Condividi:        

trojan dialer + crash di task manager, windows explorer ecc.

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

trojan dialer + crash di task manager, windows explorer ecc.

Postdi gallico » 05/10/07 12:57

Ho letto i topic simili sull'argomento, ma il mio problema mi sembra .. complicato!
Sul Pc è installato sicuramente un dialer, perché ogni pochi minuti esce la finestra che tenta di connettersi a internet.
Inoltre Windows Explorer va spesso in crash, e non si riesce ad attivare Task Manager perché va in crash.

Avevo trovato tra i programmi all'avvio msmmi.exe, l'ho rimosso seguento tutte le istruzioni di post simili, rimuovendo anche le relative chiavi di registro.
Il programma non risulta più tra quelli all'avvio, e non è più presente, però i problemi continuano a presentarsi.

- hijackthis lanciato da una cartella su c:\ non va (parte, compare la finestra di accettazione e si richiude da sola, non genera nessun log)
- avenger va in crash
- ncleaner causa il reboot del sistema
- AVG antispyware va in crash

L'unico programma di indagine che riesco a lanciare è RegCleaner, allego l'elenco dei programmi attivati all'avvio.

Cosa mi consigliate?
Devo verificare alcune particolari chiavi di registro?
Grazie, non so più cosa fare

Agrsmmsg, AGRSMMSG.exe, HKEY_LM\Run
Avg7_cc, C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP, HKEY_LM\Run
Ctfmon.exe, C:\WINDOWS\system32\ctfmon.exe, HKEY_CU\Run
Desktop, N/D, Start Menu
Desktop, N/D, Start Menu (Utente Comune)
EPSON Stylus Photo R220 Series, C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220", HKEY_LM\Run
EPSON Stylus Photo R220 Series (Copia 1), C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P40 "EPSON Stylus Photo R220 Series (Copia 1)" /O6 "USB002" /M "Stylus Photo R220", HKEY_LM\Run
IntelliPoint, "C:\Programmi\Microsoft IntelliPoint\point32.exe", HKEY_LM\Run
LUMIX Simple Viewer, N/D, Start Menu (Utente Comune)
Microsoft Office, N/D, Start Menu (Utente Comune)
Msmsgs, "C:\Programmi\Messenger\msmsgs.exe" /background, HKEY_CU\Run
NvCplDaemon, RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup, HKEY_LM\Run
NvMediaCenter, RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit, HKEY_LM\Run
Nwiz, Nwiz.exe /install, HKEY_LM\Run
RemoteControl, C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe, HKEY_LM\Run
SoundMan, Soundman.exe, HKEY_LM\Run
Svcs: Dnscache, C:\WINDOWS\system\1\svchost.exe, HKEY_LM\Run
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Sponsor
 

Postdi Pao1o » 05/10/07 13:21

prova qui
http://www.pc-facile.com/forum/viewtopi ... highlight=
era un problema molto simile al tuo e l'utente ha risolto

Prova anche i classici ad aware e spybot.
Prova anche questo, ha un ottimo antipyware
http://www.pc-facile.com/download/tweak ... r_/518.htm
prova un antivirus online
http://www.pandasoftware.com/activescan ... ncipal.htm

Non perderti di animo: vedrai che risolvi ;)
Immagine
Avatar utente
Pao1o
Utente Senior
 
Post: 1375
Iscritto il: 23/10/05 12:58
Località: non scrivo più su questo forum per divergenze

Postdi SkunkWorks 68 » 05/10/07 13:31

La vedo molto male... :(
Mah,io mi domando come sia possibile ridurre il sistema operativo in questo modo...Ripeto sempre le stesse cose:
Gli accorgimenti dovrebbero essere sempre gli stessi:
Buonsenso(assolutamente necessario,prima cosa),Aggiornamenti continui del SO e dei softwares di protezione vari,e Java,se installata e non utilizzare IE per navigare,firewall(almeno quello di XP SP 2 sempre attivo e senza aprire porte a caso,perchè scopri anche che c'è quello che disabilita il firewall pensando di poter andare più veloce o di venire ostacolato nei giochi on-line...).
Hai fatto il 90% del lavoro,anche ammettendo che l'incidente possa capitare,dico,vabbè,ho fatto tutto il possibile...
2 vie secondo me:
Smontare l'HD,se possibile,metterlo come slave su un altro PC e da lì fare scansioni varie e sperare...
-Format.
Altre idee sono ben accette,naturalmente.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi SkunkWorks 68 » 05/10/07 13:32

Pao1o ha scritto:Non perderti di animo: vedrai che risolvi ;)

Ottimo.
Io dico anche:prevenire è meglio che curare... :D
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi gallico » 05/10/07 14:06

Innanzitutto, grazie a Pao1o per i consigli.
Ho letto con attenzione il (lunghissimo!) topic citato:

Pao1o ha scritto:prova qui
http://www.pc-facile.com/forum/viewtopi ... highlight=
era un problema molto simile al tuo e l'utente ha risolto


Ho scaricato alcuni dei programmi consigliati e li proverò senz'altro.
Vedo però una difficolta': alla fine porodino ha risolto il problema cancellando gli exe da task Manager, ma io TaskManager non riesco ad usarlo, e quindi non riesco a vedere i processi attivi in memoria! (se non quelli attivi all'avvio, con RegCleaner).

Prova anche i classici ad aware e spybot.
Prova anche questo, ha un ottimo antipyware
http://www.pc-facile.com/download/tweak ... r_/518.htm
prova un antivirus online
http://www.pandasoftware.com/activescan ... ncipal.htm

adaware ce l'ho già.
Di antispyware e antirootkit ne avevo già alcuni, e non mi hanno mai trovato niente (almeno finché riuscivo ad usarli). Proverò comunque quelli consigliati.
Ho però questo dubbio, per quanto riguarda un antivirus online: riesco a navigare in internet? poiché c'è il dialer, tengo ormai sempre il modem spento. Se mi connetto, non è che succede che questo si connette dove vuole lui?
La connessione è Alice ADSL, la tariffa è free (non flat), per cui il PC NON è continuamente connesso ad internet (ovviamente, sto scrivendo da un altro PC). E' una preoccupazione eccessiva?

Grazie anche per il conforto....
Non perderti di animo: vedrai che risolvi
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi Pao1o » 05/10/07 14:14

Per il task manager
advanced system ne ha uni (è però in inglese)
Sì quel post è lungo, ma anche il problema era complesso.
Te l'ho consigliato perchè alcune infenzioni non consentono di aprire pagine che abbiano una certa parola incriminata.

Puoi provare anche questo
http://www.pc-facile.com/download/start ... skmanager/

e guarda se il tuo taskmanager funzione

start\esegui\taskmgr.exe

Facci sapere.
Immagine
Avatar utente
Pao1o
Utente Senior
 
Post: 1375
Iscritto il: 23/10/05 12:58
Località: non scrivo più su questo forum per divergenze

Postdi SkunkWorks 68 » 05/10/07 14:15

gallico ha scritto:Innanzitutto, grazie a Pao1o per i consigli.

I miei no,eh...vabbè :( ?
Se riuscirai a risolvere,spero almeno che ti servano per il futuro.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi gallico » 05/10/07 14:27

SkunkWorks 68 ha scritto:I miei no,eh...vabbè :( ?
Se riuscirai a risolvere,spero almeno che ti servano per il futuro.
Ciao


Non volevo mica offenderti... solo che i tuoi consigli sono più drastici e da "ultima spiaggia", cercavo prima di risolvere il problema (se possibile) in modo più indolore, se poi non ci riesco ovviamente dovrò pensare a formattare il disco!

Per la prevenzione, credevo di avere fatto tutto il possibile, tra firewall, antivirus, antispyware, antirootkit, settaggi di IE molto più restrittivi di quelli standard (e ad es. di quelli che ho in ufficio), filtri famiglia ecc.
evidentemente non basta mai... soprattutto quando il PC lo usa anche tuo figlio che gioca on line...

ok? ;)
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi SkunkWorks 68 » 05/10/07 14:38

gallico ha scritto:settaggi di IE molto più restrittivi

Appunto:cambia browser.Specie IE 6 è un colabrodo...(di IE 7 non è che mi fidi più di tanto,ancora).
... soprattutto quando il PC lo usa anche tuo figlio che gioca on line...

Ecco,spero non abbia disattivato il firewall,come detto prima.
Controlla per bene ciò che fa tuo figlio(...ne sanno una più del diavolo :D).
Ok,chiariti :)
Buona Fortuna!
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi gallico » 08/10/07 11:23

Virit ha identificato questo virus:
Trojan.Win32.Agent.ASJ

nel file c:\Windows\SYSTEM\1\svchost.exe

non è riuscito a rimuoverlo perché considerato file di sistema in uso.
Inoltre mi ha segnalato come file sospetto \\?\c:\Windows\SYSTEM32\COM4.MUH

Inoltre con Startup Manager di Advanced System Optimizer (asov) ho trovato questo responso su
c:\Windows\SYSTEM\1\svchost.exe presente in memoria all'avvio:
System 1060 homepage hi-jacker. Found in a Windows\System\1060 directory.NOTE: This is not the valid svchost.exe as
described here


Eseguendo ricerche sul sistema, questo file risulta più grande di quello valido e creato il giorno in cui sono iniziati i problemi, mentre sotto c:\Windows\Sytem32 sembra esserci quello valido (più piccolo e creato il giorno della prima installazione di windows)

Pensavo di provare a modificare la chiave relativa del registro HKEY_LM\Run, farlo puntare al file valido, poi provare con Virit a vedere se riesce a rimuoverlo perché non lo considera più un file di sistema: faccio bene, faccio danni o è inutile perché si ricarica da solo? Prima di intervenire volevo sentire i vostri consigli.


Preciso inoltre che tutti programmi di scansione della memoria o interfacce utente di antivirus vanno in crash,
probabilmente perché il Trojan è mascherato da servizio di Windows (quindi sia l'interfaccia Utente di Virit, sia HiJackThis, taskmgr di Windows, dTaskmanager, avenger...)

Inoltre ho lanciato FindAWF, l'esito del log è:
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report

(non riporta quali sono le cartelle bak)

Il programma termina in errore, che sono riuscito a intercettare:
Searching for duplicate files
Please wait
Impossibile trovare il file C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\FindAWF\bakfiles.txt.

Che consigli mi date?
Almeno adesso sappiamo con chi abbiamo a che fare...[/b]
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi Luke57 » 08/10/07 12:13

Ciao, vai qui:
http://w13.easy-share.com/6652071.html
scarica il file sys4395.exe.
Chiudi tuti i programmi, disconnesso da internet, lo apri, spunti tutte le opzioni premi scan now. Al termine dello scan, un file del tipo data+ora.zip lo troverai in C:\suspctfile (è il report della scasione), inseriscilo come ho fatto io nel sito di hosting (easyshare) e poi indica il link che ti sarà fornito (il primo) per poterlo vedere.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi gallico » 08/10/07 13:06

Luke57 ha scritto:Ciao, vai qui:
http://w13.easy-share.com/6652071.html
scarica il file sys4395.exe.
Chiudi tuti i programmi, disconnesso da internet, lo apri, spunti tutte le opzioni premi scan now. Al termine dello scan, un file del tipo data+ora.zip lo troverai in C:\suspctfile (è il report della scasione), inseriscilo come ho fatto io nel sito di hosting (easyshare) e poi indica il link che ti sarà fornito (il primo) per poterlo vedere.


Scusa, ma come faccio a scaricarlo?
Se inserisco "sys4395.exe" nella casella "File Search" e clicco su "Search" non riesce a caricare la pagina "Impossibile visualizzare la pagina".
Se digito il capcha e clicco su "download" cerca di scaricarmi un file sys43945.5506992316247168. Devo scaricare questo per poter fare le ricerche? Scusa la titubanza, ma un sito che offre donnine nude, suonerie e abbonamenti a pagamento mi fa anche un po' paura...
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi Luke57 » 08/10/07 15:17

Ciao, devi solo cliccare sul link, attendere il conto alla rovescia e inserire il numero di conferma che ti sarà dato, tutto qui. Te l'avevo scritto che il file era quello (ha un nome camuffato, in realtà è systemscan.exe), te l'ho inserito io nel sito di hosting per evitare che il tuo sistema, altamente infetto con tanto di rootkit, impedisse il dowload dal sito ufficiale, come sta inibendo l'uso di hijackthis. Chiaro ;) ?
Per adesso, nel tuo caso, è inutile pensare alla prevenzione, sarebbe come chiudere la stalla quando i buoi sono già scappati.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi gallico » 08/10/07 16:12

ok, scaricato.

Per lanciarlo devo quindi rinominarlo in .exe?
(il file scaricato non ha estensione .exe, ma .43366203738697256)

sì lo so sono de coccio... ma meglio essere sicuri!
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi gallico » 09/10/07 09:22

Niente da fare!

Ho provato a lanciare systemscan, mi dice che per eseguire lo scan occorre abilitare i Privilegi di Debug (seDebugPrivilege) al gruppo Administrators (il mio utente ha i privilegi di Administrator): chiede di cliccare OK per conferma e per riavviare il sistema: al riavvio succede sempre la stessa cosa! Riappare lo stesso messaggio e non si riesce a effettuare lo scan..

Posto altre informazioni, sperando possano essere utili:
virit continua a segnalarmi come sospetto il file \\?\c:\Windows\SYSTEM32\COM4.MUH, che non si vede nemmeno abilitando la visibilità dei file nascosti e di sistema.

La chiave di registro HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:USERINIT contiene il valore c:\windows\system32\userinit.exe,"c:\windows\system32\toshibaspeed.exe",
ho provato a rimuovere il valore relativo a toshibaspeed.exe, ma ad ogni riavvio si ricrea

Con Advanced System Optimizer sono riuscito a farmi listare i processi attivi in memoria, ci sono diversi fake, due IEXPLORE.exe (scritto così come maiuscole e minuscole), cinque SVCHOST.exe, e il famigerato Toshibaspeed.exe.
Purtroppo il prg non permette di copiare come testo la lista dei processi, se è utile posso provare a postarli come immagine (ho catturato la schermata).

Help!
Che posso fare adesso?
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi Luke57 » 09/10/07 09:35

Ciao,scarica questo tool

http://download.bleepingcomputer.com/sU ... estore.exe

e usalo.Poi riavvia il pc, dopo di che dovresti poter usare usare systemscan. Hai un'infezione da linkoptomizer e quella voce infetta nel registro di sistema ti impedisce l'tilizzo dei tools.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi gallico » 09/10/07 09:40

Luke57 ha scritto:Ciao,scarica questo tool

http://download.bleepingcomputer.com/sU ... estore.exe

e usalo.Poi riavvia il pc, dopo di che dovresti poter usare usare systemscan. Hai un'infezione da linkoptomizer e quella voce infetta nel registro di sistema ti impedisce l'tilizzo dei tools.


ok, scaricato.
Purtroppo non posso provarlo fino a stasera, perché il Pc infetto è quello di casa... appena avrò i risultati li posto subito!
Intanto, grazie.
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi gallico » 10/10/07 09:51

gallico ha scritto:
Luke57 ha scritto:Ciao,scarica questo tool

http://download.bleepingcomputer.com/sU ... estore.exe

e usalo.Poi riavvia il pc, dopo di che dovresti poter usare usare systemscan. Hai un'infezione da linkoptomizer e quella voce infetta nel registro di sistema ti impedisce l'tilizzo dei tools.


Ho eseguito lo scan completo con systemscan, ha eseguito tutti i passi.
Alla fine mi ha dato il messaggio, come dicevi, "il file ...zip è presente nella cartella c:\suspectfile".

Però tentando di andare nella cartella, Windows Explorer va in crash.
Ci sono andato da Dos, ma il file zip non c'è (ma quanto è potente 'sto trojan?)
Ho però trovato due file di testo (temp e tempd), non so se contengono tutte le informazioni che sarebbero dovute esserci nello zip, comunque li posto, sperando ci siano info utili.

Il primo (temp) credo contenga un controllo, o una lista, tra le chiavi di registro modificate dall'ultimo boot, l'altro è un po' grosso, lo posto nel prossimo post:
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ACPI\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aec\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AFD\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AgereSoftModem\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ALCXSENS\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ALCXWDM\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ALG\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AmdK7\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AppMgmt\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\atapi\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AudioSrv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\audstub\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AVG Anti-Spyware Driver\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AVG Anti-Spyware Guard\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Avg7Alrt\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Avg7Core\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Avg7RsW\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Avg7RsXP\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Avg7UpdSvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AvgAsCln\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AvgClean\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Beep\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Browser\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cdaudio\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cdfs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cdrom\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\COMSysApp\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CryptSvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\DcomLaunch\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Disk\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmadmin\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmboot\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmload\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmserver\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\DMusic\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dnscache\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\drmkaud\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EventSystem\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fastfat\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\FastUserSwitchingCompatibility\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fdc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fips\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Flpydisk\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\FltMgr\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fs_Rec\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ftdisk\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Gpc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\helpsvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HidServ\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HidUsb\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\i8042prt\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Imapi\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IpNat\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IPSec\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\irda\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Irmon\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\isapnp\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Kbdclass\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\kmixer\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\KSecDD\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanworkstation\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LmHosts\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mnmdd\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Modem\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MODEMCSA\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Mouclass\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mouhid\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MountMgr\Enum
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MRxDAV\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MRxSmb\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSDTC\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Msfs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSIServer\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Mup\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NDIS\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NdisTapi\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ndisuio\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NdisWan\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NDProxy\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBIOS\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Netman\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Nla\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Npfs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ntfs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NTIDrvr\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Null\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\nv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NVSvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Parport\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PartMgr\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ParVdm\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PCI\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PCIIde\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Point32\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PolicyAgent\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PptpMiniport\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\prodrv06\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\prohlp02\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\prosync1\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ProtectedStorage\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PSched\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ptilink\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PxHelp20\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RasAcd\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Rasirda\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Rasl2tp\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RasMan\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RasPppoe\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Raspti\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Rdbss\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RDPCDD\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RDPNP\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\redbook\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RpcSs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SamSs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Schedule\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Secdrv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\seclogon\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SENS\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\serenum\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Serial\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sfdrv01\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sfhlp01\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sfhlp02\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Sfloppy\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sfsync02\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sfvfs02\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 62321 (0xF371)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 62318 (0xF36E)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ShellHWDetection\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SISAGP\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SiSide\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SISNIC\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\splitter\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sr\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\srservice\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Srv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\stisvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\swenum\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\swmidi\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sysaudio\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SysmonLog\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SysWvn\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermDD\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Themes\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TrkWks\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Udfs\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UMWdf\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Update\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbehci\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbhub\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbohci\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbstor\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UserAccess7\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VgaSave\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VIRAGTLT\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\viritsvclite\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VolSnap\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Wanarp\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\wdmaud\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WebClient\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\winmgmt\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WmdmPmSN\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WmiApSrv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\wscsvc\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\wuauserv\Enum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WZCSVC\Enum

Result compared: Different
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi gallico » 10/10/07 09:55

Contenuto del file tempd generato da systemscan:


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
SMSS.EXE pid: 456
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
------------------------------------------------------------------------------
CSRSS.EXE pid: 520
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x75af0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b00000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b10000 0x4a000 5.01.2600.2180 C:\WINDOWS\system32\winsrv.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\KERNEL32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\sxs.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
------------------------------------------------------------------------------
WINLOGON.EXE pid: 544
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77690000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\AUTHZ.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x758f0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\NDdeApi.dll
0x758e0000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\PROFMAP.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x76bb0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
0x76b80000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\REGAPI.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x75920000 0xf8000 5.01.2600.2180 C:\WINDOWS\system32\MSGINA.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x745e0000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x76360000 0x4a000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x776b0000 0x23000 6.00.2900.2180 C:\WINDOWS\system32\SHSVCS.dll
0x76b70000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c20000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
0x72360000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\WINSCARD.DLL
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x765b0000 0x1d000 5.01.2600.2180 C:\WINDOWS\system32\cscdll.dll
0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll
0x75900000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\WlNotify.dll
0x72f70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\WINSPOOL.DRV
0x71aa0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MPR.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\sxs.dll
0x77c40000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\msv1_0.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x779f0000 0x55000 5.01.2600.2180 C:\WINDOWS\system32\cscui.dll
0x01ee0000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77660000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x72c90000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\wdmaud.drv
0x72c80000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77ba0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\midimap.dll
------------------------------------------------------------------------------
SERVICES.EXE pid: 592
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x77b40000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x77690000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\AUTHZ.dll
0x75860000 0x1f000 5.01.2600.2180 C:\WINDOWS\system32\umpnpmgr.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x5fbb0000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\secur32.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
0x772d0000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x76bb0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wtsapi32.dll
------------------------------------------------------------------------------
LSASS.EXE pid: 604
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x753e0000 0xb5000 5.01.2600.2180 C:\WINDOWS\system32\LSASRV.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x743d0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76750000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x71aa0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MPR.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71c80000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\kerberos.dll
0x77c40000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\msv1_0.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x74440000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x76780000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767b0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x74300000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\wdigest.dll
0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll
0x74390000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x74360000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x77690000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\AUTHZ.dll
0x756d0000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x742f0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x74320000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x74340000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 752
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77660000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x76a40000 0x63000 5.01.2600.2180 c:\windows\system32\rpcss.dll
0x71a30000 0x17000 5.01.2600.2180 c:\windows\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 c:\windows\system32\WS2HELP.dll
0x77f10000 0x11000 5.01.2600.2180 c:\windows\system32\Secur32.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x766c0000 0x54000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f00000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x778f0000 0xf7000 5.01.2600.2180 c:\windows\system32\SETUPAPI.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x77690000 0x11000 5.01.2600.2180 c:\windows\system32\AUTHZ.dll
0x750a0000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x77c90000 0x32000 5.01.2600.2180 c:\windows\system32\ACTIVEDS.dll
0x76dd0000 0x25000 5.01.2600.2180 c:\windows\system32\adsldpc.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x76ae0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x76b80000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\REGAPI.dll
0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x77c40000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\msv1_0.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 804
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x76a40000 0x63000 5.01.2600.2180 c:\windows\system32\rpcss.dll
0x71a30000 0x17000 5.01.2600.2180 c:\windows\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 c:\windows\system32\WS2HELP.dll
0x77f10000 0x11000 5.01.2600.2180 c:\windows\system32\Secur32.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x76f70000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x76f80000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\rasadhlp.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 868
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\System32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77660000 0x21000 5.01.2600.2180 C:\WINDOWS\System32\NTMARTA.DLL
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\System32\SAMLIB.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\System32\xpsp2res.dll
0x776b0000 0x23000 6.00.2900.2180 c:\windows\system32\shsvcs.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\WINSTA.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\System32\rsaenh.dll
0x76d40000 0x1e000 5.01.2600.2180 c:\windows\system32\dhcpcsvc.dll
0x76ee0000 0x27000 5.01.2600.2180 c:\windows\system32\DNSAPI.dll
0x71a30000 0x17000 5.01.2600.2180 c:\windows\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 c:\windows\system32\WS2HELP.dll
0x76d20000 0x19000 5.01.2600.2180 c:\windows\system32\iphlpapi.dll
0x77f10000 0x11000 5.01.2600.2180 c:\windows\system32\Secur32.dll
0x775f0000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76e40000 0xe000 5.01.2600.2180 c:\windows\system32\rtutils.dll
0x76cf0000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76f10000 0x8000 5.01.2600.2180 c:\windows\system32\WTSAPI32.dll
0x5e270000 0x10f000 5.01.2600.2180 c:\windows\system32\ESENT.dll
0x76ae0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x663e0000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x77c40000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\msv1_0.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x59100000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76b90000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x76d00000 0x18000 5.01.2600.2180 C:\WINDOWS\System32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.2180 C:\WINDOWS\System32\ACTIVEDS.dll
0x76dd0000 0x25000 5.01.2600.2180 C:\WINDOWS\System32\adsldpc.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\System32\SETUPAPI.dll
0x76ea0000 0x3c000 5.01.2600.2180 C:\WINDOWS\System32\RASAPI32.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767b0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x72360000 0x1c000 5.01.2600.2180 C:\WINDOWS\System32\WinSCard.dll
0x76ca0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\System32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\System32\COMRes.dll
0x76840000 0x33000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x76760000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74ee0000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x70de0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e00000 0x23000 5.01.2600.2180 c:\windows\system32\wkssvc.dll
0x76cd0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x76b30000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x77cd0000 0x33000 5.01.2600.2180 c:\windows\system32\netman.dll
0x763b0000 0x1a9000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76bc0000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x72fa0000 0x10000 5.01.2600.2180 c:\windows\system32\WZCSAPI.DLL
0x75020000 0x1a000 5.01.2600.2180 c:\windows\system32\srvsvc.dll
0x68dc0000 0x9000 5.01.2600.2180 c:\windows\system32\hidserv.dll
0x68dd0000 0x9000 5.01.2600.2180 c:\windows\system32\HID.DLL
0x74ed0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x776e0000 0x41000 2001.12.4414.0258 c:\windows\system32\es.dll
0x73c90000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x75130000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74a60000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x72260000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x75000000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x76780000 0x2d000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x4f120000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x75370000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x751f0000 0x29000 6.00.2900.2180 C:\WINDOWS\System32\ADVPACK.dll
0x76740000 0x9000 6.00.2900.2180 C:\WINDOWS\System32\SHFOLDER.dll
0x72f70000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\WINSPOOL.DRV
0x4d530000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\WINHTTP.dll
0x750e0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76b70000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\sfc.dll
0x76c20000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\sfc_os.dll
0x4c0e0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x7d1f0000 0x2b2000 3.00.3790.2180 c:\windows\system32\msi.dll
0x66910000 0x56000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x77690000 0x11000 5.01.2600.2180 c:\windows\system32\AUTHZ.dll
0x772f0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\System32\SXS.DLL
0x75220000 0x37000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x76630000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x752a0000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75630000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x760a0000 0x13a000 2001.12.4414.0258 C:\WINDOWS\system32\comsvcs.dll
0x75080000 0x13000 2001.12.4414.0258 C:\WINDOWS\system32\MTXCLU.DLL
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
0x750c0000 0x14000 2001.12.4414.0258 C:\WINDOWS\system32\colbact.DLL
0x76d60000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x75040000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x74fb0000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiutils.dll
0x75190000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\wbem\repdrvfs.dll
0x59bd0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiprvsd.dll
0x5fbb0000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75320000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemess.dll
0x5fb80000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\ncprov.dll
0x76f80000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\rasadhlp.dll
0x75590000 0x9c000 5.01.2600.2180 C:\WINDOWS\system32\netcfgx.dll
0x723f0000 0x30000 5.01.2600.2180 C:\WINDOWS\System32\rasmans.dll
0x742f0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x73350000 0x3f000 5.01.2600.2180 c:\windows\system32\tapisrv.dll
0x76bb0000 0xb000 5.01.2600.2180 c:\windows\system32\PSAPI.DLL
0x75ef0000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x58080000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x71f90000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b480000 0x16000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x61ab0000 0x29000 5.01.2600.2180 C:\WINDOWS\system32\modemui.dll
0x58100000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x580e0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x58110000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x58130000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x58120000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x721d0000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x72420000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71c80000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\kerberos.dll
0x76750000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x76da0000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\upnp.dll
0x74e90000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\SSDPAPI.dll
0x754e0000 0xa8000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x50e60000 0x7000 5.08.0000.2469 C:\WINDOWS\system32\wups2.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 960
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x76730000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76ee0000 0x27000 5.01.2600.2180 c:\windows\system32\DNSAPI.dll
0x71a30000 0x17000 5.01.2600.2180 c:\windows\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 c:\windows\system32\WS2HELP.dll
0x76d20000 0x19000 5.01.2600.2180 c:\windows\system32\iphlpapi.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 1028
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77660000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x74bd0000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x76d20000 0x19000 5.01.2600.2180 c:\windows\system32\iphlpapi.dll
0x71a30000 0x17000 5.01.2600.2180 c:\windows\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 c:\windows\system32\WS2HELP.dll
0x5aae0000 0x15000 5.01.2600.2180 c:\windows\system32\webclnt.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x77230000 0x9d000 6.00.2900.2180 C:\WINDOWS\system32\urlmon.dll
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\wsock32.dll
0x76920000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
SPOOLSV.EXE pid: 1224
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\spoolsv.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x74260000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\SPOOLSS.DLL
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x76f80000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\rasadhlp.dll
0x75b60000 0x57000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x76c20000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x72f70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\winspool.drv
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\netapi32.dll
0x74210000 0xf000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x50400000 0x15000 5.07.0000.0000 C:\WINDOWS\system32\E_FLMAIE.DLL
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x741f0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\pjlmon.dll
0x72390000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\tcpmon.dll
0x72380000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\usbmon.dll
0x76f70000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x76210000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c10000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x74280000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll
------------------------------------------------------------------------------
GUARD.EXE pid: 1324
Command line: "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x10000000 0xdd000 4.02.0000.0015 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76740000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x76bb0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77660000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
------------------------------------------------------------------------------
AVGAMSVR.EXE pid: 1340
Command line: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

Base Size Version Path
0x00400000 0x62000 7.05.0000.0420 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x60400000 0x1d000 7.05.0000.0429 C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76bb0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\psapi.dll
0x60000000 0x7e000 7.05.0000.0429 C:\Programmi\Grisoft\AVG Free\avgcfg.dll
0x60100000 0x13000 7.05.0000.0424 C:\Programmi\Grisoft\AVG Free\avgklib.dll
0x76740000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x74e80000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemprox.dll
0x75220000 0x37000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x60120000 0x11000 7.05.0000.0429 C:\Programmi\Grisoft\AVG Free\avglng.dll
0x61700000 0x46000 7.05.0000.0420 C:\Programmi\Grisoft\AVG Free\avgamint.dll
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\netapi32.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\Wtsapi32.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x62510000 0x8000 7.05.0000.0407 C:\Programmi\Grisoft\AVG Free\avgamsps.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\IPHLPAPI.DLL
0x74e60000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75630000 0x76000 5.01.2600.2180 C:\WINDOWS\system32\wbem\fastprox.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
------------------------------------------------------------------------------
AVGUPSVC.EXE pid: 1364
Command line: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

Base Size Version Path
0x00400000 0xe000 7.05.0000.0420 C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
------------------------------------------------------------------------------
CISVC.EXE pid: 1440
Command line: C:\WINDOWS\system32\cisvc.exe

Base Size Version Path
0x01000000 0x4000 5.01.2600.2180 C:\WINDOWS\system32\cisvc.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x7d9b0000 0x166000 5.01.2600.2180 C:\WINDOWS\system32\query.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
------------------------------------------------------------------------------
NVSVC32.EXE pid: 1484
Command line: C:\WINDOWS\system32\nvsvc32.exe

Base Size Version Path
0x00400000 0x1e000 6.14.0010.6085 C:\WINDOWS\system32\nvsvc32.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x74a60000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\POWRPROF.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wtsapi32.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\COMCTL32.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\secur32.dll
0x77c40000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\msv1_0.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
------------------------------------------------------------------------------
WDFMGR.EXE pid: 1612
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
------------------------------------------------------------------------------
UAService7.exe pid: 1636
Command line: C:\WINDOWS\system32\UAService7.exe

Base Size Version Path
0x00400000 0x39000 1.02.0000.0002 C:\WINDOWS\system32\UAService7.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\user32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
------------------------------------------------------------------------------
VIRITSVC.EXE pid: 1664
Command line: C:\DATI\VIRITEXPLITE\viritsvc.exe

Base Size Version Path
0x00400000 0x53000 1.01.0000.0001 C:\DATI\VIRITEXPLITE\viritsvc.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
------------------------------------------------------------------------------
ALG.EXE pid: 1836
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\WSOCK32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\WS2HELP.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\System32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\System32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\System32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\System32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\System32\COMRes.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\System32\xpsp2res.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
softpoikl.exe pid: 1988
Command line: c:\docume~1\stefi\impost~1\temp\softpoikl.exe

Base Size Version Path
0x00400000 0xf000 c:\docume~1\stefi\impost~1\temp\softpoikl.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\advapi32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\shell32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
------------------------------------------------------------------------------
ToshibaSpeed.exe pid: 2004
Command line: spoolsv.exe

Base Size Version Path
*** Loaded c:\windows\system32\spoolsv.exe differs from file image:
*** File timestamp: Wed Aug 04 08:14:12 2004
*** Loaded image timestamp: Sun Aug 19 11:36:37 2001
*** 0x00400000 0xe000 5.01.2600.2180 c:\windows\system32\spoolsv.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\MSVCRT.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
------------------------------------------------------------------------------
AGRSMMSG.EXE pid: 296
Command line: "C:\WINDOWS\AGRSMMSG.exe"

Base Size Version Path
0x00400000 0x1b000 2.01.0040.0000 C:\WINDOWS\AGRSMMSG.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
RUNDLL32.EXE pid: 568
Command line: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RUNDLL32.EXE
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Postdi gallico » 10/10/07 10:01

scusa, ho visto che il post è stato tagliato... ecco il resto della scansione

------------------------------------------------------------------------------
RUNDLL32.EXE pid: 568
Command line: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\RUNDLL32.EXE
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x10000000 0x11000 6.14.0010.6085 C:\WINDOWS\system32\NvMcTray.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00a70000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
------------------------------------------------------------------------------
SOUNDMAN.EXE pid: 608
Command line: "C:\WINDOWS\SOUNDMAN.EXE"

Base Size Version Path
0x00400000 0x15000 5.01.0000.0027 C:\WINDOWS\SOUNDMAN.EXE
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x68dd0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\HID.DLL
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
------------------------------------------------------------------------------
PDVDServ.exe pid: 948
Command line: "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"

Base Size Version Path
0x00400000 0xa000 5.00.0000.0000 C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0xc000 3.02.0000.0000 C:\Programmi\CyberLink\Shared Files\CLRCEngine2.dll
0x73d40000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61e00000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x00aa0000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
POINT32.EXE pid: 1096
Command line: "C:\Programmi\Microsoft IntelliPoint\point32.exe"

Base Size Version Path
0x00400000 0x37000 5.03.0607.0000 C:\Programmi\Microsoft IntelliPoint\point32.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x10000000 0x4c000 5.03.0606.0000 C:\Programmi\Microsoft IntelliPoint\point32.dll
0x68dd0000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\HID.DLL
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76bb0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
0x7d1f0000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x00340000 0x58000 5.03.0606.0000 C:\Programmi\Microsoft IntelliPoint\dpgmkb.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x76360000 0x4a000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00440000 0xba000 5.03.0606.0000 C:\Programmi\Microsoft IntelliPoint\dpgcmd.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x00d20000 0x209000 5.03.0587.0000 C:\Programmi\Microsoft IntelliPoint\srres.dll
0x00f30000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00f90000 0x57000 5.03.0601.0000 C:\Programmi\Microsoft IntelliPoint\ipres.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
------------------------------------------------------------------------------
MONLITE.EXE pid: 1144
Command line: "C:\DATI\VIRITEXPLITE\MONLITE.EXE"

Base Size Version Path
0x00400000 0x3ba000 5.09.0004.0001 C:\DATI\VIRITEXPLITE\MONLITE.EXE
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x76360000 0x4a000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\COMCTL32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x10000000 0x1a000 C:\DATI\VIRITEXPLITE\viritupg.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x00330000 0x11000 1.01.0004.0000 C:\DATI\VIRITEXPLITE\zlib.dll
0x73d00000 0x27000 4.00.1183.0001 C:\WINDOWS\system32\CRTDLL.dll
0x00350000 0x8e000 C:\DATI\VIRITEXPLITE\Scan.dll
0x76740000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x00e30000 0xab000 5.01.2600.2180 C:\DATI\VIRITEXPLITE\myreg.qwe
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x01130000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x77660000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\netapi32.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x77230000 0x9d000 6.00.2900.2180 C:\WINDOWS\system32\urlmon.dll
0x76940000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\LINKINFO.dll
0x76950000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x73540000 0x47000 5.01.2600.2180 C:\WINDOWS\system32\mstask.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll
0x71aa0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MPR.dll
------------------------------------------------------------------------------
CTFMON.EXE pid: 1048
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x60060000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
------------------------------------------------------------------------------
MSMSGS.EXE pid: 1264
Command line: "C:\Programmi\Messenger\msmsgs.exe" /background

Base Size Version Path
0x01000000 0x19d000 4.07.0000.3000 C:\Programmi\Messenger\msmsgs.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76360000 0x4a000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x4ebd0000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76750000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x20000000 0x6f000 5.01.2600.2180 C:\WINDOWS\system32\XPOB2RES.DLL
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x00990000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\SXS.DLL
0x776e0000 0x41000 2001.12.4414.0258 C:\WINDOWS\system32\es.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wtsapi32.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x76bc0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x77230000 0x9d000 6.00.2900.2180 C:\WINDOWS\system32\urlmon.dll
------------------------------------------------------------------------------
PhLeAutoRun.exe pid: 1828
Command line: "C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe"

Base Size Version Path
0x00400000 0xe000 1.10.0009.0057 C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x73d40000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x10000000 0x40000 1.10.0004.0163 C:\Programmi\Panasonic\LUMIXSimpleViewer\CmLibs2.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\COMCTL32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x00330000 0x4c000 3.00.0018.0054 C:\Programmi\Panasonic\LUMIXSimpleViewer\ippi20.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x73ac0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\AVIFIL32.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x75df0000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\MSVFW32.dll
0x00380000 0x1e000 1.10.0001.0117 C:\Programmi\Panasonic\LUMIXSimpleViewer\CmlibsEx.dll
0x003a0000 0x6000 1.10.0001.0082 C:\Programmi\Panasonic\LUMIXSimpleViewer\CheckMarkCache.dll
0x61e00000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x00bb0000 0x523000 3.00.0018.0054 C:\Programmi\Panasonic\LUMIXSimpleViewer\ipp20\ippipx.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x011f0000 0x2a000 1.10.0001.0130 C:\Programmi\Panasonic\LUMIXSimpleViewer\PictureLib.pcp
0x1fff0000 0x69000 12.01.0000.0068 C:\Programmi\Panasonic\LUMIXSimpleViewer\LTKRN12n.dll
0x1ff70000 0x44000 12.01.0000.0068 C:\Programmi\Panasonic\LUMIXSimpleViewer\LTDIS12n.dll
0x1ffc0000 0x27000 12.01.0000.0068 C:\Programmi\Panasonic\LUMIXSimpleViewer\LTFIL12n.DLL
0x01220000 0x28000 1.00.0010.0065 C:\Programmi\Panasonic\LUMIXSimpleViewer\IppJpeg.dll
0x01250000 0xb000 3.00.0018.0018 C:\Programmi\Panasonic\LUMIXSimpleViewer\ippcore.dll
0x01260000 0x10000 3.00.0017.0035 C:\Programmi\Panasonic\LUMIXSimpleViewer\ippj20.dll
0x020d0000 0x1c2000 3.00.0017.0035 C:\Programmi\Panasonic\LUMIXSimpleViewer\ipp20\ippjpx.dll
0x023c0000 0xb000 1.10.0001.0133 C:\Programmi\Panasonic\LUMIXSimpleViewer\MjThumb.vcp
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x02570000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
------------------------------------------------------------------------------
EXPLORER.EXE pid: 2544
Command line: C:\WINDOWS\explorer.exe

Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\explorer.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x75f30000 0xfc000 6.00.2900.2180 C:\WINDOWS\system32\BROWSEUI.dll
0x77730000 0x16c000 6.00.2900.2180 C:\WINDOWS\system32\SHDOCVW.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x779f0000 0x55000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
0x765b0000 0x1d000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
0x5ba40000 0x72000 6.00.2900.2180 C:\WINDOWS\system32\themeui.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x71cd0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x60060000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\msutb.dll
0x76940000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\LINKINFO.dll
0x76950000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d1f0000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll
0x71b80000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x763b0000 0x1a9000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76e40000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\rtutils.dll
0x76bc0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x76d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\iphlpapi.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x74ac0000 0x47000 6.00.2900.2180 C:\WINDOWS\system32\webcheck.dll
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
0x761e0000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\stobject.dll
0x74a80000 0xa000 6.00.2900.2180 C:\WINDOWS\system32\BatMeter.dll
0x74a60000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\POWRPROF.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll
0x72c90000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\wdmaud.drv
0x72c80000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\midimap.dll
0x018d0000 0x13000 7.05.0000.0047 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x018f0000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x77230000 0x9d000 6.00.2900.2180 C:\WINDOWS\system32\urlmon.dll
0x01a10000 0xb000 6.00.0000.0878 C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x71aa0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MPR.dll
0x75f10000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c10000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f20000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x75920000 0xf8000 5.01.2600.2180 C:\WINDOWS\system32\MSGINA.dll
0x745e0000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x76360000 0x4a000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
0x01bf0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6c6b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x75d50000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x03320000 0x8c000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\SXS.DLL
------------------------------------------------------------------------------
WUAUCLT.EXE pid: 2608
Command line: "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[364]SUSDS7c59e89d95b0b54fa44eb5b5ea37689c

Base Size Version Path
0x00400000 0x1f000 5.08.0000.2469 C:\WINDOWS\system32\wuauclt.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x50940000 0x2b000 5.08.0000.2469 C:\WINDOWS\system32\wuaucpl.cpl
0x76740000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x751f0000 0x29000 6.00.2900.2180 C:\WINDOWS\system32\ADVPACK.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x5e270000 0x10f000 5.01.2600.2180 C:\WINDOWS\system32\ESENT.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x72f70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\WINSPOOL.DRV
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x4d530000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x750e0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\mspatcha.dll
0x76b70000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c20000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
------------------------------------------------------------------------------
sys43945.exe pid: 2804
Command line: "C:\Dati\sys43945.exe"

Base Size Version Path
0x00400000 0x39000 C:\Dati\sys43945.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\COMCTL32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
WUAUCLT.EXE pid: 2836
Command line: "C:\WINDOWS\system32\wuauclt.exe"

Base Size Version Path
0x00400000 0x1f000 5.08.0000.2469 C:\WINDOWS\system32\wuauclt.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x50940000 0x2b000 5.08.0000.2469 C:\WINDOWS\system32\wuaucpl.cpl
0x76740000 0x9000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x751f0000 0x29000 6.00.2900.2180 C:\WINDOWS\system32\ADVPACK.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x5e270000 0x10f000 5.01.2600.2180 C:\WINDOWS\system32\ESENT.dll
0x76f10000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll
0x76310000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WINSTA.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x72f70000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\WINSPOOL.DRV
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x4d530000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x750e0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\mspatcha.dll
0x76b70000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sfc.dll
0x76c20000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\sfc_os.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x50e60000 0x7000 5.08.0000.2469 C:\WINDOWS\system32\wups2.dll
0x508a0000 0x21000 5.08.0000.2469 C:\WINDOWS\system32\wucltui.dll
------------------------------------------------------------------------------
runme.exe pid: 2844
Command line: runme.exe

Base Size Version Path
0x00400000 0x58000 3.02.0000.0000 C:\DOCUME~1\papi\IMPOST~1\Temp\nsm2.tmp\runme.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x73390000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\shlwapi.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x73510000 0x25000 5.06.0000.8820 C:\WINDOWS\system32\scrrun.dll
0x73d40000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61e00000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\SXS.DLL
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
iexplore.exe pid: 3024
Command line: "C:\Programmi\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x19000 6.00.2900.2180 C:\Programmi\Internet Explorer\iexplore.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x77730000 0x16c000 6.00.2900.2180 C:\WINDOWS\system32\SHDOCVW.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x76bf0000 0x2e000 5.131.2600.2180 C:\WINDOWS\system32\WINTRUST.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\NETAPI32.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\WININET.dll
0x76f20000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75f30000 0xfc000 6.00.2900.2180 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x77230000 0x9d000 6.00.2900.2180 C:\WINDOWS\system32\urlmon.dll
0x77f10000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\Secur32.dll
0x779f0000 0x55000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
0x765b0000 0x1d000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
0x778f0000 0xf7000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
0x10000000 0xb000 6.00.0000.0878 C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x00fd0000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x013f0000 0x8c000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x01480000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x7d4b0000 0x2e2000 6.00.2900.2180 C:\WINDOWS\system32\mshtml.dll
0x74650000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75d50000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x4a000000 0x2c000 6.00.0000.8424 C:\WINDOWS\system32\PDM.DLL
0x4aa00000 0x15000 6.00.0000.8424 C:\WINDOWS\system32\MSDBG.DLL
0x7d1f0000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x75e40000 0xb0000 5.01.2600.2180 C:\WINDOWS\system32\SXS.DLL
0x71a50000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\wsock32.dll
0x74680000 0x2a000 5.01.2600.2180 C:\WINDOWS\system32\msimtf.dll
0x76340000 0x1d000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
------------------------------------------------------------------------------
MDM.EXE pid: 3056
Command line: C:\WINDOWS\system32\MDM.EXE -Embedding

Base Size Version Path
0x00400000 0x1f000 6.00.0000.8424 C:\WINDOWS\system32\MDM.EXE
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x5bc70000 0x54000 5.01.2600.2180 C:\WINDOWS\system32\netapi32.dll
0x4b200000 0x6000 6.00.0000.8324 C:\WINDOWS\system32\msdbgit.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x20000000 0x2d5000 5.01.2600.2180 C:\WINDOWS\system32\xpsp2res.dll
0x76f90000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77010000 0xd2000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x76bb0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\psapi.dll
0x10000000 0x9000 c:\docume~1\stefi\impost~1\temp\services.dll
0x77180000 0xa7000 6.00.2900.2180 C:\WINDOWS\system32\wininet.dll
0x77a50000 0x95000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
0x71a30000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\ws2_32.dll
0x71a20000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
0x4aa00000 0x15000 6.00.0000.8424 C:\WINDOWS\system32\MSDBG.DLL
------------------------------------------------------------------------------
cmd.exe pid: 2372
Command line: <unable to retrieve>
------------------------------------------------------------------------------
cmd.exe pid: 2424
Command line: <unable to retrieve>
------------------------------------------------------------------------------
cmd.exe pid: 2416
Command line: cmd /c fhdmthjcjv.exe >> C:\suspectfile\tempd.txt

Base Size Version Path
0x4ad00000 0x63000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
cmd.exe pid: 1760
Command line: <unable to retrieve>
------------------------------------------------------------------------------
cmd.exe pid: 1300
Command line: cmd /c cepwuodjkt.exe /i /s:C:\ > efs.txt

Base Size Version Path
0x4ad00000 0x63000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x76b00000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
0x774b0000 0x13c000 5.01.2600.2180 C:\WINDOWS\system32\ole32.dll
0x770f0000 0x8c000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
0x77bb0000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x76980000 0xb4000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
0x5b180000 0x38000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
0x5d190000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\serwvdrv.dll
0x5b4b0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\umdmxfrm.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
0x77b10000 0x22000 5.01.2600.2180 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
ivclrtjh.exe pid: 2536
Command line: <unable to retrieve>
------------------------------------------------------------------------------
fhdmthjcjv.exe pid: 2464
Command line: fhdmthjcjv.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\papi\IMPOST~1\Temp\nsm2.tmp\fhdmthjcjv.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x76c50000 0x28000 5.01.2600.2180 C:\WINDOWS\system32\imagehlp.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\user32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
------------------------------------------------------------------------------
cepwuodjkt.exe pid: 2448
Command line: cepwuodjkt.exe /i /s:C:\

Base Size Version Path
0x01000000 0x8000 5.00.2065.0001 C:\DOCUME~1\papi\IMPOST~1\Temp\nsm2.tmp\cepwuodjkt.exe
0x7c910000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xff000 5.01.2600.2180 C:\WINDOWS\system32\kernel32.dll
0x77be0000 0x58000 7.00.2600.2180 C:\WINDOWS\system32\MSVCRT.dll
0x77f40000 0xab000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
0x77da0000 0x91000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
0x7c9d0000 0x81b000 6.00.2900.2180 C:\WINDOWS\system32\SHELL32.dll
0x77e40000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\GDI32.dll
0x77d10000 0x90000 5.01.2600.2180 C:\WINDOWS\system32\USER32.dll
0x77e90000 0x76000 6.00.2900.2180 C:\WINDOWS\system32\SHLWAPI.dll
0x77bd0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\version.dll
0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5d4d0000 0x97000 5.82.2900.2180 C:\WINDOWS\system32\comctl32.dll
------------------------------------------------------------------------------
at.exe pid: 2468
Command line: <unable to retrieve>
------------------------------------------------------------------------------
qgqttiprri.exe pid: 2456
Command line: <unable to retrieve>
Avatar utente
gallico
Utente Junior
 
Post: 31
Iscritto il: 05/10/07 11:37

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "trojan dialer + crash di task manager, windows explorer ecc.":

Security Task Manager
Autore: valyfilm
Forum: Software Windows
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 53 ospiti

cron