qualcuno potrebbe analizzare il mio log con l'Antirootkit in titolo per verificare se ho qualcosa di anomalo?
Grazie in anticipo
Fabio
==========================================================================================================================
NoVirusThanks Anti-Rootkit v1.2 (FREE EDITION)
Microsoft Windows Version 5.1 Build: 2600 Service Pack: 3
Detected CPUs: (2)
Scanning Commenced... 16/02/2011 11.40.19
==========================================================================================================================
>>>SSDT<<<
==========================================================================================================================
#41 NtCreateKey
Real Address: 0x8057791D
Hook Address: 0xF8BD78CE [<empty>]
#53 NtCreateThread
Real Address: 0x80586C45
Hook Address: 0xF8BD78C4 [<empty>]
#63 NtDeleteKey
Real Address: 0x80593334
Hook Address: 0xF8BD78D3 [<empty>]
#65 NtDeleteValueKey
Real Address: 0x80591F8B
Hook Address: 0xF8BD78DD [<empty>]
#98 NtLoadKey
Real Address: 0x805CE7E5
Hook Address: 0xF8BD78E2 [<empty>]
#122 NtOpenProcess
Real Address: 0x80581702
Hook Address: 0xF8BD78B0 [<empty>]
#128 NtOpenThread
Real Address: 0x805E1939
Hook Address: 0xF8BD78B5 [<empty>]
#193 NtReplaceKey
Real Address: 0x806564D8
Hook Address: 0xF8BD78EC [<empty>]
#204 NtRestoreKey
Real Address: 0x8065606D
Hook Address: 0xF8BD78E7 [<empty>]
#247 NtSetValueKey
Real Address: 0x8058228C
Hook Address: 0xF8BD78D8 [<empty>]
#257 NtTerminateProcess
Real Address: 0x8058E695
Hook Address: 0xF8BD78BF [<empty>]
==========================================================================================================================
>>>Shadow SDT<<<
==========================================================================================================================
==========================================================================================================================
>>>Kernel Notify Routines<<<
==========================================================================================================================
CreateProcess: Address 0xEFB87CA4 [C:\WINDOWS\system32\DRIVERS\InCDFs.sys]
Hidden Loaded Driver: False
CreateProcess: Address 0xEF91F836 [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
Hidden Loaded Driver: False
LoadImage: Address 0xEF91F6E8 [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
Hidden Loaded Driver: False
==========================================================================================================================
>>>Processes<<<
==========================================================================================================================
0x823C8A00 [4]SYSTEM
Suspicious: False
Hidden: False
0x81FA57E8 [652]C:\WINDOWS\system32\csrss.exe
Suspicious: False
Hidden: False
0x822BDA80 [2040]C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
Suspicious: False
Hidden: False
0x82246840 [580]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x82257030 [184]C:\WINDOWS\system32\ctfmon.exe
Suspicious: False
Hidden: False
0x81E252C8 [144]C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
Suspicious: False
Hidden: False
0x81E2C3D0 [2032]C:\Programmi\Sagem Photo Easy\AzAgent.exe
Suspicious: False
Hidden: False
0x820F45F0 [1988]C:\WINDOWS\SOUNDMAN.EXE
Suspicious: True
Hidden: False
0x82015AD8 [196]C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Suspicious: False
Hidden: False
0x81EAC7E8 [720]C:\WINDOWS\system32\services.exe
Suspicious: False
Hidden: False
0x81EF22C8 [1496]C:\WINDOWS\system32\spoolsv.exe
Suspicious: False
Hidden: False
0x81E9B980 [1176]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81E383D0 [2012]C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
Suspicious: False
Hidden: False
0x822B2C10 [1088]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8205F030 [2004]C:\WINDOWS\system32\hkcmd.exe
Suspicious: True
Hidden: False
0x81F95980 [676]C:\WINDOWS\system32\winlogon.exe
Suspicious: False
Hidden: False
0x81E5FA78 [1608]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81E80A78 [496]C:\WINDOWS\system32\ANIWConnService.exe
Suspicious: True
Hidden: False
0x81E29468 [508]C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
Suspicious: False
Hidden: False
0x81D21030 [520]C:\Programmi\Avira\AntiVir Desktop\avguard.exe
Suspicious: False
Hidden: False
0x81FA53C0 [600]C:\WINDOWS\system32\smss.exe
Suspicious: False
Hidden: False
0x822B7C10 [732]C:\WINDOWS\system32\lsass.exe
Suspicious: False
Hidden: False
0x81EF0DA0 [696]C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
Suspicious: False
Hidden: False
0x81E917E8 [992]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8202F7E8 [924]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x822B06F0 [1128]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81EE3718 [1116]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8201EAE8 [1892]C:\WINDOWS\explorer.exe
Suspicious: False
Hidden: False
0x81E63DA0 [1252]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81EC9228 [1284]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x822C0AB8 [1544]C:\Programmi\Avira\AntiVir Desktop\sched.exe
Suspicious: False
Hidden: False
0x820744D0 [1640]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81EBCCB0 [1996]C:\WINDOWS\system32\igfxtray.exe
Suspicious: True
Hidden: False
0x822C17E8 [2024]C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
Suspicious: False
Hidden: False
0x81F92658 [2280]C:\WINDOWS\system32\wbem\wmiprvse.exe
Suspicious: False
Hidden: False
0x81EFEC10 [2564]C:\WINDOWS\system32\alg.exe
Suspicious: False
Hidden: False
0x81E7E800 [2936]C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
Suspicious: False
Hidden: False
0x822A1030 [3076]C:\WINDOWS\system32\wuauclt.exe
Suspicious: False
Hidden: False
0x82121030 [3208]C:\Programmi\NoVirusThanks\Anti-Rootkit (Free Edition)\NVTArk.exe
Suspicious: False
Hidden: False
==========================================================================================================================
>>>SYSENTER<<<
==========================================================================================================================
CPU #0 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]
Hooked: False
CPU #1 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]
Hooked: False
==========================================================================================================================
>>>Drivers<<<
==========================================================================================================================
==========================================================================================================================
>>>IDT<<<
==========================================================================================================================
==========================================================================================================================
>>>Windows Message Hooks<<<
==========================================================================================================================
Process: [2012]avgnt.exe
Type: WH_MSGFILTER
Address: 0x78A7EBF9
TID: 2016
Hook Module: mfc90u.dll
Process: [2032]AzAgent.exe
Type: WH_CBT
Address: 0x0041E909
TID: 2036
Hook Module: AzAgent.exe
Process: [2032]AzAgent.exe
Type: WH_MSGFILTER
Address: 0x0042203F
TID: 2036
Hook Module: AzAgent.exe
Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 204
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_SHELL
Address: 0x746C12B6
TID: 164
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_GETMESSAGE
Address: 0x746C1351
TID: 164
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_CBT
Address: 0x746C0E2E
TID: 164
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_CBT
Address: 0x78A3E6BB
TID: 2016
Hook Module: mfc90u.dll
Process: [2012]avgnt.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2016
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2016
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_CBT
Address: 0x78A3E6BB
TID: 332
Hook Module: mfc90u.dll
Process: [2032]AzAgent.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2036
Hook Module: msctf.dll
Process: [2032]AzAgent.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2036
Hook Module: msctf.dll
Process: [144]AirNCFG.exe
Type: WH_MSGFILTER
Address: 0x00478487
TID: 168
Hook Module: AirNCFG.exe
Process: [144]AirNCFG.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 168
Hook Module: msctf.dll
Process: [144]AirNCFG.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 168
Hook Module: msctf.dll
Process: [2004]hkcmd.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2008
Hook Module: msctf.dll
Process: [2004]hkcmd.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2008
Hook Module: msctf.dll
Process: [1996]igfxtray.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2000
Hook Module: msctf.dll
Process: [1996]igfxtray.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2000
Hook Module: msctf.dll
Process: [144]AirNCFG.exe
Type: WH_CBT
Address: 0x004746A6
TID: 168
Hook Module: AirNCFG.exe
Process: [184]ctfmon.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 164
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 164
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1948
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1948
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 204
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 332
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 332
Hook Module: msctf.dll
Process: [508]ANIWZCSdS.exe
Type: WH_CBT
Address: 0x73D44EAA
TID: 1040
Hook Module: mfc42.dll
Process: [2012]avgnt.exe
Type: WH_MSGFILTER
Address: 0x78A7EBF9
TID: 344
Hook Module: mfc90u.dll
Process: [2040]WZCSLDR2.exe
Type: WH_CBT
Address: 0x73D44EAA
TID: 384
Hook Module: mfc42.dll
Process: [2040]WZCSLDR2.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 384
Hook Module: msctf.dll
Process: [2040]WZCSLDR2.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 384
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1212
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1212
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1896
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1208
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1208
Hook Module: msctf.dll
Process: [2936]hpqste08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2940
Hook Module: msctf.dll
Process: [2936]hpqste08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2940
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1896
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3008
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3004
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3004
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3008
Hook Module: msctf.dll
Process: [3208]NVTArk.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3212
Hook Module: msctf.dll
Process: [3208]NVTArk.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3212
Hook Module: msctf.dll
==========================================================================================================================
>>>BHOs<<<
==========================================================================================================================
Key Name: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Module: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer)
Key Name: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Module: C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (WindowsLiveLogin.dll)
Key Name: {AE7CD045-E861-484f-8273-0445EE161910}
Module: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer)
==========================================================================================================================
>>>AppInit_DLLs<<<
==========================================================================================================================
==========================================================================================================================
>>>IRP Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Ring0 Export Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Ring3 Export Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Locked System Files<<<
==========================================================================================================================
==========================================================================================================================
>>>Locked Generic Files<<<
==========================================================================================================================
==========================================================================================================================
>>>Master Boot Record (MBR)<<<
==========================================================================================================================
Master Boot Record (MBR) appears to be Ok...
==========================================================================================================================
Scan Complete... 16/02/2011 11.41.26
==========================================================================================================================
NoVirusThanks Anti-Rootkit v1.2 (FREE EDITION)
Microsoft Windows Version 5.1 Build: 2600 Service Pack: 3
Detected CPUs: (2)
Scanning Commenced... 16/02/2011 11.40.19
==========================================================================================================================
>>>SSDT<<<
==========================================================================================================================
#41 NtCreateKey
Real Address: 0x8057791D
Hook Address: 0xF8BD78CE [<empty>]
#53 NtCreateThread
Real Address: 0x80586C45
Hook Address: 0xF8BD78C4 [<empty>]
#63 NtDeleteKey
Real Address: 0x80593334
Hook Address: 0xF8BD78D3 [<empty>]
#65 NtDeleteValueKey
Real Address: 0x80591F8B
Hook Address: 0xF8BD78DD [<empty>]
#98 NtLoadKey
Real Address: 0x805CE7E5
Hook Address: 0xF8BD78E2 [<empty>]
#122 NtOpenProcess
Real Address: 0x80581702
Hook Address: 0xF8BD78B0 [<empty>]
#128 NtOpenThread
Real Address: 0x805E1939
Hook Address: 0xF8BD78B5 [<empty>]
#193 NtReplaceKey
Real Address: 0x806564D8
Hook Address: 0xF8BD78EC [<empty>]
#204 NtRestoreKey
Real Address: 0x8065606D
Hook Address: 0xF8BD78E7 [<empty>]
#247 NtSetValueKey
Real Address: 0x8058228C
Hook Address: 0xF8BD78D8 [<empty>]
#257 NtTerminateProcess
Real Address: 0x8058E695
Hook Address: 0xF8BD78BF [<empty>]
==========================================================================================================================
>>>Shadow SDT<<<
==========================================================================================================================
==========================================================================================================================
>>>Kernel Notify Routines<<<
==========================================================================================================================
CreateProcess: Address 0xEFB87CA4 [C:\WINDOWS\system32\DRIVERS\InCDFs.sys]
Hidden Loaded Driver: False
CreateProcess: Address 0xEF91F836 [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
Hidden Loaded Driver: False
LoadImage: Address 0xEF91F6E8 [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
Hidden Loaded Driver: False
==========================================================================================================================
>>>Processes<<<
==========================================================================================================================
0x823C8A00 [4]SYSTEM
Suspicious: False
Hidden: False
0x81FA57E8 [652]C:\WINDOWS\system32\csrss.exe
Suspicious: False
Hidden: False
0x822BDA80 [2040]C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
Suspicious: False
Hidden: False
0x82246840 [580]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x82257030 [184]C:\WINDOWS\system32\ctfmon.exe
Suspicious: False
Hidden: False
0x81E252C8 [144]C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
Suspicious: False
Hidden: False
0x81E2C3D0 [2032]C:\Programmi\Sagem Photo Easy\AzAgent.exe
Suspicious: False
Hidden: False
0x820F45F0 [1988]C:\WINDOWS\SOUNDMAN.EXE
Suspicious: True
Hidden: False
0x82015AD8 [196]C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Suspicious: False
Hidden: False
0x81EAC7E8 [720]C:\WINDOWS\system32\services.exe
Suspicious: False
Hidden: False
0x81EF22C8 [1496]C:\WINDOWS\system32\spoolsv.exe
Suspicious: False
Hidden: False
0x81E9B980 [1176]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81E383D0 [2012]C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
Suspicious: False
Hidden: False
0x822B2C10 [1088]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8205F030 [2004]C:\WINDOWS\system32\hkcmd.exe
Suspicious: True
Hidden: False
0x81F95980 [676]C:\WINDOWS\system32\winlogon.exe
Suspicious: False
Hidden: False
0x81E5FA78 [1608]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81E80A78 [496]C:\WINDOWS\system32\ANIWConnService.exe
Suspicious: True
Hidden: False
0x81E29468 [508]C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
Suspicious: False
Hidden: False
0x81D21030 [520]C:\Programmi\Avira\AntiVir Desktop\avguard.exe
Suspicious: False
Hidden: False
0x81FA53C0 [600]C:\WINDOWS\system32\smss.exe
Suspicious: False
Hidden: False
0x822B7C10 [732]C:\WINDOWS\system32\lsass.exe
Suspicious: False
Hidden: False
0x81EF0DA0 [696]C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
Suspicious: False
Hidden: False
0x81E917E8 [992]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8202F7E8 [924]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x822B06F0 [1128]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81EE3718 [1116]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8201EAE8 [1892]C:\WINDOWS\explorer.exe
Suspicious: False
Hidden: False
0x81E63DA0 [1252]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81EC9228 [1284]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x822C0AB8 [1544]C:\Programmi\Avira\AntiVir Desktop\sched.exe
Suspicious: False
Hidden: False
0x820744D0 [1640]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x81EBCCB0 [1996]C:\WINDOWS\system32\igfxtray.exe
Suspicious: True
Hidden: False
0x822C17E8 [2024]C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
Suspicious: False
Hidden: False
0x81F92658 [2280]C:\WINDOWS\system32\wbem\wmiprvse.exe
Suspicious: False
Hidden: False
0x81EFEC10 [2564]C:\WINDOWS\system32\alg.exe
Suspicious: False
Hidden: False
0x81E7E800 [2936]C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
Suspicious: False
Hidden: False
0x822A1030 [3076]C:\WINDOWS\system32\wuauclt.exe
Suspicious: False
Hidden: False
0x82121030 [3208]C:\Programmi\NoVirusThanks\Anti-Rootkit (Free Edition)\NVTArk.exe
Suspicious: False
Hidden: False
==========================================================================================================================
>>>SYSENTER<<<
==========================================================================================================================
CPU #0 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]
Hooked: False
CPU #1 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]
Hooked: False
==========================================================================================================================
>>>Drivers<<<
==========================================================================================================================
==========================================================================================================================
>>>IDT<<<
==========================================================================================================================
==========================================================================================================================
>>>Windows Message Hooks<<<
==========================================================================================================================
Process: [2012]avgnt.exe
Type: WH_MSGFILTER
Address: 0x78A7EBF9
TID: 2016
Hook Module: mfc90u.dll
Process: [2032]AzAgent.exe
Type: WH_CBT
Address: 0x0041E909
TID: 2036
Hook Module: AzAgent.exe
Process: [2032]AzAgent.exe
Type: WH_MSGFILTER
Address: 0x0042203F
TID: 2036
Hook Module: AzAgent.exe
Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 204
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_SHELL
Address: 0x746C12B6
TID: 164
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_GETMESSAGE
Address: 0x746C1351
TID: 164
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_CBT
Address: 0x746C0E2E
TID: 164
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_CBT
Address: 0x78A3E6BB
TID: 2016
Hook Module: mfc90u.dll
Process: [2012]avgnt.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2016
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2016
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_CBT
Address: 0x78A3E6BB
TID: 332
Hook Module: mfc90u.dll
Process: [2032]AzAgent.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2036
Hook Module: msctf.dll
Process: [2032]AzAgent.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2036
Hook Module: msctf.dll
Process: [144]AirNCFG.exe
Type: WH_MSGFILTER
Address: 0x00478487
TID: 168
Hook Module: AirNCFG.exe
Process: [144]AirNCFG.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 168
Hook Module: msctf.dll
Process: [144]AirNCFG.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 168
Hook Module: msctf.dll
Process: [2004]hkcmd.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2008
Hook Module: msctf.dll
Process: [2004]hkcmd.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2008
Hook Module: msctf.dll
Process: [1996]igfxtray.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2000
Hook Module: msctf.dll
Process: [1996]igfxtray.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2000
Hook Module: msctf.dll
Process: [144]AirNCFG.exe
Type: WH_CBT
Address: 0x004746A6
TID: 168
Hook Module: AirNCFG.exe
Process: [184]ctfmon.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 164
Hook Module: msctf.dll
Process: [184]ctfmon.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 164
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1948
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1948
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 204
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 332
Hook Module: msctf.dll
Process: [2012]avgnt.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 332
Hook Module: msctf.dll
Process: [508]ANIWZCSdS.exe
Type: WH_CBT
Address: 0x73D44EAA
TID: 1040
Hook Module: mfc42.dll
Process: [2012]avgnt.exe
Type: WH_MSGFILTER
Address: 0x78A7EBF9
TID: 344
Hook Module: mfc90u.dll
Process: [2040]WZCSLDR2.exe
Type: WH_CBT
Address: 0x73D44EAA
TID: 384
Hook Module: mfc42.dll
Process: [2040]WZCSLDR2.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 384
Hook Module: msctf.dll
Process: [2040]WZCSLDR2.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 384
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1212
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1212
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1896
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1208
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1208
Hook Module: msctf.dll
Process: [2936]hpqste08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2940
Hook Module: msctf.dll
Process: [2936]hpqste08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2940
Hook Module: msctf.dll
Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1896
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3008
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3004
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3004
Hook Module: msctf.dll
Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3008
Hook Module: msctf.dll
Process: [3208]NVTArk.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3212
Hook Module: msctf.dll
Process: [3208]NVTArk.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3212
Hook Module: msctf.dll
==========================================================================================================================
>>>BHOs<<<
==========================================================================================================================
Key Name: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Module: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer)
Key Name: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Module: C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (WindowsLiveLogin.dll)
Key Name: {AE7CD045-E861-484f-8273-0445EE161910}
Module: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer)
==========================================================================================================================
>>>AppInit_DLLs<<<
==========================================================================================================================
==========================================================================================================================
>>>IRP Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Ring0 Export Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Ring3 Export Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Locked System Files<<<
==========================================================================================================================
==========================================================================================================================
>>>Locked Generic Files<<<
==========================================================================================================================
==========================================================================================================================
>>>Master Boot Record (MBR)<<<
==========================================================================================================================
Master Boot Record (MBR) appears to be Ok...
==========================================================================================================================
Scan Complete... 16/02/2011 11.41.26
==========================================================================================================================