAE300F57B9A41000052DD5A5400A89AB825
C:\Programmi\BOINC\boinc.exe InMem: 1 Det [UP] PX5: 829A0C62002454B1E3AF0A59CF0D68008DBC6CC1
C:\Programmi\BOINC\zlib1.dll InMem: 1 Det [G] PX5: 576287920011BC36F2AE003ACFB4CA00B7AE7450
C:\Programmi\BOINC\libcurl.dll InMem: 1 Det [G] PX5: E9D5099F00EF28A010D503B49A1F9B00A896E8AE
C:\Programmi\BOINC\LIBEAY32.dll InMem: 1 Det [G] PX5: CA424EFB00678ACEA0AA0F39A8DE8F007750D4A8
C:\Programmi\BOINC\SSLEAY32.dll InMem: 1 Det [G] PX5: 7379E4B7001027F600C203422712CA002585898C
C:\Programmi\BOINC\projects\www.ufluids.net\evolver_4.10_windows_intelx86.exe InMem: 1 Det [G] PX5: 22F0936E00B9D0E150412026323D5000E2C943DC
C:\WINDOWS\System32\alg.exe InMem: 1 Det [G] PX5: 1AD1DEE800E57373A0030056FB9D220083AD3AC4
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG - ImagePath [C:\WINDOWS\System32\alg.exe]
C:\WINDOWS\System32\cisvc.exe InMem: 1 Det [G] PX5: 99D45C2C005EA3D314F500E279F4AB0059254255
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\cisvc - ImagePath [C:\WINDOWS\System32\cisvc.exe]
C:\WINDOWS\System32\query.dll InMem: 1 Det [G] PX5: FCFB8A8700BA5C7778A114C66F7C53009B7F2CE8
C:\WINDOWS\system32\rsvpsp.dll InMem: 1 Det [G] PX5: 316FAA8C007F4493605401B98234D5008F685EE8
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 - PackedCatalogItem [%SystemRoot%\system32\rsvpsp.dll]
C:\WINDOWS\System32\cidaemon.exe InMem: 1 Det [G] PX5: 294C30670067C14D209300448CFCAF0090848BF3
C:\WINDOWS\System32\infosoft.dll InMem: 1 Det [G] PX5: 2CDB31710086C2C1E08406D1C61673004093D560
C:\WINDOWS\System32\nlhtml.dll InMem: 1 Det [G] PX5: 91A465F7003F553964A6010CA0F28B004CB8C4E4
C:\WINDOWS\System32\mlang.dll InMem: 1 Det [G] PX5: C8A31ADF004A16DFCE440832296E7D00B3C3B631
C:\WINDOWS\System32\taskmgr.exe InMem: 1 Det [G] PX5: BE17200F00ABB90604900205E5074800726770E7
C:\WINDOWS\System32\VDMDBG.dll InMem: 1 Det [G] PX5: 322527DE00CF12825EC700CAC5AC77006E5D4F2A
C:\WINDOWS\System32\UTILDLL.dll InMem: 1 Det [G] PX5: 1D523D80001DF1C066F30000C6A46100D1C3CF87
C:\WINDOWS\System32\cfgmgr32.dll InMem: 1 Det [G] PX5: A58F6796004860B1427C009B9B4AB700D2E293FA
C:\WINDOWS\System32\browseui.dll InMem: 1 Det [G] PX5: 75F7EF070006982994EE0FA808B7B100DD347545
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InprocServer32 - {5E6AB780-7743-11CF-A12B-00AA004AE837} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\InprocServer32 - {22BF0C20-6DA7-11D0-B373-00A0C9034938} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\InprocServer32 - {91EA3F8B-C99B-11d0-9815-00C04FD91972} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6413BA2C-B461-11d1-A18A-080036B11A03}\InprocServer32 - {6413BA2C-B461-11d1-A18A-080036B11A03} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\InprocServer32 - {F61FFEC1-754F-11d0-80CA-00AA005B4383} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\InprocServer32 - {7BA4C742-9E81-11CF-99D3-00AA004AE837} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\InprocServer32 - {30D02401-6A81-11d0-8274-00C04FD5AE38} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32 - {32683183-48a0-441b-a342-7c2a440a9478} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\InprocServer32 - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{07798131-AF23-11d1-9111-00A0C98BA67D}\InprocServer32 - {07798131-AF23-11d1-9111-00A0C98BA67D} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\InprocServer32 - {AF4F6510-F982-11d0-8595-00AA004CD6D8} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11d0-BFE9-00AA005B4383} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A08C11D2-A228-11d0-825B-00AA005B4383}\InprocServer32 - {A08C11D2-A228-11d0-825B-00AA005B4383} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2763-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7376D660-C583-11d0-A3A5-00C04FD706EC}\InprocServer32 - {7376D660-C583-11d0-A3A5-00C04FD706EC} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6756A641-DE71-11d0-831B-00AA005B4383}\InprocServer32 - {6756A641-DE71-11d0-831B-00AA005B4383} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\InprocServer32 - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7e653215-fa25-46bd-a339-34a2790f3cb7}\InprocServer32 - {7e653215-fa25-46bd-a339-34a2790f3cb7} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{acf35015-526e-4230-9596-becbe19f0ac9}\InprocServer32 - {acf35015-526e-4230-9596-becbe19f0ac9} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E0E11A09-5CB8-4B6C-8332-E00720A168F2}\InprocServer32 - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2764-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 - {03C036F1-A186-11D0-824A-00AA005B4383} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2765-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\InprocServer32 - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\InprocServer32 - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [%SystemRoot%\System32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\InprocServer32 - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [%SystemRoot%\System32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} [%SystemRoot%\System32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 - {8C7461EF-2B13-11d2-BE35-3078302C2030} [%SystemRoot%\System32\browseui.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11D0-BFE9-00AA005B4383} [%SystemRoot%\System32\browseui.dll]
C:\WINDOWS\System32\SHDOCVW.dll InMem: 1 Det [G] PX5: BF9E468900893E996EFB1495EC8F0900124C04DB
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524152} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524153} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E61-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0A89A860-D7B1-11CE-8350-444553540000}\InprocServer32 - {0A89A860-D7B1-11CE-8350-444553540000} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocServer32 - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 - {FBF23B40-E3F0-101B-8488-00AA003E56F8} [shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 - {FF393560-C2A7-11CF-BFF4-444553540000} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}\InprocServer32 - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{67EA19A0-CCEF-11d0-8024-00C04FD75D13}\InprocServer32 - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{131A6951-7F78-11D0-A979-00C04FD705A2}\InprocServer32 - {131A6951-7F78-11D0-A979-00C04FD705A2} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}\InprocServer32 - {9461b922-3c5a-11d2-bf8b-00c04fb93661} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InprocServer32 - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 - {871C5380-42A0-1069-A2EA-08002B30309D} [%SystemRoot%\System32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\System32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}\InprocServer32 - BarSize [%SystemRoot%\System32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\InprocServer32 - BarSize [%SystemRoot%\System32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\InprocServer32 - CLSID [%SystemRoot%\System32\shdocvw.dll]
C:\Programmi\Mozilla Firefox\firefox.exe InMem: 1 Det [G] PX5: A0FF60D2700BF8D9FE51743E0A57A000E3FD0BB4
REGEXTNMAP - \REGISTRY\Machine\Software\Classes\ftp\shell\open\command - [C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1]
C:\Programmi\Mozilla Firefox\js3250.dll InMem: 1 Det [G] PX5: 098198B668EDB89C007C07A0A2453200222D0830
C:\Programmi\Mozilla Firefox\nspr4.dll InMem: 1 Det [G] PX5: 5263A09E70E6B3FA76F402F4E50AA800291DB797
C:\Programmi\Mozilla Firefox\xpcom_core.dll InMem: 1 Det [G] PX5: D0D74EE3701748C070A00644226F000055AD0019
C:\Programmi\Mozilla Firefox\plc4.dll InMem: 1 Det [G] PX5: 805ED1397829B78F86F6002DDDE82A0013268629
C:\Programmi\Mozilla Firefox\plds4.dll InMem: 1 Det [G] PX5: D89FD48170A74E7D768A00A323AA33003E9F71BC
C:\Programmi\Mozilla Firefox\smime3.dll InMem: 1 Det [G] PX5: 947879126862FA63B65501F572858300087C1268
C:\Programmi\Mozilla Firefox\nss3.dll InMem: 1 Det [G] PX5: D3DC2BD36852E4F6D635051E7932D2003F9E7E78
C:\Programmi\Mozilla Firefox\softokn3.dll InMem: 1 Det [G] PX5: 8542B9B86C54271FE0A2030F4DD1D900EF97B93E
C:\Programmi\Mozilla Firefox\ssl3.dll InMem: 1 Det [G] PX5: 8EC2105B68155681167F02FF3A277D00C2F60E56
C:\Programmi\Mozilla Firefox\xpcom_compat.dll InMem: 1 Det [G] PX5: EC180AAC7842FEA7208A0137A92000004C07635D
C:\Programmi\Mozilla Firefox\components\myspell.dll InMem: 1 Det [G] PX5: 17BCE6718838929888B7000AF9F43C006754552F
C:\Programmi\Mozilla Firefox\components\jar50.dll InMem: 1 Det [G] PX5: B738D54A70417C3908BC0172628A490088373504
C:\WINDOWS\System32\msimtf.dll InMem: 1 Det [G] PX5: 886CBD5400A93B5D64F0021B50531A009882D6FB
C:\WINDOWS\System32\MSCTF.dll InMem: 1 Det [G] PX5: DF6481F400B1397C7CD904967730DB00C9C1D1CC
C:\Programmi\Mozilla Firefox\freebl3.dll InMem: 1 Det [G] PX5: 656849DF7D6F8DBF10880339B81361000E79A756
C:\Programmi\Mozilla Firefox\nssckbi.dll InMem: 1 Det [G] PX5: 3FC8DF7B70B97A8536BB042D181D9F0085E6E884
C:\Programmi\Mozilla Firefox\components\spellchk.dll InMem: 1 Det [G] PX5: E1CB440280C540A3B6F600BB5161FA00C9FCABF6
C:\WINDOWS\System32\IMM32.DLL InMem: 1 Det [G] PX5: E4C18D54000C3A667A5101F259F12100D19DF73E
C:\WINDOWS\System32\awtutrpm.dll InMem: 1 Det [BN] PX5: 8CD91DEC00703BC6EF200497F047BC00F1CC3C22 Malware Group: Fraudulent Security Program
C:\WINDOWS\System32\SHFOLDER.dll InMem: 1 Det [G] PX5: 9D40A6FB00CE3C8D58D100DF478101007F8DC914
C:\WINDOWS\explorer.exe InMem: 1 Det [G] PX5: A4EAAD540099E97D50080F6CB23EA9001763AE9F
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [explorer.exe]
C:\WINDOWS\System32\themeui.dll InMem: 1 Det [G] PX5: 85E088F60084A2D1EC6205C8762BF00097010406
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{41E300E0-78B6-11ce-849B-444553540000}\InprocServer32 - {41E300E0-78B6-11ce-849B-444553540000} [%SystemRoot%\System32\themeui.dll]
C:\WINDOWS\System32\actxprxy.dll InMem: 1 Det [G] PX5: 259FDE5100EFE10E801301BDAB597C0043F33278
C:\WINDOWS\System32\LINKINFO.dll InMem: 1 Det [G] PX5: 778EDB1B00C804323CBF00E0F67201003085D88C
C:\WINDOWS\System32\ntshrui.dll InMem: 1 Det [G] PX5: E380AF0B00981288200902CD8B08CA003DD69F53
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InprocServer32 - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [ntshrui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InprocServer32 - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [ntshrui.dll]
C:\WINDOWS\System32\stobject.dll InMem: 1 Det [G] PX5: 43B7192E00CF0DADCE790151A64A0000EF3470A9
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 - SysTray [C:\WINDOWS\System32\stobject.dll]
C:\WINDOWS\System32\BatMeter.dll InMem: 1 Det [G] PX5: 5ECC4ECE004EFE626A6D000273F2DF004D181ADC
C:\WINDOWS\System32\POWRPROF.dll InMem: 1 Det [G] PX5: B930AAD1007A5C713A83007C0B0DCD00BE26C0A2
C:\WINDOWS\System32\printui.dll InMem: 1 Det [G] PX5: D56FA8D400C11B6328B108095AE82E00313C26E0
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{77597368-7b15-11d0-a0c2-080036af3f03}\InprocServer32 - {77597368-7b15-11d0-a0c2-080036af3f03} [printui.dll]
C:\WINDOWS\System32\drprov.dll InMem: 1 Det [G] PX5: 9920901000CB456A2E04005A3A425400849F631F
C:\WINDOWS\System32\ntlanman.dll InMem: 1 Det [G] PX5: 01F7DB11003E970E965D00C24318040059A4F9BA
C:\WINDOWS\System32\NETUI0.dll InMem: 1 Det [G] PX5: 4034DFD3002B3F91283801FF1FBCC6008EEB5091
C:\WINDOWS\System32\NETUI1.dll InMem: 1 Det [G] PX5: 5D8BBA8F00D1A8C284B3037918E449004A7EC0DE
C:\WINDOWS\System32\davclnt.dll InMem: 1 Det [G] PX5: E52B0B1A008938C0584A0001A07C0C007E50F9CF
C:\Documents and Settings\Pierpaolo\Desktop\HiJackThis.exe InMem: 1 Det [GP] PX5: 44C120F738065514211C067B4ABA7A00E4635499
C:\WINDOWS\System32\MSVBVM60.DLL InMem: 1 Det [G] PX5: 778DC75700728DB5306315D5448BB600FA08840D
C:\WINDOWS\System32\asycfilt.dll InMem: 1 Det [G] PX5: BFB91A0300362CE830BE01E044B090005744552D
C:\Programmi\PrevxCSI\prevxcsi.exe InMem: 1 Det [GP] PX5: 4E6789A338B1009C7C7809515B1AFF00B04ACABD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\csiscanner - ImagePath [C:\Programmi\PrevxCSI\prevxcsi.exe]
C:\WINDOWS\System32\drivers\a965d09a.sys InMem: 0 Det [B<R4>] PX5: DE2CD2593AA74DBE4C5601D14F34410075024C0B Malware Group: Hidden Service: a965d09a - Worm
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a965d09a/hidden - ImagePath [C:\WINDOWS\System32\drivers\a965d09a.sys]
SERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a965d09a - ImagePath [\SystemRoot\System32\drivers\a965d09a.sys]
C:\WINDOWS\System32\DRIVERS\ACPI.sys InMem: 0 Det [G] PX5: 9D317A108097806CBE05023B2E114E00AE008DD1
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI - ImagePath [C:\WINDOWS\System32\DRIVERS\ACPI.sys]
C:\WINDOWS\system32\drivers\aec.sys InMem: 0 Det [G] PX5: F48BDEDA6871728BDEC801CAD2A061009BE42132
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec - ImagePath [C:\WINDOWS\system32\drivers\aec.sys]
C:\WINDOWS\System32\drivers\afd.sys InMem: 0 Det [G] PX5: 421626B480D83DC2FE3B0198FCAEDC00310A8BDC
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD - ImagePath [C:\WINDOWS\System32\drivers\afd.sys]
C:\WINDOWS\System32\Drivers\ALIEHCI.sys InMem: 0 Det [G] PX5: 2ECAC080988048E696830128F1B33C00E6B6395E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALIEHCD - ImagePath [C:\WINDOWS\System32\Drivers\ALIEHCI.sys]
C:\WINDOWS\System32\DRIVERS\AliRtHub.sys InMem: 0 Det [G] PX5: 840728A8D98830B6147800A231106D0009403FD6
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aliroothub - ImagePath [C:\WINDOWS\System32\DRIVERS\AliRtHub.sys]
C:\WINDOWS\System32\ANIO.SYS InMem: 0 Det [G] PX5: 73B6E7B22D714C126E5300F9D3120100D6A6299D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ANIO - ImagePath [C:\WINDOWS\System32\ANIO.SYS]
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe InMem: 0 Det [G] PX5: EBA56184001A1D7CC0AA00D2AAC9200032E1080E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ANIWZCSdService - ImagePath [C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe]
C:\WINDOWS\System32\DRIVERS\asyncmac.sys InMem: 0 Det [G] PX5: F3D0F4AB00A5818435C300A99DAA780078ED98C5
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac - ImagePath [C:\WINDOWS\System32\DRIVERS\asyncmac.sys]
C:\WINDOWS\System32\DRIVERS\atapi.sys InMem: 0 Det [G] PX5: 712FA8B780DF7C5F527901BDC8074500896EA79E
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi - ImagePath [C:\WINDOWS\System32\DRIVERS\atapi.sys]
C:\WINDOWS\System32\DRIVERS\atmarpc.sys InMem: 0 Det [G] PX5: 1732746A80E6DCF7DFF000227722300016DAED1C
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc - ImagePath [C:\WINDOWS\System32\DRIVERS\atmarpc.sys]
C:\WINDOWS\System32\DRIVERS\audstub.sys InMem: 0 Det [G] PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub - ImagePath [C:\WINDOWS\System32\DRIVERS\audstub.sys]
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys InMem: 0 Det [G] PX5: FC6490AA00B8E53840FF00415C5FC300E6F3B15A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CCDECODE - ImagePath [C:\WINDOWS\System32\DRIVERS\CCDECODE.sys]
C:\WINDOWS\System32\DRIVERS\cdrom.sys InMem: 0 Det [G] PX5: 1C93320E80737D2DB94400FFD7D96400A331C683
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom - ImagePath [C:\WINDOWS\System32\DRIVERS\cdrom.sys]
C:\WINDOWS\system32\clipsrv.exe InMem: 0 Det [G] PX5: FC65EA2D00EB24FF783000A408E27A005D0C9466
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv - ImagePath [C:\WINDOWS\system32\clipsrv.exe]
C:\WINDOWS\System32\DRIVERS\CnxEtP.sys InMem: 0 Det [G] PX5: 1399B823803A4450EBC4006F1ED60400A3C9BEED
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CnxEtP - ImagePath [C:\WINDOWS\System32\DRIVERS\CnxEtP.sys]
C:\WINDOWS\System32\DRIVERS\CnxEtU.sys InMem: 0 Det [G] PX5: E3164AFC80A4DC49DE0A096816EBFD004B231D95
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CnxEtU - ImagePath [C:\WINDOWS\System32\DRIVERS\CnxEtU.sys]
C:\WINDOWS\System32\DRIVERS\CnxTgN.sys InMem: 0 Det [G] PX5: 47CAAE5383FC1810A8A90142239E93007CD9929D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CnxTgN - ImagePath [C:\WINDOWS\System32\DRIVERS\CnxTgN.sys]
C:\WINDOWS\System32\dllhost.exe InMem: 0 Det [G] PX5: A8227AC900882C9312F50040A2340D0089215FE9
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp - ImagePath [C:\WINDOWS\System32\dllhost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv - ImagePath [C:\WINDOWS\System32\dllhost.exe]
C:\WINDOWS\System32\DRIVERS\disk.sys InMem: 0 Det [G] PX5: 7F55168B8006244F833C00D118E4680045D1B63A
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk - ImagePath [C:\WINDOWS\System32\DRIVERS\disk.sys]
C:\WINDOWS\System32\dmadmin.exe InMem: 0 Det [G] PX5: BDA65E2B00D890B8223C034A16A7DD00BEB99FDD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin - ImagePath [C:\WINDOWS\System32\dmadmin.exe]
C:\WINDOWS\System32\drivers\dmboot.sys InMem: 0 Det [G] PX5: 57D76BAD80E77B69

scusa se sono indiscreto ...

ma tu non hai un antivirus?
niente firewall?
niente aggiornamenti di windows?

...ammazza quanto è lungo !!!

Comunque GHz i file pericolosi sono quelli che ti ho detto ljJDTN.dll (non l'ho scritto bene comunque ci sta nella lista ), run32dlll.exe e svchost.exe:exe.exe

Pierpaolo ha scritto:

...ammazza quanto è lungo !!!

Potevi allegare il log come file di testo
Comunque, alla fine della scansione il programma ti dice che cosa ha trovato, fai un print screen e postaci la schermata

Comunque GHz i file pericolosi sono quelli che ti ho detto ljJDTN.dll (non l'ho scritto bene comunque ci sta nella lista ), run32dlll.exe e svchost.exe:exe.exe

Hai provato a fixarli con hijackthis?

Se non lo hai ancora fatto, disattiva il ripristino di sistema fino che non hai ripulito tutto. Da hwu:

Fare clic su Start-> Programmi->Accessori->Esplora risorse.

Fare clic con il pulsante destro del mouse sull'icona Risorse del computer e quindi su Proprietà.

Selezionare la scheda "Ripristino configurazione di sistema".

Selezionare la voce "Disattiva ripristino configurazione di sistema"

Premere OK. Verrà richiesto di confermare l'azione in quanto saranno eliminati tutti i punti di ripristino memorizzati. Confermare premendo SI.

pierpaolo non è online da un po'...

temo che il suo pc abia fatto una brutta fine

No, no, dovevo far mangiare ed addormentare mia figlia Elisabetta...

Dunque, il virus l'ho preso mentre cercavo una chiave/crack per Age of Empire II, su un sito di crack, naturalmente !

Ora provo a fare come ha detto GHz, che ringrazio.
Io volevo postare solo quei tre file che mi ha scansionato Prevxsi free...mah, ci provo, abbiate pazienza eh ??!!

p.s per GHz, sì , hop provato a fixarli, ma ricompaiono di nuovo ad ogni scansione !

Su start - progr - accessor -esplora risorse, dx, proprietà, non c'è proprio accesso a ripristino conf. sistema

Ecco...ho perso di nuovo il desktop....uffa !!

Pierpaolo ha scritto:

Su start - progr - accessor -esplora risorse, dx, proprietà, non c'è proprio accesso a ripristino conf. sistema

Non hai una cosa del genere?

[img]


Tasto destro su risorse del computer -> proprietà.......

Cmq posta la schermata della scansione di Prevx CSI

Se avvi GMER ti segna qualcosa in rosso per caso?

ma come ve la carico l'immagine ???....proprio non ci riesco !

sì, sì. ha trovato due voci rosse ! (GMER) ed una Prevxsi



img180.imageshack.us/img180/6500/immaginevirussl9.png

mmmm....non si capisce bene che roba sia.....dovresti rimuovere il servizio ed i file che si avviano automaticamente.

Con Gmer, termina, rimuovi o cancella le voci segnate in rosso (se sono quelle sospette) cliccandoci sopra con il destro. Poi rifixa con hijackthis. Se ancora non riesci, dai un'occhiata qui: www.hwupgrade.it/forum/showthread.php?t=1599737

Guida per la disinfestazione, però è un pò lunghina.....

Ciao ragazzi !!

Non voglio cantare vittoria , ma sembra che il virus sia stato, perlomeno, immunizzato.
Comunque, GHz, non mi compare più nella scansione di Prevexcsi free...e questa è una gran bella soddisfazione !

Ho fatto una cosa tanto semplice quanto arguta :

dopo aver sminch...ato il pc con antivirus, adaware e tutto il cucuzzaro, ho capito quali erano i file pericolosi e sospetti.....

sono andato in modalità provvisoria, li ho tagliati e incollati sul desktop (visto che in modalità normale non si cancellavano manco per niente !) e li ho semplicemente cancellati.

Poi ho riscansionato tutto con i software a disposizione e ho riavviato....

Non canto vittoria, ma per un citrulo del pc come me, non è niente male !

Bene, almeno ora puoi utilizzare il pc tranquillamente

Forse c'è ancora qualche rimanenza del virus, ma se hai fatto delle scansioni ed è tutto ok è già buono. Hijackthis ora che dice? Ci sono più quelle voci da fixare?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:32, on 01/08/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\BOINC\projects\www.ufluids.net\evolver_4.10_windows_intelx86.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierpaolo\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {c4a3e954-b655-4b4e-9f4f-56918509f2fe} - (no file)
O2 - BHO: (no name) - {D493CF06-AC98-4E69-9D7E-429A4D196517} - (no file)
O2 - BHO: (no name) - {fbf85a20-ff88-4c46-90fb-b023e5c4eca0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 2124 bytes


Questo è il log....solo le prime sei mi sembrano sospette...che ne dici ??

anche Explorer.EXE......non si scrive .exe ??!!...cioè, minuscolo ??!!

Explorer.EXE con l'estensione scritta in maiuscolo non è un file del sistema ma un trojan o un virus. Il file del sistema operativo si chiama explorer.exe, tutto in minuscolo, e si trova nella cartella di sistema C:\Windows. Il problema potrebbe essere una ripulitura incompleta da parte di un antivirus che ha lasciato qualche traccia nelle chiavi di registro che servivano ad avviare l'applicazione.

Avviate l'utility di configurazione del sistema cliccando su Start, Esegui, digitate msconfig e premete OK. Andate alla sezione SYSTEM.INI e controllate se è presente la voce Shell=explorer.EXE, in caso affermativo selezionatela con il tasto sinistro del mouse e cliccate sul pulsante Disattiva. Spostatevi all'etichetta Servizi e controllate se è presente un servizio dal nome explorer.EXE, se presente togliete il segno di spunta dalla casella per disabilitarlo. Controllate anche la lista dei nomi elencati sotto la voce Produttore, disabilitate qualsiasi servizio il cui produttore è sconosciuto, potete riabilitarlo successivamente nel caso si tratti di un servizio necessario per il funzionamento di un'applicazione valida. Ripetete la stessa procedura nella sezione Avvio.

Cliccate su Start, Esegui, digitate regedit e premete OK. Selezionate Modifica, Trova, nel campo Trova digitate explorer.EXE, cancellate qualsiasi chiave trovata con il nome del file avente l'estensione in lettere maiuscole mentre non toccate le chiavi che contengono il nome tutto in lettere minuscole.

hai ragione, infatti con google ho trovato questo articolo
stai però attento a quello che cancelli dal registro di sistema!