PDA

View Full Version : [Win Xp] trojan impossibili da eliminare

stemor
09-01-2008, 21:27
Ciao ragazzi, ho un piccolo problema.
Uno o più di quelli che sembrano trojan e che non riesco in nessun modo a togliere. Ho individuato i files, seguito tutte le procedure da voi elencate nel tutorial, ma non riesco in alcun modo a rimuoverli. Oltre agli anti-virus da voi segnalati ho usato anche Avast, Vir-it, AVG, Ad-aware e altri che non ricordo, ma l'unico che ha rilevato quei files è AVG. Il problema è che l'unica possibilità che mi dà è "heal", clicco, riavvio e non è cambiato niente:muro:
Ho provato a togliere i files manualmente, anche in modalità provvisoria, ma niente, mi dice "impossibile eliminare...controllare che il disco non sia pieno...". Con Task manager sembrerebbe non esserci nulla di sospetto.
I files in questione sono:
msupd97861.exe (situato nella cartella esecuzione automatica)
dsqueryh.dll (nella cartella system32)
khjgfshi.dat (nella cartella drivers di system32) questo l'ho trovato casualmente
stemor
09-01-2008, 21:35
...dimenticavo, ho usato anche Gmer, ecco il log
murack83pa
09-01-2008, 21:37
ciao
benvenuto nel forum
x il momento segui la guida alla disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1599737)
è importante che la segui senza saltare alcun punto e nell'ordine indicato...
fare tali scansioni significa eliminare la maggior parte delle infezioni, e in ogni caso serve x dare una panoramica completa dell'infezione del tuo pc...;)

stai attento a come posti i log, scegliendo tra:
1)i tag (code) (/code)
2)la funzione allegati, rinominando i log in formato txt
3)caricare il log su un server come www.zshare.net, copiando qui i link x il download
è preferibile l'ultima opzione
bye bye
stemor
09-01-2008, 21:47
Bentrovato anche a te e grazie per il benvenuto.
Comunque, come detto, ho seguito passo passo la guida e mi sembra di aver postato i log in maniera corretta...sbaglio?
murack83pa
09-01-2008, 21:49
il log li hai postati in maniera corretta, ma scoprirai che nn sempre è possibile utilizzare la funzione allegati
se hai seguito la guida, posta i log dei programmi: asquared,prevx csi, la scansione online,gmer ha trovato righe rosse?
deneb87
09-01-2008, 21:49
no, mancano:

a-squared
prevx csi
scansione online
Riverside
09-01-2008, 21:59
Con Task manager sembrerebbe non esserci nulla di sospetto.
I files in questione sono:
msupd97861.exe
Localizzalo e fai analizzare qull'exe su VIRUS TOTAL:
clicca qui per Virustotal (http://www.virustotal.com/it/)
allega il Report che verrà rilasciato
stemor
09-01-2008, 22:10
Li avevo fatti ma non avevo salvato (PrevxCSI aveva trovato due dei file in questione). Niente di rosso in Gmer.
Rifaccio le procedure e posto
Riverside
09-01-2008, 22:13
Li avevo fatti ma non avevo salvato (PrevxCSI aveva trovato due dei file in questione). Niente di rosso in Gmer.
Rifaccio le procedure e posto

No, fermo li; prima:

BITDEFENDER ONLINE SCANNER
● esegui una scansione online da: clicca qui per lo scan online (http://www.bitdefender.com/scan8/ie.html)
● una volta aperta la pagina, clicca I AGREE
● ti farà scaricare ed installare un activex: segui la procedura guidata.
allega il log che verrà rilasciato
stemor
09-01-2008, 22:37
Fatto BitDefender e non ha trovato assolutamente nulla
stemor
09-01-2008, 22:57
Mentre eseguivo uno scan con a-squared è comparsa la pagina blu di windows "si è verificato un problema e windows è stato chiuso per impedire danni...".
Da rilevare che c'era anche scritto:
Ntfs.sys Address F76B01AF base at F76AAOOO, DateStamp 45cc56a7

Non è purtroppo la prima volta che compare. Succede da sempre, generalmente ogni tanto, tranne in alcuni casi in cui succede anche più volte in un giorno alternato con chiusura improvvisa di pagine (spesso è riportato: IRQL_NOT_EQUAL oppure PAGE_FAULT_IN_NON_PAGED_AREA, etc.). Mai riuscito a risolvere il problema, anche l'assistenza tecnica ha detto che non sapeva cosa fare (riformattato ma non è cambiato nulla)...ma credo questo sia un altro problema
lancetta
09-01-2008, 23:10
Mentre eseguivo uno scan con a-squared è comparsa la pagina blu di windows "si è verificato un problema e windows è stato chiuso per impedire danni...".
Da rilevare che c'era anche scritto:
Ntfs.sys Address F76B01AF base at F76AAOOO, DateStamp 45cc56a7

Non è purtroppo la prima volta che compare. Succede da sempre, generalmente ogni tanto, tranne in alcuni casi in cui succede anche più volte in un giorno alternato con chiusura improvvisa di pagine (spesso è riportato: IRQL_NOT_EQUAL oppure PAGE_FAULT_IN_NON_PAGED_AREA, etc.). Mai riuscito a risolvere il problema, anche l'assistenza tecnica ha detto che non sapeva cosa fare (riformattato ma non è cambiato nulla)...ma credo questo sia un altro problema

dovrebbe essere più un problema di temperature:rolleyes: mai levata un pò di polvere all'interno del case????vabbè questo lo vediamo in seguito...ci puoi rilasciare il log di bitdefender?
stemor
09-01-2008, 23:19
Intanto questo è il log di a-square
Riverside
09-01-2008, 23:20
Fatto BitDefender e non ha trovato assolutamente nulla
Allega il log lo stesso.
stemor
09-01-2008, 23:30
Un attimo
stemor
09-01-2008, 23:36
Log di PrevxCSI

Prevx CSI Build: (v1.2.101.109)
Prevx Computer Security Investigator Output Log
System analyzed at: 01/09/08 at 22:06:57

C:\WINDOWS\system32\ntdll.dll
Loaded into: C:\WINDOWS\System32\smss.exe
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: 98EF83350066C70122B20B444BEBEA00D217A1B2
MD5: 75a0aecc55a3f0b9e2d54119fa4aab6d
Determination: GOOD

C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 457E08CD00DE83E3183600665DD0AE001F0FA82A
MD5: 2b511a5438308a1ac8d48482279810e6
Determination: GOOD

C:\WINDOWS\system32\CSRSRV.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 672F934100D50DA280D100335AB03A0006C3D206
MD5: 4ba2dbac6357b3b9d89c53823afe15c5
Determination: GOOD

C:\WINDOWS\system32\basesrv.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: CDE7154D0060E2E4CE1D00F8B4D58500AEAC4112
MD5: 7b37b598b55bf80415c15bffe7a992a2
Determination: GOOD

C:\WINDOWS\system32\winsrv.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: EA125ACC0017E3527A0804FB6E773E00D0D2275E
MD5: a372e3e086a11a01cfca3b8dccbfcb50
Determination: GOOD

C:\WINDOWS\system32\GDI32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: E0AE989400FE60C04EE004B2BF0AC40001B8B70F
MD5: 82d7de4df9b7ff8d8b9aefc48f2f3be5
Determination: GOOD

C:\WINDOWS\system32\KERNEL32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: 0AD652AA00FC1D0CB2930F5593CD84005E517D9A
MD5: eb1428078e1d10fdec060857aa526a9f
Determination: GOOD

C:\WINDOWS\system32\USER32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: D423C40D007DC87CD48F089CF302B800036F5CB9
MD5: 9daa2190a18739b657b58f794acf2e47
Determination: GOOD

C:\WINDOWS\system32\sxs.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: F6867B260073AE3BE8420A9D4CB88200ED96EA53
MD5: 1f0124663855af228233f43021400f72
Determination: GOOD

C:\WINDOWS\system32\ADVAPI32.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: DA31EA390036C3916C5C0A395DA4E3007CA4EABA
MD5: 09bb0a2c325f7085e24fae6134de2d16
Determination: GOOD

C:\WINDOWS\system32\RPCRT4.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_np rpcrt4.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_ip_tcp rpcrt4.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncadg_ip_udp rpcrt4.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_http rpcrt4.dll
PX5: 64FF7BDB00B8F512E4E10855030F0C0078D17B4A
MD5: 32c17e5cd708e5651e72b6416dafd01f
Determination: GOOD

C:\WINDOWS\system32\Apphelp.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: 2E534C590076A85BF05D01EC9E4FFB0089A4554F
MD5: 086da77c3c612759d4ef437f67532e2d
Determination: GOOD

C:\WINDOWS\system32\VERSION.dll
Loaded into: C:\WINDOWS\system32\csrss.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 17E09890009DDCC84AAD00E153CBBA0071FD3882
MD5: 9b5a59851d9a237c86210e07e2195a12
Determination: GOOD

C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: D0D54E6C00E89575B4CC07CFE43BE400C1F31A26
MD5: 4166454e2bcfcc20d1b8a5ac9feab243
Determination: GOOD

C:\WINDOWS\system32\AUTHZ.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 869C1EE500523D0FDE60003D7F38BD0038C5A93D
MD5: ac3257b2e441866289d7eb8377490765
Determination: GOOD

C:\WINDOWS\system32\msvcrt.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: EAD3CF360087D2AD3C120509FE506F008FB88290
MD5: 9e6cb81be111b9935f6a97c367cabd4e
Determination: GOOD

C:\WINDOWS\system32\CRYPT32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\DllName crypt32.dll
PX5: DD3ED9060033BBFB2E83098709F8D4001E524429
MD5: 5588d8afd51d060f82315c50d7590323
Determination: GOOD

C:\WINDOWS\system32\MSASN1.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 09F301D4001F77D2E0150027945354004927323C
MD5: 0a75ac7d90bd8e6bc942dba004579d5b
Determination: GOOD

C:\WINDOWS\system32\NDdeApi.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 8E19EB1100E774A0488300C192BED30080B1D3E4
MD5: 11be44f0c0978927aed7d69b75c24937
Determination: GOOD

C:\WINDOWS\system32\PROFMAP.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 90AEB4A600D0EF596C4F00D134ACAA00BDFD0752
MD5: 0328058695d324d26528077f5b136636
Determination: GOOD

C:\WINDOWS\system32\NETAPI32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 0919F94300F3C16412B605F0CC86050045AA2AE7
MD5: 9003e9374ea7c1a81db51cee64c427f6
Determination: GOOD

C:\WINDOWS\system32\USERENV.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 02BF46CD00DC848D207F0BA7D391AB00DCDEB32E
MD5: ac31ca2b251fe8057528fa937335b164
Determination: GOOD

C:\WINDOWS\system32\PSAPI.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 5DB1DF3A00AE978A5A1800B9B5A8C30041FF3076
MD5: 2baf81b8504d9c1600c51a498e5453b3
Determination: GOOD

C:\WINDOWS\system32\REGAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: BDCF1CB600ACB6D2C2EE007361942C0007606048
MD5: bb756f78728c2d953574e8652b7e86a8
Determination: GOOD

C:\WINDOWS\system32\Secur32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\10 secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\16 secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService secur32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\18 secur32.dll
PX5: 2226211D005B7868DA45009E23898E00149E78C6
MD5: 8285b8b146b42ff18ed08c558435011e
Determination: GOOD

C:\WINDOWS\system32\SETUPAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 085443D800EAF0FA42960F6622B8E300CB4CB91D
MD5: 6f83a7ed3217d0e612445612d1991767
Determination: GOOD

C:\WINDOWS\system32\WINSTA.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 1789B2A5005E39C8D2660086022E8500C3B9450D
MD5: de24ebecf7833a4de925d0832956f21a
Determination: GOOD

C:\WINDOWS\system32\WINTRUST.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 0D34C3E0002C3B32B2670226273B8500327F7603
MD5: 48bd2908fe77abb5ef42dd4a108600b5
Determination: GOOD

C:\WINDOWS\system32\IMAGEHLP.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 92D4CA5F00EA8A5C340F02F2506EE800E1319CFF
MD5: f309c34e0f66dac995053e91effc9002
Determination: GOOD

C:\WINDOWS\system32\WS2_32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 42D0077300700B1344D7019D11CF0E00A225E294
MD5: 12ead983c875ed9bcc8b90e3f77f2e4a
Determination: GOOD

C:\WINDOWS\system32\WS2HELP.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 097C6291004A18B14EEC00B4A6264D00B84611B9
MD5: 0c1f495c1761c126bc820f4de4c8b967
Determination: GOOD

C:\WINDOWS\system32\IMM32.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: CDBF4DDD001A7574AE3A01510D252400AF18CE5E
MD5: ca38a6091ecac2668ec99afd4b6c0615
Determination: GOOD

C:\WINDOWS\system32\MSGINA.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 0590994000D0A8B53A390FFB32187D003143117B
MD5: 4ba6464cf0d5fe0cd0b43ae4b3b32d26
Determination: GOOD

C:\WINDOWS\system32\SHELL32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet rundll32 shell32,Control_RunDLL "sysdm.cpl"
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\StubPath regsvr32.exe /s /n /i:U shell32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9}
Loaded from: \REGISTRY\User\S-1-5-21-1220945662-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With\(default) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With\(default) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(default) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(default) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(default) Blocco menu Start
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(default) Blocco menu Start
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu\(default) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu\(default) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(default) {217FC9C0-3AEA-1069-A2DB-08002B30309D}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(default) {217FC9C0-3AEA-1069-A2DB-08002B30309D}
PX5: C74DB9F400A749A98AD181C3816D18006A78E9E8
Determination: GOOD

C:\WINDOWS\system32\SHLWAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: BFA5F163001586EE3EB6077DAF2BE7006E4422ED
MD5: f60b8cd80f922666bf81ebb2e5fbdded
Determination: GOOD

C:\WINDOWS\system32\COMCTL32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: 58711F2E00E7D4E26C3A0946506D1B008DF24393
MD5: efa21a3fe23bbcfdb6f61a3af723e05a
Determination: GOOD

C:\WINDOWS\system32\ODBC32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: A52E0F9B00E1697FD015036BACB9C10078B33C67
MD5: 485b2381cf003dad79f1371fbeaacd5a
Determination: GOOD

C:\WINDOWS\system32\comdlg32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: D1079ADC002DFDB3487D042258AF1F00F0FB72E4
MD5: c99fd691acafaeeefd03f1e4e6d3dd60
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
PX5: 6C2DA8F700C891F6167D107D5B6FFD004BDE3FD7
MD5: 837b282813808c17e9c94e56300aa29e
Determination: GOOD

C:\WINDOWS\system32\odbcint.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 17030F830012904980B601AEBBE29A00B94ABB0D
MD5: ea88a16da0d06069c0c06ab5a4669e26
Determination: GOOD

C:\WINDOWS\system32\SHSVCS.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 593617FD0028BAC30E8502553039DB005AE5DAA4
MD5: fad73705bed0910e910de852b0f8aebc
Determination: GOOD

C:\WINDOWS\system32\sfc.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 16BA5AAF006AA18914FD002B882F7D0027109E10
MD5: e6f026dbc75b6eed7331ebf581afd4d8
Determination: GOOD

C:\WINDOWS\system32\sfc_os.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 53B4176200566C3D2844029CE35AC3003149753E
MD5: 8fbf27ab56de71e2bdd5a2ccb7fb9023
Determination: GOOD

C:\WINDOWS\system32\ole32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 85434D2700A77E169AF713D8C3B0DC00CF7A5885
MD5: d5622b6d4cd43f2223718820c0a178ad
Determination: GOOD

C:\WINDOWS\system32\msctfime.ime
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: A0883E0F00146873B4BB0255156E8700B1387578
MD5: 29de0b3fb6dec623e2dc5e9c7c89cab8
Determination: GOOD

C:\WINDOWS\system32\WINSCARD.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 49E7BE4C00EA6409841F01CF112B5500E75D0DD5
MD5: 840535254edd74e79d059229c5a2f800
Determination: GOOD

C:\WINDOWS\system32\WTSAPI32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 1CDB8610004CDD7F48CB007245065C0097B2DD61
MD5: e2703bb7beac36269482a8d32400ad38
Determination: GOOD

C:\WINDOWS\system32\uxtheme.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: D88EDDB7006796175ABD03E85DCCE30039E51CA1
MD5: d5193d474d7bb9ce917b4cf5f3ada9d4
Determination: GOOD

C:\WINDOWS\system32\WINMM.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 8B514EB5005BE141BAA3022C5AD8F400CAAEB534
MD5: 1dc87f8c450e295fb8cc5039d27292e5
Determination: GOOD

C:\WINDOWS\system32\cscdll.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\DLLName cscdll.dll
PX5: 36CC0D8B0009157E909D017F19231E0041E0A92E
MD5: 38c69b2bc3182a85f0b323c9d1eb7e26
Determination: GOOD

C:\WINDOWS\system32\WlNotify.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\DLLName wlnotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\DllName wlnotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\DLLName WlNotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\DllName wlnotify.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\DLLName wlnotify.dll
PX5: 3C08F14B008AD1456C990109A197100002605D8A
MD5: 72e4cad810a967449caab723e99c74b1
Determination: GOOD

C:\WINDOWS\system32\WINSPOOL.DRV
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: A35B6D1900D11F1D3E5102B97EFC0500E974203D
MD5: a357128eea84698dcf3ed33e521292cc
Determination: GOOD

C:\WINDOWS\system32\MPR.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 4E92FBCC002BB291EAE5000F10C15F00A1E7AD21
MD5: 7013fc08075eef2d881d55f898f2d402
Determination: GOOD

C:\WINDOWS\system32\rsaenh.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
MD5: 26acbd865f8cff730f1791c4d0854352
Determination: GOOD

C:\WINDOWS\system32\SAMLIB.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 6D3509C200E203F6FAF00078D7EA35003D8429D0
MD5: f16c9cdb4a47969b1cf48e0620f6e217
Determination: GOOD

C:\WINDOWS\system32\cscui.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}\DllName %SystemRoot%\System32\cscui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750fdf0e-2a26-11d1-a3ea-080036587f03} Offline Files Menu
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{10CFC467-4392-11d2-8DB4-00C04FA31A66} Offline Files Folder Options
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} Cartella file non in linea
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Offline Files\(default) {750fdf0e-2a26-11d1-a3ea-080036587f03}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Offline Files\(default) {750fdf0e-2a26-11d1-a3ea-080036587f03}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Offline Files\(default) {750fdf0e-2a26-11d1-a3ea-080036587f03}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Offline Files\(default) {750fdf0e-2a26-11d1-a3ea-080036587f03}
PX5: 8E7CD5F4006500C1188E05B6248B9200BAF8CA73
MD5: 53e5ab61ddcc0f057182bc1b5513b744
Determination: GOOD

C:\WINDOWS\system32\MPRAPI.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: F40536E000846CE4547B017CD7ABC100D153D57A
MD5: b61978022a65fac95b8e3817d5029870
Determination: GOOD

C:\WINDOWS\system32\ACTIVEDS.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: EFB02947002647C8F6250205FD9612006E9558F5
MD5: 25e4e36ced6b15df8d8c10460be834a2
Determination: GOOD

C:\WINDOWS\system32\adsldpc.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 6D8B11FE00EF99F53026027F152EC40097EA0ACA
MD5: 15ce221ace929705ba7e4346d74e8a06
Determination: GOOD

C:\WINDOWS\system32\WLDAP32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 9E81915C002CE532A4010226E6EC3100C992DBA0
MD5: a340dec6229f08d8b9644f2be00100fc
Determination: GOOD

C:\WINDOWS\system32\ATL.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 90FBA32A008A4DC9E6A3004879775D009B9241D5
MD5: 32bd4cc64449ea2549be4a8efc54f4de
Determination: GOOD

C:\WINDOWS\system32\OLEAUT32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 0ADCFE240032582262B908FFB341E7008E7C2AC4
MD5: 3025d5dab63b81f538e10878d8426389
Determination: GOOD

C:\WINDOWS\system32\rtutils.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: BF0F14BA00130FA5ACFA00D907EAE70083958E2B
MD5: 204a7d354683a49c37505be1646c5d43
Determination: GOOD

C:\WINDOWS\system32\xpsp2res.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: DD9EAB9A00D5F12036192D6118710400ADB6810C
MD5: 0e8e6901c637095ec3b483475e39731e
Determination: GOOD

C:\WINDOWS\system32\NTMARTA.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 1D452FC300F103CCD4AF019C0B4A1000D0C05759
MD5: 3c1b1065c5bfca5190e7fa7efcb11b59
Determination: GOOD

C:\WINDOWS\system32\msv1_0.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Authentication Packages msv1_0
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages kerberos
PX5: 7DDBB66E00F27A20FA0D01B81C65BB005752F1B9
MD5: affa7a2ecb1476f29641c90524f63e2e
Determination: GOOD

C:\WINDOWS\system32\iphlpapi.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 352A2D920078A26F766401FF71F80300DA785AEF
MD5: 6150872a38d85c8cddb1b2fbff1bb07f
Determination: GOOD

C:\WINDOWS\system32\wdmaud.drv
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer wdmaud.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers\wave wdmaud.drv
PX5: E19B13CB00CFB9ED5C250033B033BB00A27F216F
MD5: 6deb9059000c34770192b78d85f6d387
Determination: GOOD

C:\WINDOWS\system32\msacm32.drv
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\wavemapper msacm32.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wavemapper msacm32.drv
PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
MD5: 05e84eead6b27c958621a4e6d33859d1
Determination: GOOD

C:\WINDOWS\system32\MSACM32.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: CD32AC5300D4DB3A183401A597817D009B477A6B
MD5: b088085d01b3e80e2be0e9cd1838ba9b
Determination: GOOD

C:\WINDOWS\system32\midimap.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\midimapper midimap.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midimapper midimap.dll
PX5: 8C299C3E002D88084A0000F598A51000C8C9681D
MD5: eaaa11be5c162266e698f7658bd8a1da
Determination: GOOD

C:\WINDOWS\system32\COMRes.dll
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: D3FD3AB2006F991AE8A30C7CE8FD780095D6A640
MD5: b979bbba74f4f5db69c3a5dfdc52828c
Determination: GOOD

C:\WINDOWS\system32\CLBCATQ.DLL
Loaded into: C:\WINDOWS\system32\winlogon.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: DDDD061C00DDD1C99CCC07876975D5003DF223DA
MD5: 092813b8f60f1e12e8af5db98037b770
Determination: GOOD

C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\services.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Eventlog\ImagePath %SystemRoot%\system32\services.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PlugPlay\ImagePath %SystemRoot%\system32\services.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog\ImagePath C:\WINDOWS\system32\services.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay\ImagePath C:\WINDOWS\system32\services.exe
PX5: 55CFB3920083E585A8B8011373392400747D1070
MD5: e77f6fa2a15390f1727f4c1c55b69da6
Determination: GOOD

C:\WINDOWS\system32\SCESRV.dll
Loaded into: C:\WINDOWS\system32\services.exe
PX5: 42090831009A7DEDFC25041A41C0A6009F850DB8
MD5: e84a4bfd34f64af3a9b2e4ff45c02dca
Determination: GOOD

C:\WINDOWS\system32\umpnpmgr.dll
Loaded into: C:\WINDOWS\system32\services.exe
PX5: A0722C41001DFC8BE8A7011B43DD8300C52FA704
MD5: d717635e8c6d91644aeda4b37a49762a
Determination: GOOD

C:\WINDOWS\system32\NCObjAPI.DLL
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 7EA0BF3D001A18F58E38007796CD8000CD7F3FCC
MD5: 1fc06b22ba62ab448613461d06c328c9
Determination: GOOD

C:\WINDOWS\system32\MSVCP60.dll
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: 2D7DD02900BE71EC5085060A796CD8005BF97344
MD5: b30c42dfa52a70037ab31a85057a5657
Determination: GOOD

C:\WINDOWS\system32\ShimEng.dll
Loaded into: C:\WINDOWS\system32\services.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 279F162200D45347000001BBAACC850063724C8D
MD5: dc7d49e0dec335b8e14c734ab1bade66
Determination: GOOD

C:\WINDOWS\AppPatch\AcAdProc.dll
Loaded into: C:\WINDOWS\system32\services.exe
PX5: 4481FDAC006BDDB69ABC00D7D79D140035AF8893
MD5: 744ea281298317e91c3bea70bf3843d4
Determination: GOOD

C:\WINDOWS\system32\eventlog.dll
Loaded into: C:\WINDOWS\system32\services.exe
PX5: D2B7D57A001E9CD9DA5600E2BE4F3C00079E4466
MD5: d1caa255f33c06c8302769a86ffb905e
Determination: GOOD

C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Netlogon\ImagePath %SystemRoot%\system32\lsass.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NtLmSsp\ImagePath %SystemRoot%\system32\lsass.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PolicyAgent\ImagePath %SystemRoot%\system32\lsass.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ProtectedStorage\ImagePath %SystemRoot%\system32\lsass.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SamSs\ImagePath %SystemRoot%\system32\lsass.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon\ImagePath C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp\ImagePath C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent\ImagePath C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage\ImagePath C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs\ImagePath C:\WINDOWS\system32\lsass.exe
PX5: CC1BA69F00AF6D2D3445003B3C2E0700B638080D
MD5: 0815e8da286775fa432c7c9ee5e10ba1
Determination: GOOD

C:\WINDOWS\system32\LSASRV.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: 181FFA8C00B85EB21A490B978BFB5C007BE61F0C
MD5: 4b91b83c487be4a196ba96cf697c5ba3
Determination: GOOD

C:\WINDOWS\system32\NTDSAPI.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: B049763B0042836806A701AA022FCD00F10A90B1
MD5: 6ae3588c5fea68cdfcd743af5fc95398
Determination: GOOD

C:\WINDOWS\system32\DNSAPI.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 74EB5FA400ECF6FA447C02F4107A1600E5E5C273
MD5: b4936fb637c2e2ec03f2589cbcd077ef
Determination: GOOD

C:\WINDOWS\system32\SAMSRV.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: E92EC68300CE21C68E4E06BCC0EDF6004268C49A
MD5: 12b717e63f23bdf3fd43b295542154d9
Determination: GOOD

C:\WINDOWS\system32\cryptdll.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 81B30DAB0078862F82C6000202049600DB968CD1
MD5: 4ac54687b901091378c512a6c56f6214
Determination: GOOD

C:\WINDOWS\AppPatch\AcGenral.DLL
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 5F6310EE002D3DBC446C1C5A826CF10048881669
MD5: 26caaee19627a49509a5faaf49e418a0
Determination: GOOD

C:\WINDOWS\system32\msprivs.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: 0CA48DC3002C50B3BC750065E2B27800000C62EB
MD5: d7d64ff974b96816e1ae2c5b86de35ba
Determination: GOOD

C:\WINDOWS\system32\kerberos.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages kerberos
PX5: 6F259D99008DE085843504BA6E05F400BD1351EF
MD5: a3103d196ce0db4c8b5c6a365628e9ef
Determination: GOOD

C:\WINDOWS\system32\netlogon.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\68 netlogon.dll
PX5: 7826BE4E00B0693C362206A7BBB246000E968C98
MD5: 926bb51bb6de79dedb93e9c2b0811ccf
Determination: GOOD

C:\WINDOWS\system32\w32time.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B0DB78E90001F969B24A022F16FE9C007D6DCCBC
MD5: 8b97d00e5c6a593ebb605ce4b8a5caa5
Determination: GOOD

C:\WINDOWS\system32\schannel.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders msapsspc.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages kerberos
Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\14 schannel.dll
PX5: 978AEDC000D16F92363B021213F745004B5CD31C
MD5: e9836d1ace460b4b96fbcb03861d0323
Determination: GOOD

C:\WINDOWS\system32\wdigest.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages kerberos
PX5: A77EB4BD0001DCA2C0B500785ACD4E00DCC55D5B
MD5: bbe58056910cf76b84c3e3d6349dc801
Determination: GOOD

C:\WINDOWS\system32\scecli.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\DllName scecli.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}\DllName scecli.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Notification Packages scecli
PX5: C91F3DA800B1BEBADA0C02480448D00054984981
MD5: 1446eb71adf0f54980cdd7e5a812e102
Determination: GOOD

C:\WINDOWS\system32\ipsecsvc.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: B05D914900808F8FCED102E7A46D080020A33905
MD5: 24e00a2782f1fbdda55173f6a92793b4
Determination: GOOD

C:\WINDOWS\system32\oakley.DLL
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: A4E8D0C400046CE116C204B93C6D3F0003672778
MD5: f450886f41773a5faeb25e87b758d6a8
Determination: GOOD

C:\WINDOWS\system32\WINIPSEC.DLL
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5E3F044E00E5E84280510004471F8A00BD7E5854
MD5: 30e14d74bcd1beea96a279f78a723346
Determination: GOOD

C:\WINDOWS\system32\pstorsvc.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: DCF79E3E001DA16F86F70051A83A8600579ADC98
MD5: 24b2f25a42ba3cad1d238f2adae63f7c
Determination: GOOD

C:\WINDOWS\system32\psbase.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: E242805400420CE08090017E79023900E657FC90
MD5: 7fe963bd4bde86b5eaf5c07c6d0118c3
Determination: GOOD

C:\WINDOWS\system32\mswsock.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath %SystemRoot%\System32\mswsock.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath %SystemRoot%\System32\mswsock.dll
PX5: 644C52BE00A05754C6240337B7759700C1FF12E3
MD5: 337cb52af1f7cf6c0f57ec8bd14dc6d1
Determination: GOOD

C:\WINDOWS\system32\hnetcfg.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 2CFD58C600B6F9414A810565679BD6001F42D5DE
MD5: 250d4f4e1e27543c121378268fe07208
Determination: GOOD

C:\WINDOWS\System32\wshtcpip.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 522AC66D001B6D5A4E8E00D8A0AEF000528059BA
MD5: 08b3a60a4dd7fae800b552f8f8d5deb0
Determination: GOOD

C:\WINDOWS\system32\dssenh.dll
Loaded into: C:\WINDOWS\system32\lsass.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
MD5: cacd2c63a79268d131ea37e85524cc44
Determination: GOOD

C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Alerter\ImagePath %SystemRoot%\system32\svchost.exe -k LocalService
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AppMgmt\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AudioSrv\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\BITS\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Browser\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CryptSvc\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\DcomLaunch\ImagePath %SystemRoot%\system32\svchost -k DcomLaunch
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Dhcp\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmserver\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Dnscache\ImagePath %SystemRoot%\system32\svchost.exe -k NetworkService
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ERSvc\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\EventSystem\ImagePath C:\WINDOWS\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\helpsvc\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HidServ\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HTTPFilter\ImagePath %SystemRoot%\System32\svchost.exe -k HTTPFilter
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\lanmanserver\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\lanmanworkstation\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LmHosts\ImagePath %SystemRoot%\system32\svchost.exe -k LocalService
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Messenger\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Netman\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Nla\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NtmsSvc\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasAuto\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasMan\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RemoteAccess\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RpcSs\ImagePath %SystemRoot%\system32\svchost -k rpcss
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Schedule\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\seclogon\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SENS\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SharedAccess\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ShellHWDetection\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\srservice\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SSDPSRV\ImagePath %SystemRoot%\system32\svchost.exe -k LocalService
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\stisvc\ImagePath %SystemRoot%\system32\svchost.exe -k imgsvc
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TapiSrv\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TermService\ImagePath %SystemRoot%\System32\svchost -k DComLaunch
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Themes\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TrkWks\ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\upnphost\ImagePath %SystemRoot%\system32\svchost.exe -k LocalService
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\W32Time\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WebClient\ImagePath %SystemRoot%\system32\svchost.exe -k LocalService
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\winmgmt\ImagePath %systemroot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WmdmPmSN\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\wscsvc\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\wuauserv\ImagePath %systemroot%\system32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WudfSvc\ImagePath %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WZCSVC\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\xmlprov\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfSvc\ImagePath C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC\ImagePath C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov\ImagePath C:\WINDOWS\System32\svchost.exe
PX5: 41467A9700616549387D0095555BE300B7CBF228
MD5: 73955b04f209d8a1c633867841267a96
Determination: GOOD

c:\windows\system32\rpcss.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RpcSs\ImagePath %SystemRoot%\system32\svchost -k rpcss
PX5: 27F0519E00F08DE512070643B0627F006598C78A
MD5: cc41f9d29edd55037a4c26e70c175528
Determination: GOOD

c:\windows\system32\termsrv.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 15A4D5880058E23888C304BFF814830042F0D520
MD5: c06cd1890279603e15020757e02de56b
Determination: GOOD

c:\windows\system32\ICAAPI.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: BB3E4FC6005CCAE92CC10044E2AB07008B832EBD
MD5: 66da850192b87548374fe13f38a2a265
Determination: GOOD

c:\windows\system32\mstlsapi.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: F3CF001500470019C4F901369ADAFD00DF876B1F
MD5: 9e54d8528f9b4324ed20cfcdf3be6a76
Determination: GOOD

C:\WINDOWS\System32\winrnr.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath %SystemRoot%\System32\winrnr.dll
PX5: DD7C6D7B00A7C2A842AB003098E8920063CE769A
MD5: bb78454c44a5b0f97295a6d66b217d65
Determination: GOOD

C:\WINDOWS\system32\rasadhlp.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 44992DD300BD805F2027003B3C2E0700008DD7C4
MD5: 266d8fa8f97cbbba8bade273f47215d9
Determination: GOOD

C:\WINDOWS\system32\msi.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: B09678EF00F05CBD8EB12B2266AE240024089B64
MD5: 34a737e1344985bc5a636a4ed286de61
Determination: GOOD

c:\windows\system32\dhcpcsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6B31A5B6003DEA2AB413012609A16300F9086E97
MD5: 4f56ad1b19373851392bff248c8ce1cb
Determination: GOOD

c:\windows\system32\wzcsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 3DF4750600996C8B7E470562CED514005814EDBA
MD5: 312913174d070ed81e9d78da7b648774
Determination: GOOD

c:\windows\system32\WMI.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 781B3D7300C600C41695006A26ACBD006AA9CB45
MD5: 7f9fd6e98cf1898f94d4a6246d4d639e
Determination: GOOD

c:\windows\system32\ESENT.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 44A1D0F1009656EFAA4210CE1D5F1E00AAA3CF3A
MD5: 26e0ac18ac6dc3f7f17aee22c9e0a01f
Determination: GOOD

C:\WINDOWS\System32\rastls.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F64AC68A00F37A69B87E01DB8E696800CC9225D9
MD5: f90a2f77cb88f8201a3ad783d7edb19c
Determination: GOOD

C:\WINDOWS\system32\CRYPTUI.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 5142AFD100A220AEFE57076D08D9310067F36935
MD5: 502a30e1a880124d7f71667e75be9688
Determination: GOOD

C:\WINDOWS\system32\WININET.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 01602CB700AFE3F096BE0C69B6790E0014C04381
MD5: 419a6f3d56e469bcbe71128a78463da4
Determination: GOOD

C:\WINDOWS\system32\Normaliz.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC
MD5: 10753a3adc3e39a3b10cc3f08e98e6b4
Determination: GOOD

C:\WINDOWS\system32\iertutil.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: EE33830F0085ACC816E604DF06619900D80130CB
MD5: 7cbb661d9cbe1466fba9c046976f60a0
Determination: GOOD

C:\WINDOWS\System32\RASAPI32.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 7E18516500FFE5CC9C5B03564D831C0011FCFEEB
MD5: 7ece54a6785e6a07ed02018a32b246e6
Determination: GOOD

C:\WINDOWS\System32\rasman.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 7F1D9BFF002D89D3F04E005C98AFF900ECE9EEA3
MD5: 79d87679f6f13f7f18062c39a3c5b38a
Determination: GOOD

C:\WINDOWS\System32\TAPI32.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: ECB3A62200F5E5E3C61D0271F9934A0018AE4A00
MD5: 9b53ce123c15e95de40592cfecec5a09
Determination: GOOD

C:\WINDOWS\System32\raschap.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6CBEE3D600A4FEB310F101DE8C083F003D6F721F
MD5: d7de6cd7a5f84909b12b7dbd7d93811d
Determination: GOOD

c:\windows\system32\schedsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5DDC4A3800A53317F204023D51875A00711FF5B5
MD5: 546254d4769e165cdc3388d74b201fcb
Determination: GOOD

C:\WINDOWS\System32\MSIDLE.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 892E25230047BFE41A2700448F955F00DB3FDA3D
MD5: 3dc13080f28f80ed5d31e20e226536a5
Determination: GOOD

c:\windows\system32\audiosrv.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 97A7792B000122A1A6A80092373D18006EB85382
MD5: 15ee9eff206daa73b9642fcd51a69bb1
Determination: GOOD

c:\windows\system32\wkssvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F785B0520050629F0457028102F0DA00CD162C70
MD5: 6953de298c888abe268ff59bac64cf4e
Determination: GOOD

c:\windows\system32\cryptsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 4924777000FF363CECB300E8D69F7300112A6AF8
MD5: e0cc838265401128097d182fb583889a
Determination: GOOD

c:\windows\system32\certcli.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 925C7DF9003B9C1200C5031520AB850028BB5515
MD5: 5f24a58d40870f8fe6cf7e15e73de146
Determination: GOOD

c:\windows\system32\ersvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 1075AE7B006257925A3B00E01F4D2400B15FB39E
MD5: ff547b3876b6e652431412345fb8ee11
Determination: GOOD

c:\windows\system32\es.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 79EA0C1C007DD384B6CC033ACA71FA00F62D9D5F
MD5: 659c04bb6086e480966ffd0d44f1cc4d
Determination: GOOD

c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5BE772A20028818F98B300E973AA5500998EE021
MD5: 03a7a19834e2a63c445b3ac5e73aab50
Determination: GOOD

c:\windows\system32\srvsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 0BFF5A6200F821CA7A0401E40DD655008D70866B
MD5: 974831aa16aee016d902f8582ccb30fe
Determination: GOOD

c:\windows\system32\netman.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 65612A5600E1886F042503516394BA0003C1C8BE
MD5: 1231d4353698e19495dc8a929b8b74eb
Determination: GOOD

c:\windows\system32\netshell.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7007ACC7-3202-11D1-AAD2-00805FC1270E} Connessioni di rete
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{992CFFA0-F557-101A-88EC-00DD010CCC48} Connessioni di rete
PX5: F7F9A56A007CF701368C1AE01A3E1600E0C02A68
MD5: 4cc28de5620ace4f613b42a4f836dede
Determination: GOOD

c:\windows\system32\credui.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: E886FD9F0056D4F18254029213832F003DEFF647
MD5: 2d68af44b169d033545fa501b9ff4f30
Determination: GOOD

c:\windows\system32\WZCSAPI.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: EBF8733200CD9B7CCA4C0051E7642A0024707F2E
MD5: 28cddfdf8c30d886284f3549c4a8e284
Determination: GOOD

c:\windows\system32\trkwks.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 906F8E37007C9B5A621D011F493B83005C29CC43
MD5: 6c7f265bd43a1d85103ec5cb1251d2b6
Determination: GOOD

c:\windows\system32\sens.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 00AF89660086F69E989700E590F03600F597A8F5
MD5: 688be760c858e347a4e23186b725c86b
Determination: GOOD

c:\windows\system32\srsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F652BD0100BA7CC29C6202A16DDB5500C590261B
MD5: ba4e8ac9a60c4527c969d08f3abe9d36
Determination: GOOD

c:\windows\system32\POWRPROF.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 31AB7E9C00B2127E4485007208C03300950D28C1
MD5: 41ff9d663219a1dd0397fe2c5b09436c
Determination: GOOD

c:\windows\system32\seclogon.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5B80E36F00AA396B4A8300B7E7951D00D7AA4B2D
MD5: 241d074dab2a67d2d7616ce7c8b05650
Determination: GOOD

c:\windows\system32\wbem\wmisvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: CEF9F3BC00C6E32738BF0260919AD800E787713F
MD5: a91acdd987dc3e0e1fcedda6f1ffef2a
Determination: GOOD

C:\WINDOWS\system32\VSSAPI.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: FAEC6BFB002AF8059230067AACCA280087EB5B02
MD5: b590f13f17409970a6994473eb98ef74
Determination: GOOD

c:\windows\system32\browser.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\(default) Browser Customizations
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(default) Personalizzazione del browser
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\(default) Browser Customizations
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(default) Personalizzazione del browser
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\(default) Browser Customizations
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(default) Personalizzazione del browser
PX5: 9CDD0A4F005D0D9D2E6201C807EC76000E0D1CE8
MD5: 72fbf0322be8a0f25ae722fde36ab1e6
Determination: GOOD

c:\windows\system32\wuauserv.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 0799809A00702BD41AB400068A66AC0043C84727
MD5: 4cbb7cc975e5b67022a7f95dfc6ef9ec
Determination: GOOD

C:\WINDOWS\system32\wuaueng.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
MD5: 3eec20e41f5f331b94002970ceaec92f
Determination: GOOD

C:\WINDOWS\System32\WINHTTP.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 8A8FE9C3008B23F25C3905D494C02C00D181B661
MD5: 5b4ec6c0fbacc85430ce3d6ae8563a0d
Determination: GOOD

C:\WINDOWS\System32\Cabinet.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 60605FEC005AB19AEA050033F1225300422702FD
MD5: 4d7708fd334c23e17400ca8327ce3d11
Determination: GOOD

C:\WINDOWS\System32\mspatcha.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 192CF4F3003C31E4769D0029DA080500F7D037E4
MD5: a434e5666a953f6a0406cc99b8b8c6a0
Determination: GOOD

c:\windows\system32\wscsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B11BC224000C550D3E4B01F1618F6300676DF706
MD5: 17f70f4e37452a30c35565052ab68be9
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemcomn.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: 30B285D60040901346F3037FF72C08005C58C30E
MD5: 7db0054945c1c937553f97fa1f1eaffb
Determination: GOOD

C:\WINDOWS\System32\Wbem\wbemcore.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: D34E2BC3004DE1451AED08DF0B2B620026599912
MD5: 2e9b41fdd71fddd9d596cf3fdf0a1fdd
Determination: GOOD

C:\WINDOWS\System32\Wbem\esscli.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: DE687FC600BAAC77C8B4030B6F14AB0094AE7226
MD5: 20938c6d287b27ab3f1fde53ff3507de
Determination: GOOD

C:\WINDOWS\System32\Wbem\FastProx.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: AEBA61B800E4BC9A34F5075F66FDAB005D1447F9
MD5: fc9f0b7216d087f9502ece38439ae144
Determination: GOOD

C:\WINDOWS\system32\wbem\wmiutils.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 0BDBA5A5000A6748803F0102F9279500D2C1C9B2
MD5: bc664c7546ef5c1a5712e7b48af24741
Determination: GOOD

C:\WINDOWS\system32\wbem\repdrvfs.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: DAAC922100087395B4C8026D60ACD300B870E129
MD5: 41b4ed9f8d444ce09b6a1fe76ae22040
Determination: GOOD

C:\WINDOWS\system32\wbem\wmiprvsd.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: DCBBBE7700F574BEAC5B06A359C30800D52199FA
MD5: d110a8cde08cc1d346814c814d32f2ed
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemess.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 57BC20470030CEBC2E7C0420B5413100E2A61178
MD5: 1c4c78b5943ae143513dd1522e14926a
Determination: GOOD

C:\WINDOWS\system32\comsvcs.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: ED0A598E00540BAB56A9139D5AFF60002DA225EE
MD5: 9c38b58fdd3ffbe7ed90b5936cce3784
Determination: GOOD

C:\WINDOWS\system32\colbact.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: A0B0F9B500ACD436ECA70034F32E2C001398A8B7
MD5: a9126ecb8bca406d6df60bec11af594a
Determination: GOOD

C:\WINDOWS\system32\MTXCLU.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 66978F8E0092BC0304EB01E29B925900A2E75CFB
MD5: 7c5986b94eee98cf0a0f5eae44912e5e
Determination: GOOD

C:\WINDOWS\system32\WSOCK32.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 2C097C2B007169C960BA0014DCE7CC0038229E38
MD5: 3bd93201e3afa5a0660c793a4bdae773
Determination: GOOD

C:\WINDOWS\System32\CLUSAPI.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F4F4A6AD001EC8C1E2C500B4FE61840054C0DDE3
MD5: c3b4cfba8936d0af25d5391f53f2da91
Determination: GOOD

C:\WINDOWS\System32\RESUTILS.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6DFA47A500DAF26FE68800D61F5B31009BB0B65D
MD5: cad4191048f595a794e14cee31db06fd
Determination: GOOD

c:\windows\system32\ipnathlp.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP\DllName ipnathlp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY\DllName ipnathlp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP\DllName ipnathlp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323\DllName ipnathlp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT\DllName ipnathlp.dll
PX5: 89882A6E0030CF0B12CE052A40AAE5009F9198F9
MD5: 1da364fa673e18bc1de8f5cdf3657dbd
Determination: GOOD

c:\windows\system32\tapisrv.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 77B7DE3500985E80CE7503E2DF55BE00B03FFDDD
MD5: 3a4c429f316c510c3e4c5f2fc7372c26
Determination: GOOD

C:\WINDOWS\system32\wbem\ncprov.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 28C2B58B00AC779DB8320092176FE400CB94678D
MD5: 1b8923492b022438764dcf6bd8b0efa9
Determination: GOOD

c:\windows\system32\rasmans.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6AC5343500463BCBC43C0233B0575500AE7EBADF
MD5: 6686c0c8b47618414215fc184972c69e
Determination: GOOD

c:\windows\system32\netcfgx.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 4F8DF8B4009990EE9C82091CBF6CD600CD59067D
MD5: ab06350510c1f68c7202703480f6ff17
Determination: GOOD

C:\WINDOWS\system32\upnp.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5CC09E6000F77B62063F026310FD670014E0CF2C
MD5: 7e7491c2cf7a0781c0004d2c5be71bc4
Determination: GOOD

C:\WINDOWS\system32\SSDPAPI.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B458C80C0094BE55886700FEA91CE300F0D01D10
MD5: 4ea31d2858780ddb446a9dc9b2d23c3d
Determination: GOOD

C:\WINDOWS\System32\rastapi.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 699D459D008C3BC6E634009735DEBF004B936485
MD5: f4de764732e8f6028bb18aadd4912317
Determination: GOOD

C:\WINDOWS\System32\unimdm.tsp
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: BFCEE8FF0036A1F42CB803103A63E10078271DF9
MD5: 12c9c630fd867446d8b846c28454a45f
Determination: GOOD

C:\WINDOWS\System32\uniplat.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: D4A3FA58003A460436E500FC8F082200CAF4CCCF
MD5: 8bc01cbcdc4345a7367f2edcbaa4a07f
Determination: GOOD

C:\WINDOWS\System32\kmddsp.tsp
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: C200FF390086F832824F0082C924C70039E73BB5
MD5: 516447bbb1a13f72e98989580eeaeb36
Determination: GOOD

C:\WINDOWS\System32\ndptsp.tsp
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 9787C23000D76D69E07F0030C6CACA005BA7ED34
MD5: ff5cbcadd5833b484c773f7df16f13bf
Determination: GOOD

C:\WINDOWS\System32\ipconf.tsp
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: BB9887B4006414FA44B900C28BC43200412916D4
MD5: 4e2f02e1ba55160806ad42fee296f8b2
Determination: GOOD

C:\WINDOWS\System32\h323.tsp
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 72FD790F00B8268510FF046EA54C6E0080B1B5D1
MD5: ea96018804feb47c384efdb3d07e7eb9
Determination: GOOD

C:\WINDOWS\System32\hidphone.tsp
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 578102E800C1441976DD00BD8619300083827C0B
MD5: ea5c2c1f5f74a5660fb0f72e63861030
Determination: GOOD

C:\WINDOWS\System32\HID.DLL
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
PX5: 551CD37300F70F6C527C0010EC920400B756D4FA
MD5: 3b4e115a33a2bff0d74792d572f448dd
Determination: GOOD

C:\WINDOWS\System32\rasppp.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 69B8011C006A35C426B80310309570000552A536
MD5: 4a48edcab3b97997055ac533cafdb501
Determination: GOOD

C:\WINDOWS\System32\ntlsapi.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 182944C0006C52E520B8003B3C2E0700820D2E78
MD5: 8ed1589d9a626027e4faf24c149860e6
Determination: GOOD

C:\WINDOWS\System32\RASDLG.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 289AD96400BB9C934C7F0AD56A0D5500E683D618
MD5: d52a1298d47fa8652b30451855265f94
Determination: GOOD

C:\WINDOWS\system32\wups2.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8F8648A158D15CF4A9FE004434B05300230EE2A8
MD5: ceb1bd87fbcb5984bdf7dc0991a060b5
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemsvc.dll
Loaded into: C:\WINDOWS\System32\svchost.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: 25397BDF00757EBFAAF700E3ED2B7800B9284F1B
MD5: dd3e1e96ea769c31936d9b09f9137954
Determination: GOOD

c:\windows\system32\dnsrslvr.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 3AB739DC00686EC6B26F00A3B54A4300F767B865
MD5: 1a4ccb390093d1a6f0eec063f44aff31
Determination: GOOD

c:\windows\system32\lmhsvc.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 050B19680015AAE33629000A173BF5000631D061
MD5: 6e008b7eb9b67d555b5ee1c1091f3a7e
Determination: GOOD

c:\windows\system32\webclnt.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: F49C6F7000D3BB7B0AFE01B9E6A55A009E654432
MD5: 83ed24c34250afab1e55deb3d8d7ec1a
Determination: GOOD

c:\windows\system32\alrsvc.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 811BE0600048486C442300065BDCFA002D3B3F47
MD5: ad78b916b3cb2b7bca9503b929e534b9
Determination: GOOD

c:\windows\system32\ssdpsrv.dll
Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: EFEEB4A70072CCE218E201A90823060000AE77FB
MD5: 1fbf38a525eedd7402bfa7e27236a64f
Determination: GOOD

C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\aawservice\ImagePath "C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe"
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aawservice\ImagePath C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
PX5: AF411CD55876B80DF55108F535234300A8CED3FC
MD5: 25f8546fd40e40ec5a2a23aecae4fdca
Determination: GOOD

C:\Programmi\Lavasoft\Ad-Aware 2007\CEAPI.dll
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
PX5: B9A9A350683F4CC015C40B004D1B0100CE760A0A
MD5: c0f9af85dca4255230cac674319664f9
Determination: GOOD

C:\Programmi\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
PX5: EAE5B01648BD2BEBB736099BCB24C600CD615AD8
MD5: 38f44d249b3980ce4e49bf96b0070fa9
Determination: GOOD

C:\Programmi\Lavasoft\Ad-Aware 2007\Update.dll
Loaded into: C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
PX5: 37445B8260863790053A08EE7CC64800F452D75D
MD5: b824fe787de262a9f003f3ca8efc079d
Determination: GOOD

C:\WINDOWS\explorer.exe
Loaded into: C:\WINDOWS\explorer.exe
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Explorer.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(default) Internet Explorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}\(default) Internet Explorer Help
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\(default) Internet Explorer Setup Tools
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\(default) Internet Explorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}\(default) Internet Explorer Core Fonts
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(default) Internet Explorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}\(default) Internet Explorer Help
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\(default) Internet Explorer Setup Tools
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\(default) Internet Explorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}\(default) Internet Explorer Core Fonts
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(default) Internet Explorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}\(default) Internet Explorer Help
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\(default) Internet Explorer Setup Tools
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\(default) Internet Explorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}\(default) Internet Explorer Core Fonts
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}\(default) Internet Explorer Zonemapping
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\(default) Internet Explorer Branding
PX5: 5F224AD100F73BC6CEBA0FDC56B8E400769BB8AE
MD5: 7e2817a623e16f830b660f81c0fd63da
Determination: GOOD

C:\WINDOWS\system32\BROWSEUI.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E6AB780-7743-11CF-A12B-00AA004AE837} Barra degli strumenti Microsoft Internet
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{22BF0C20-6DA7-11D0-B373-00A0C9034938} Stato del download
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91EA3F8B-C99B-11d0-9815-00C04FD91972} Shell Folder accresciuto
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6413BA2C-B461-11d1-A18A-080036B11A03} Shell Folder 2 accresciuto
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F61FFEC1-754F-11d0-80CA-00AA005B4383} BandProxy
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BA4C742-9E81-11CF-99D3-00AA004AE837} Microsoft BrowserBand
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21569614-B795-46b1-85F4-E737A8DC09AD} Shell Search Band
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{169A0691-8DF9-11d1-A1C4-00C04FD75D13} Ricerca all'interno
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AF4F6510-F982-11d0-8595-00AA004CD6D8} Utilit. opzioni della struttura del Registro di sistema
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01E04581-4EEE-11d0-BFE9-00AA005B4383} &Indirizzo
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A08C11D2-A228-11d0-825B-00AA005B4383} Address EditBox
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00BB2763-6A77-11D0-A535-00C04FD7D062} Shell Microsoft AutoComplete
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6756A641-DE71-11d0-831B-00AA005B4383} Elenco di Completamento automatico MRU
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} Elenco di Completamento automatico MRU personalizzato
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7e653215-fa25-46bd-a339-34a2790f3cb7} Accessibile
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{acf35015-526e-4230-9596-becbe19f0ac9} Indicatore di avanzamento popup
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00BB2764-6A77-11D0-A535-00C04FD7D062} Elenco di Completamento automatico della Cronologia di Microsoft
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{03C036F1-A186-11D0-824A-00AA005B4383} Elenco di Completamento automatico di Shell Folder di Microsoft
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00BB2765-6A77-11D0-A535-00C04FD7D062} Contenitore dell'elenco di Completamento automatico multiplo Microsoft
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECD4FC4E-521C-11D0-B792-00A0C90312E1} Shell Band Site Menu
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} Shell DeskBarApp
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECD4FC4C-521C-11D0-B792-00A0C90312E1} Shell DeskBar
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECD4FC4D-521C-11D0-B792-00A0C90312E1} Shell Rebar BandSite
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DD313E04-FEFF-11d1-8ECD-0000F87A470C} Assistenza utente
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} Impostazioni cartella globale
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{07798131-AF23-11d1-9111-00A0C98BA67D} Ricerca Web
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7376D660-C583-11d0-A3A5-00C04FD706EC} TridentImageExtractor
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{438755C2-A8BA-11D1-B96B-00A0C90312E1} Precaricatore Browseui
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8C7461EF-2B13-11d2-BE35-3078302C2030} Daemon di cache delle categorie di componenti
Loaded from: \REGISTRY\User\S-1-5-21-1220945662-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} .......
PX5: A985FE4A00CC85E09C9B0F9938302100F7A0248C
MD5: 4e064d04280687f052d22346411a754a
Determination: GOOD

C:\WINDOWS\system32\SHDOCVW.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} Set Program Access and Defaults
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} Cerca
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} Guida in linea e supporto tecnico
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} Guida in linea e supporto tecnico
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} Esegui...
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} Internet
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} Posta elettronica
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D20EA4E1-3957-11d2-A40B-0C5020524152} Tipi di carattere
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D20EA4E1-3957-11d2-A40B-0C5020524153} Strumenti di amministrazione
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFA24E61-B078-11d0-89E4-00C04FC9E26E} Favorites Band
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFA24E62-B078-11d0-89E4-00C04FC9E26E} History Band
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A89A860-D7B1-11CE-8350-444553540000} Shell Automation Inproc Service
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} Microsoft Browser Architecture
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{131A6951-7F78-11D0-A979-00C04FD705A2} ISFBand OC
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9461b922-3c5a-11d2-bf8b-00c04fb93661} Search Assistant OC
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} Schermata iniziale applicazioni Internet Explorer 4
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67EA19A0-CCEF-11d0-8024-00C04FD75D13} CDF Extension Copy Hook
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFA24E64-B078-11d0-89E4-00C04FC9E26E} Explorer Band
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\CDF\(default) {67EA19A0-CCEF-11d0-8024-00C04FD75D13}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\CDF\(default) {67EA19A0-CCEF-11d0-8024-00C04FD75D13}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}\BarSize
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\CLSID {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
PX5: 404CC899004D0A30DEA416BC60F18800EEB79F58
MD5: 94b5e4d30b056ede569135d106b5ec4c
Determination: GOOD

C:\WINDOWS\system32\themeui.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\StubPath %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41E300E0-78B6-11ce-849B-444553540000} PlusPack CPL Extension
PX5: BAC50787005D6D22F49E05A57642CD002A91E075
MD5: 0f7bfe3ef3fc33fd598427c015bb8b5d
Determination: GOOD

C:\WINDOWS\system32\MSIMG32.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: CB413D4600B070AF127100D0C427CA00FD59EFF9
MD5: 51f309aa675b5b77d19c573b7e0bb253
Determination: GOOD

C:\WINDOWS\system32\msutb.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
PX5: 7A3AA486004261ECFC5902E8FBAFDA00B6B25BB1
MD5: fc6c38a1249d86fc62f72c8a5e3379db
Determination: GOOD

C:\WINDOWS\system32\MSCTF.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 64563C73008EB95E7EDD046B94EDCE00A3D588EB
MD5: 5d2f1beea828b4951f550bade794c1ef
Determination: GOOD

C:\WINDOWS\system32\ntshrui.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40dd6e20-7c17-11ce-a804-00aa003ca9f6} Estensioni shell per la condivisione
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} Estensioni shell per la condivisione
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Sharing\(default) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Sharing\(default) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\Sharing\(default) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\Sharing\(default) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\Sharing\(default) {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\Sharing\(default) {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
PX5: 5EB8DF8A0005A80F3870025CC8B2C100D6ECC82F
MD5: 64e0c77faf1a30547739580eb5f3aacf
Determination: GOOD

C:\WINDOWS\system32\LINKINFO.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 87EB2C9D005DD1A14E450046E4D6CC0014CFCDB6
MD5: b737a3da2c0a605ce2c7e118c59f38c7
Determination: GOOD

C:\WINDOWS\system32\ieframe.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30D02401-6A81-11d0-8274-00C04FD5AE38} IE Search Band
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3028902F-6374-48b2-8DC6-9725E775B926} IE AutoComplete
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} Shell DocObject Viewer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FBF23B40-E3F0-101B-8488-00AA003E56F8} InternetShortcut
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C374A40-BAE4-11CF-BF7D-00AA006946EE} Microsoft Url History Service
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF393560-C2A7-11CF-BFF4-444553540000} History
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BD29E00-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BD29E01-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Microsoft Url Search Hook
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} The Internet
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{871C5380-42A0-1069-A2EA-08002B30309D} Internet Name Space
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{07C45BB1-4A8C-4642-A1F5-237E7215FF66} IE Microsoft BrowserBand
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1C1EDB47-CE22-4bbb-B608-77B48F83C823} IE Fade Task
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{205D7A97-F16D-4691-86EF-F3075DCCA57D} IE Menu Desk Bar
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43886CD5-6529-41c4-A707-7B3C92C05E68} IE Navigation Bar
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44C76ECD-F7FA-411c-9929-1B77BA77F524} IE Menu Site
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B78D326-D922-44f9-AF2A-07805C2A3560} IE Menu Band
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6038EF75-ABFC-4e59-AB6F-12D397F6568D} IE Microsoft History AutoComplete List
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} IE Tracking Shell Menu
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CF48EF8-44CD-45d2-8832-A16EA016311B} IE IShellFolderBand
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73CFD649-CD48-4fd8-A272-2070EA56526B} IE BandProxy
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} IE MRU AutoComplete List
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} IE RSS Feeder Folder
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} IE Microsoft Shell Folder AutoComplete List
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B31C5FAE-961F-415b-BAF0-E697A5178B94} IE Microsoft Multiple AutoComplete List Container
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} Microsoft Browser Architecture
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} IE Shell Rebar BandSite
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6EE9AAC-F76B-4947-8260-A9F136138E11} IE Shell Band Site Menu
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F2CF5485-4E02-4f68-819C-B92DE9277049} &Links
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} IE Registry Tree Options Utility
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} IE User Assist
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} IE Custom MRU AutoCompleted List
Loaded from: \REGISTRY\User\S-1-5-21-1220945662-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F2CF5485-4E02-4F68-819C-B92DE9277049} ...
Loaded from: \REGISTRY\User\S-1-5-21-1220945662-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
PX5: 80FF001F00BC956A8E265C97707B3100C8F7B51A
Determination: GOOD

C:\WINDOWS\system32\urlmon.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 59E5374400CBA3B5B29411BB86458F00D1ED28BD
MD5: 016d9dd7e345774490e0a02c83b04161
Determination: GOOD

C:\WINDOWS\system32\MLANG.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: A0FB8BA50045A9FEF20208062C04B3005F96B032
MD5: f036bc2525f8701628abb0a550c1c692
Determination: GOOD

C:\WINDOWS\system32\webcheck.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} WebCheck
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} Subscription Mgr
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5175861-2688-11d0-9C5E-00AA00A45957} Subscription Folder
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08165EA0-E946-11CF-9C87-00AA005127ED} WebCheckWebCrawler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} WebCheckChannelAgent
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} TrayAgent
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D559C10-9FE9-11d0-93F7-00AA0059CE02} Code Download Agent
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} ConnectionAgent
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8BD2030-6FC9-11D0-864F-00AA006809D9} PostAgent
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} WebCheck SyncMgr Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
PX5: DC888BD0002374D38EC7039DABB2550046ED2416
MD5: b8341dcd72b228ea60f7a96567413f45
Determination: GOOD

C:\WINDOWS\system32\stobject.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153}
PX5: 54D80CDC00F43E2DDE26016C15CB850052548DBB
MD5: 6474c3d1c136c60291b8a5ee9ed1735b
Determination: GOOD

C:\WINDOWS\system32\BatMeter.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 73074F1200F9F02570C400FC5F48D3002E4325D8
MD5: 66db9d9ca443d7c8c9222bff72f61acf
Determination: GOOD

C:\WINDOWS\system32\WPDShServiceObj.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
PX5: 7176B495005E12B50A520234E7E1AF00FB8DD268
MD5: 045e228f71c31901084b64be59093499
Determination: GOOD

C:\WINDOWS\system32\mydocs.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECF03A33-103D-11d2-854D-006008059367} MyDocs Copy Hook
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECF03A32-103D-11d2-854D-006008059367} MyDocs Drop Target
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4a7ded0a-ad25-11d0-98a8-0800361b1103} MyDocs Properties
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\MyDocuments\(default) {ECF03A33-103D-11d2-854D-006008059367}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\MyDocuments\(default) {ECF03A33-103D-11d2-854D-006008059367}
PX5: 57E2829600BA664D643501A4D8468A0095362A02
MD5: 0e34ad97f42004e23da845ff4f822090
Determination: GOOD

C:\WINDOWS\system32\PortableDeviceTypes.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 79585FF4007031758CF802904E46EE00DF2F75D4
MD5: 22358578cb321f3325496a3723029409
Determination: GOOD

C:\WINDOWS\system32\PortableDeviceApi.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 413BE4C6002C530256CD0467F46CFA0079ACDAE6
MD5: 9d45b2201d0ecf9f42136c7b99deb8b2
Determination: GOOD

C:\WINDOWS\System32\drprov.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: BB8EDCE2008403A638800074FD083400905C26EC
MD5: 4f32c69e05ae35fc609218e94b0df5d9
Determination: GOOD

C:\WINDOWS\System32\ntlanman.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: FCEBCD7A009905FEAA4200960455950080D2A1BD
MD5: d72c81e7f4986beb202813fc743af8d7
Determination: GOOD

C:\WINDOWS\System32\NETUI0.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 074187360063FEE5400A014D6C2C430053ABE349
MD5: 9fe57c0551c88667b8fbde49bd399144
Determination: GOOD

C:\WINDOWS\System32\NETUI1.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: A4DAD8A200850E09C097034C744E770099F86FBA
MD5: a5ca0066df5a68d4a7403f2e32d620d8
Determination: GOOD

C:\WINDOWS\System32\NETRAP.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: B3940B1900334CEB30F300847BE9340024D302E6
MD5: e7fc69c00bebc04daef86071822b2b89
Determination: GOOD

C:\WINDOWS\System32\davclnt.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 5E0DDE0C0099E131624800B42D603500DF9BC5AA
MD5: fa5791230a59dcc0f1bb0b0a193375a7
Determination: GOOD

C:\WINDOWS\system32\browselc.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: EA63F88500B471270C9A01309A4A800054BE305C
MD5: 03163d2cd97c11514f29987971f50a13
Determination: GOOD

C:\WINDOWS\system32\jscript.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: FA885F76005A710A80BB072BB1453100D393DD16
MD5: 194d61a029411cc83011181d6e818600
Determination: GOOD

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: D581665A000C981EC0E1044D188D40005CCA75A7
MD5: 25faf84103db2f272835337a4391173c
Determination: GOOD

C:\WINDOWS\system32\DUSER.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 576588D800DB533AA46504C81FA1F900F6700574
MD5: 0e316ff410e9a5bca1bd1794dece800f
Determination: GOOD

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(default) PDF Column Info
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(default) PDF Column Info
PX5: 8C22B1270080452CB0520538F9A2700042807472
MD5: 2094bc9a0fc9c0e15eea5f4a9581dd14
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 6C82A3A300EB8CD49022098E20538200F3E7F8FE
MD5: 055309c927def2f09305ed0f3065cf66
Determination: GOOD

C:\WINDOWS\system32\DSOUND.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: E5087FD800F9DAEF9CF20543474A2400CFECBDBE
MD5: e99a5df2a937580361d6c698e4620dba
Determination: GOOD

C:\WINDOWS\system32\xpsp1res.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 586C266C0018A99DFAAF02D1EC39AF0035C41049
MD5: 05bdeb0b9e46d4fd45aec3f14d2bcc98
Determination: GOOD

C:\WINDOWS\system32\shdoclc.dll
Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 552F282A005B9932A4DA08FB1D53CE00D5EAFBF4
MD5: 9373e3b36edbb58dcacc106530105954
Determination: GOOD

C:\WINDOWS\system32\actxprxy.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 007947C1003133828EF901D865E09C00F6A66BF3
MD5: cac8ce72845461a8c6818071d923fc89
Determination: GOOD

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(default)
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(default)
PX5: 43FC1F718034B0CAF2E7007A2CAFD0009BF22C42
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a
Determination: GOOD

C:\WINDOWS\system32\msxml3.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 60B20BB200F84299DCAB10FF374BBC00797C1A91
MD5: f95e644f65d439d2f9122d52f0321327
Determination: GOOD

C:\Programmi\a-squared Free\a2freecontmenu.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A155339D-CCCD-4714-85EB-3754B804C9DF} a-squared Free Shell Extension
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\a-squared Free Shell Extension\(default) {A155339D-CCCD-4714-85EB-3754B804C9DF}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\a-squared Free Shell Extension\(default) {A155339D-CCCD-4714-85EB-3754B804C9DF}
PX5: 2DC32EDD909DF5714C2B03139648A400FFC160C8
MD5: 80bef750167f69aeeeebc229e37fdcc3
Determination: GOOD

C:\Programmi\WinZip\WZSHLSTB.DLL
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79304-84BE-11CE-9641-444553540000} WinZip
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79305-84BE-11CE-9641-444553540000} WinZip
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79306-84BE-11CE-9641-444553540000} WinZip
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79307-84BE-11CE-9641-444553540000} WinZip
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip\(default) {E0D79304-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip\(default) {E0D79304-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\WinZip\(default) {E0D79304-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\WinZip\(default) {E0D79304-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip\(default) {E0D79304-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip\(default) {E0D79304-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\WinZip\(default) {E0D79305-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\WinZip\(default) {E0D79305-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\DragDropHandlers\WinZip\(default) {E0D79305-84BE-11CE-9641-444553540000}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\DragDropHandlers\WinZip\(default) {E0D79305-84BE-11CE-9641-444553540000}
PX5: CB01E04D0033B422148C0065AABE9500133E3FD6
MD5: 66da6f6a67d238721a3fceb70c8dc2d0
Determination: GOOD

C:\Programmi\WinRAR\rarext.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR shell extension
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\DragDropHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\DragDropHandlers\WinRAR\(default) {B41DB860-8EE4-11D2-9906-E49FADC173CA}
PX5: BFED230D00F22383FACB01C836A6D800303230B6
MD5: 0e511e80330a5a29b1069acf6cb67935
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgse.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG7 Shell Extension
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} AVG7 Find Extension
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension\(default) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension\(default) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(default) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(default) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
PX5: F9F3CE2B006E4BABC6AA009F1D03DF00B7FB4F13
MD5: 36687e123d87f468e33abf11e5dd0797
Determination: GOOD

C:\WINDOWS\system32\MSVCP71.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
MD5: 561fa2abb31dfa8fab762145f81667c2
Determination: GOOD

C:\WINDOWS\system32\MSVCR71.dll
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
MD5: 86f1895ae8c5e8b17d99ece768a70732
Determination: GOOD

C:\WINDOWS\system32\msadp32.acm
Loaded into: C:\WINDOWS\Explorer.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm msadp32.acm
PX5: 9896734D003A7B4A3AD6001B2D129300C6CAD27F
MD5: 147ba07670fa18d112d631b9eec2ca21
Determination: GOOD

C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded into: C:\WINDOWS\system32\spoolsv.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Spooler\ImagePath %SystemRoot%\system32\spoolsv.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler\ImagePath C:\WINDOWS\system32\spoolsv.exe
PX5: 1DCDB07A00179F65E28700A02CD4BA00B29C7A8B
MD5: da81ec57acd4cdc3d4c51cf3d409af9f
Determination: GOOD

C:\WINDOWS\system32\SPOOLSS.DLL
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: EEC4C153008FC3AA248101F4B2E71800601A2E7A
MD5: dd90c59ef82d6cde5886b595ca8d8d8a
Determination: GOOD

C:\WINDOWS\system32\localspl.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 4416D740002AA3683E4E05C1EF102900643A9BD8
MD5: d5882abf5f3652acbf36c882ea4dc9a8
Determination: GOOD

C:\WINDOWS\system32\cnbjmon.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: ADFEA2D500C13C76C238009F710B75002AA8B844
MD5: a2660003f73982579ebfef1f6c2f6234
Determination: GOOD

C:\WINDOWS\system32\CNAB4LMK.DLL
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 86979E6100623DB170F000C09AA47800BEF488B7
MD5: d8c8ae41d9605fd7964ba2a9b0b40917
Determination: GOOD

C:\WINDOWS\system32\CNAB4SMK.DLL
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: C644E46C00798CBB00E20167640470004A23A82E
MD5: 972ba1fd4d60ce015b75b736d7a17161
Determination: GOOD

C:\WINDOWS\system32\CNAB4PTU.DLL
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 7513467700BFF5D470E90002830DEC00E570DC5A
MD5: b77f6d8a0f249fac0408875a4831e43f
Determination: GOOD

C:\WINDOWS\system32\pjlmon.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 84CFC62400E584133C01005DDEFEF70074DE7C99
MD5: bbd335eeabda429e2a4a401ae977accc
Determination: GOOD

C:\WINDOWS\system32\tcpmon.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 4DB1307F00B38383B4DE0091A261F900D73B20B9
MD5: 1417745d9156eed7c8b871a3f8a8f56d
Determination: GOOD

C:\WINDOWS\system32\usbmon.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 355B55CF00434C1C429F0037D7A64900612AB6C2
MD5: 1ae1cda7f68b0a8603a3117ae5f00b03
Determination: GOOD

C:\WINDOWS\system32\win32spl.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 3EE5A7330005B84D903F019D6D465800D7DE2821
MD5: 660e56bc8c253b5b47dcc6560ccd62da
Determination: GOOD

C:\WINDOWS\system32\inetpp.dll
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 84746D7B00F17DE826600104529E590058DFB441
MD5: be4ff5fbbc55dc3c2445377c50497f1f
Determination: GOOD

C:\WINDOWS\system32\CNAB4EMU.DLL
Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 00ECFDE5000041C8105E029FCBD5F80016C5FD18
MD5: db4889cb32eb8361c3070652e4be874c
Determination: GOOD

C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
Loaded from: FILE
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\WINDOWS\system32\sensapi.dll
Loaded into: C:\WINDOWS\SiSUSBrg.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 945479A500423FB71A9A004C020A3B0024ABF6B3
MD5: 344e594bb748d4f828211a7c9cea0829
Determination: GOOD

C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded into: C:\WINDOWS\SOUNDMAN.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan SOUNDMAN.EXE
PX5: 74AE809600E4CF0F3014015B9E71B600099F352F
MD5: ff86e640e4e0fd18cfb4696b38867222
Determination: GOOD

C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded into: C:\WINDOWS\system32\ctfmon.exe
Loaded from: \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE
Loaded from: \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE
Loaded from: \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE
Loaded from: \REGISTRY\User\S-1-5-21-1220945662-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
Loaded from: \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE
PX5: 7BE460C100E5509F3C0D00F14B5A510097B91217
MD5: 5b33b4265966ee063c7fbea28958d9c2
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Avg7Alrt\ImagePath C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7Alrt\ImagePath C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: 21DE92A5001AF2AB64A906625DE519006365E2D7
MD5: 3c7b93f947355e374a49564d0d017b7b
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgklib.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 0905B47E00DB8F4AF0C200D2E1793900305E89E0
MD5: d756dc41effaad294c858e94b4a11bd2
Determination: GOOD

C:\WINDOWS\system32\SHFOLDER.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 209DE55C009ABDE8627700E93AF07200F7058D40
MD5: 8b205eb92b49d10055427365065357e8
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avglog.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: D7A89D52008854C89AC801A4B599270028FCA248
MD5: c935b33cb471db79a42b81276a8d0934
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgcfg.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 9E42292C0097D465BE5108AD760F6200DA2B1CA8
MD5: ee3201bf942fb000b8c98a6ceb9c4105
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemprox.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: 118AA1B200D76A754A3B0017C7664600A1463C19
MD5: cece259d273771497d2c96c8121d9c58
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avglng.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 4ECED89B00CF9794E450009CD16D5500FFF988A8
MD5: 1c8526edbce5499eb5722bed0a14b97c
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgamint.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: A536B0BE00B629273EE50492BB140A00FFE4E0D0
MD5: a487a2bdc8ef099cede6dafe7b5525ce
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgamsps.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgamsvr.exe
PX5: 1A773CF4006542552A8400BB017FF80037C5472C
MD5: bd30b82a0364670e95ddbee7902290c9
Determination: GOOD

C:\Programmi\WinZip\WZQKPICK.EXE
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
Loaded from: FILE
PX5: 2A4B7DC40080E1AAD09F0108BE8AF00084B00758
MD5: bb272e4a58c563ebf40f8cb1173da1da
Determination: GOOD

C:\WINDOWS\system32\hhctrl.ocx
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
PX5: D3B0A24B002675A156C508DBC9824800F99F525D
MD5: 13efcc088ed364a8d3410ff495b8f4d7
Determination: GOOD

C:\WINDOWS\system32\mui\0010\hhctrlui.dll
Loaded into: C:\Programmi\WinZip\WZQKPICK.EXE
PX5: BA28999700DF7F81607B01C7951F4A005B77C7B8
MD5: 126a1b4a38bdeeb1cdf0e06e5a547669
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Avg7UpdSvc\ImagePath C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7UpdSvc\ImagePath C:\Programmi\Grisoft\AVG Free\avgupsvc.exe
PX5: FB2D0C8C0030CE48C28B00B9473117008F2553BE
MD5: 30a14f65db477dc00a64a5a24e96919c
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AVGEMS\ImagePath C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AVGEMS\ImagePath C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 4A5FE9A4007E299F34A8065593279900431C83BC
MD5: fc0b2ae890bb0dc8c2306dabedc8a4ba
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\libsasl.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 56A03C6100B1FC62B41D00F6BE532A00B5BC37DD
MD5: 694a11e643c8d3d27bfa8fc770990750
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgscan.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 9F98A5910034E47FFE310562123AEF009D040066
MD5: 3a68865b43c361a227b9bd8da49e71e4
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgunarc.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 94CC112C000ECAA6EC0102379DE66800C3E8D4CB
MD5: e5d4edfbe5c6ec8b5ffe2cfcdc6da880
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\saslcrammd5.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 2C96C31E00B5E01E287D004D2BD0C00035A197BB
MD5: 093fd00e5cb80fe7e8decc67758ce341
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\sasldigestmd5.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 3EB7F743003CE1316CB600F23AA81000625F6143
MD5: f23d9f906d761f2e3332a4119f5aeeca
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\sasllogin.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: AEF045C8000B3B71248500311400D200C8CABD07
MD5: 01ff0dcdb9568cc16fa2751b904a9c19
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\saslplain.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 7701885500D5F013240C00DCBB2227008E609439
MD5: 7c6632ff007383428033ef5d21074cce
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgmail.dll
Loaded into: C:\Programmi\Grisoft\AVG Free\avgemc.exe
PX5: 810EAF1A00F9191334950279EB43610032372599
MD5: 3418cb457423454ba22ee56872932d18
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded into: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MDM\ImagePath "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MDM\ImagePath C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
PX5: D8A5ED2B00D9D087203B0483D1FD6A00B7FAB103
MD5: 8ab250dd3552164f7fc16c6c74096192
Determination: GOOD

C:\WINDOWS\system32\alg.exe
Loaded into: C:\WINDOWS\system32\alg.exe
Loaded into: C:\WINDOWS\System32\alg.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ALG\ImagePath %SystemRoot%\System32\alg.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG\ImagePath C:\WINDOWS\System32\alg.exe
PX5: A1E5D90F00A84BB2AEC200E087F3A200AB0BF90E
MD5: d4a42bf3c11302aa3ccd857034ef1e54
Determination: GOOD

C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
Loaded into: C:\WINDOWS\system32\CNAB4RPK.EXE
PX5: 2795624100595C0EE0BC00C04AF8D60059DA704C
MD5: b0c2c7180063782c5dd6f84b9c1b359a
Determination: GOOD

C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8FEE32AE58BBA23ACF080068F5F6DC003A478EA6
MD5: f3e9065eb617a7e3a832a7976bfa021b
Determination: GOOD

C:\WINDOWS\system32\wucltui.dll
Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8A679F0A58AB3095F90D0438786EDD00EE35BF28
MD5: 41685c36447a4d8030c39b287c6f2503
Determination: GOOD

C:\Programmi\a-squared Free\a2service.exe
Loaded into: C:\Programmi\a-squared Free\a2service.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\a2free\ImagePath "C:\Programmi\a-squared Free\a2service.exe"
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a2free\ImagePath C:\Programmi\a-squared Free\a2service.exe
PX5: 261F85B07012BE24983C05D5921854007AC7A1F6
MD5: ba5e0d7b806c94ec73456754f96263af
Determination: GOOD

C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 55CD1F6B00EC74268A63091AA4D14C00941221C8
MD5: e854d02e4231f704d9be782a424e6d8b
Determination: GOOD

C:\WINDOWS\system32\IEUI.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: D0F6CF36001F9714C22802861E743B00CD0093F8
MD5: 28f5b835472a62b13ad54663c645191d
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: EEECA2A200AE193420E61AFE5130B8009DDBAA0F
MD5: 100136f3c317b3fbffd33b9409aed1c3
Determination: GOOD

C:\WINDOWS\system32\xmllite.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: DBDBF6F300FC6405DCA0019FAEEF2800153F1E93
MD5: 215422272bbadd7dda57d0372062d293
Determination: GOOD

C:\WINDOWS\system32\msimtf.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 84310A0800BF02296E1202C6BE073C009D305F2B
MD5: e41d5bbed01edd653dfbe699c8b77fbf
Determination: GOOD

C:\Programmi\Microsoft Office\Office10\msohev.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42042206-2D85-11D3-8CFF-005004838597} Microsoft Office HTML Icon Handler
PX5: 131D104EA043137C350C01DA7538A900EA1A19DB
MD5: 72a0df237f9118f18ad136e99266e816
Determination: GOOD

C:\Programmi\Internet Explorer\ieproxy.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 34FDA5BC00E33FFA64210444AC259B00288399D3
MD5: ca9b8fb2015266f22368b006bcc69990
Determination: GOOD

C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ClsidExtension {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
PX5: BEEC7CE7903A1989A51C07665627A3001B1EF486
MD5: d787e3123fad2bd58ab45b9a5c360acd
Determination: GOOD

C:\Programmi\Java\jre1.6.0_03\bin\MSVCR71.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
MD5: 86f1895ae8c5e8b17d99ece768a70732
Determination: GOOD

C:\WINDOWS\system32\mshtml.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 1E67EAAA0084045ECA183644A858060077537E4F
Determination: GOOD

C:\WINDOWS\system32\msls31.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 06578F3600BE0A1C62E3026806CB9A00A1DAF899
MD5: 2d15e1c7cd0bc1a9b7f9660e39a0ce3e
Determination: GOOD

C:\WINDOWS\system32\ieapfltr.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded into: C:\Programmi\Internet Explorer\IEXPLORE.EXE
PX5: 2AA8E66700D45015DA0405BA0AC2BD00C1E36DF7
MD5: b514cf4d59cc0abf25c9038d66591c4a
Determination: GOOD

C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: AC7D9039E8DC159C982F2272AE11B50008E4D442
MD5: b01e2a41389fba42b7b5a026ea88c9b7
Determination: GOOD

C:\WINDOWS\system32\ddrawex.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 21C24AAB00CCE7946A9500C9FC9A0600C816EBD1
MD5: 3102494f18e3f531461e915e988bdf2e
Determination: GOOD

C:\WINDOWS\system32\DDRAW.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 4E606A3E004BFD1E107104ECA94E4700B2873B8F
MD5: 613e66ace3fae6523e6f1a0183af7f2d
Determination: GOOD

C:\WINDOWS\system32\DCIMAN32.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 256E9CF3007B0060223C00722D6B1100E50006BD
MD5: b4135161fbdf6bf676bbfa8eb79cade8
Determination: GOOD

C:\WINDOWS\system32\vbscript.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 701EA96400A441615057067848F52A0073789F12
MD5: 767d22c6e47a4d73ae0253b83bc7be64
Determination: GOOD

C:\WINDOWS\system32\ImgUtil.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: CAF7E19500E00DD38E9300C38F63CD008472484B
MD5: c2d6a721edf79456b0e74faff6713026
Determination: GOOD

C:\WINDOWS\system32\pngfilt.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: DD996BD000B62F17AE70009830B2BD0048905DC3
MD5: eba6e877b64fdf40f65256f29a103a69
Determination: GOOD

C:\WINDOWS\system32\USP10.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 6CE757A3000138D5346106B2255A2400746F4EDC
MD5: d80fea125dc5860e4bc786ae07de6db8
Determination: GOOD

C:\WINDOWS\system32\iepeers.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 203CA2AC005F4E41EC6702AB4F31CE001E77FBDD
MD5: 14afcc6a059da5ad83139c4c52ccb2fe
Determination: GOOD

C:\WINDOWS\system32\Dxtrans.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 8EAEB33F00AB836C464D0357B3B9D600B0CF4D8E
MD5: 0d9c7c7a565b0f68bdea2a5e9e9424c1
Determination: GOOD

C:\WINDOWS\system32\Dxtmsft.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: D81C676A0002CE944A5605DFFBEB3600D59313BD
MD5: 8f4aaabeb926a294559c8a884a88a04e
Determination: GOOD

C:\WINDOWS\system32\mshtmled.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 2B9A865900D390FF4CF607A2593D8200ED410792
MD5: c979610d7ede10edb8816c7281977f55
Determination: GOOD

C:\WINDOWS\system32\dispex.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 96D7384E1BC802A0B04900DCD9F76300EE83F357
MD5: 87dd0cd2488c6bcc860eb202be0ab1e8
Determination: GOOD

C:\WINDOWS\system32\MSRATING.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 59B98CF70084ADF6F2DE02E6CA699700D4AD052D
MD5: 7e472bf3cd86d540bfc223008fb6ef2e
Determination: GOOD

C:\WINDOWS\system32\mscms.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: DF52A2B9002BAEF722FE01B4E2E8B900D4427BF9
MD5: cd669d359dad2ab7ee5f6e09010a6167
Determination: GOOD

C:\WINDOWS\system32\corpol.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
PX5: 45FFCB7200C383248AD80016986D8C0044602A96
MD5: 1edf32d0c549dc0a6efffd1e50a3c93d
Determination: GOOD

C:\WINDOWS\system32\cryptnet.dll
Loaded into: C:\Programmi\Internet Explorer\iexplore.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\DllName cryptnet.dll
PX5: 7068F9AD00A507EDF8EF0072A0BBE3005197631B
MD5: f8dd2e38ecc275ae94edc7c0492416ef
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
Loaded into: C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\FB01YUOS\PREVXCSIFREE[1].EXE
Loaded from: FILE
PX5: 3043F13238834E375CDF093924CA3700BC43F30C
MD5: 6b49f60ffb733cd56766951954052f94
Determination: GOOD

C:\Programmi\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\SiSRaid C:\Programmi\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgcc.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\WINDOWS\system32\NeroCheck.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Loaded from: FILE
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\CnxDslTaskBar "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\QuickTime\qttask.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task "C:\Programmi\QuickTime\qttask.exe" -atboottime
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\ACD Systems\DevDetect\DevDetect.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Camera Detector C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Photo Downloader "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PX5: 72DBE8490CCF67A938090009ACA07000C2A3718D
MD5: 4bee91cebb47f4a9c2726171e26b132f
Determination: GOOD

C:\Programmi\Grisoft\AVG Free\avgw.exe
Loaded from: \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
Loaded from: \REGISTRY\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
Loaded from: \REGISTRY\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
Loaded from: \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
PX5: 75C2FBB50077C4CB589103ED9FC2A900DCA9D54E
MD5: b331ef4c7437f5093d703340678469eb
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ACPI.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ACPI\ImagePath system32\DRIVERS\ACPI.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI\ImagePath C:\WINDOWS\system32\DRIVERS\ACPI.sys
Loaded from: FILE
PX5: 6EB7D724001F4D96E0A8029EF0BB700070C5BA93
MD5: ad825cb3397c837d1fb91d566d78de04
Determination: GOOD

C:\WINDOWS\system32\drivers\aec.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\aec\ImagePath system32\drivers\aec.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec\ImagePath C:\WINDOWS\system32\drivers\aec.sys
Loaded from: FILE
PX5: E884BE24808C5EEB2C92028B464629005484ED65
MD5: 1ee7b434ba961ef845de136224c30fec
Determination: GOOD

C:\WINDOWS\System32\drivers\afd.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AFD\ImagePath \SystemRoot\System32\drivers\afd.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD\ImagePath C:\WINDOWS\System32\drivers\afd.sys
Loaded from: FILE
PX5: EE224F5C0089E9241DEF0273688B740025971F4C
MD5: 5ac495f4cb807b2b98ad2ad591e6d92e
Determination: GOOD

C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ALCXWDM\ImagePath system32\drivers\ALCXWDM.SYS
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALCXWDM\ImagePath C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Loaded from: FILE
PX5: 96CE996D4017673B0F2F2306CB2A3D00113F2087
MD5: 933933288df5ed26d1928215c97d05c7
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AsyncMac\ImagePath system32\DRIVERS\asyncmac.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac\ImagePath C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Loaded from: FILE
PX5: 8BD45D2B002F3B40389D007E91CC59004B62F8E9
MD5: 02000abf34af4c218c35d257024807d6
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\atapi.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\atapi\ImagePath system32\DRIVERS\atapi.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi\ImagePath C:\WINDOWS\system32\DRIVERS\atapi.sys
Loaded from: FILE
PX5: 9D6081B280209DE174C2011395153C00E47C5A8D
MD5: cdfe4411a69c224bd1d11b2da92dac51
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ati2mtag\ImagePath system32\DRIVERS\ati2mtag.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ati2mtag\ImagePath C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Loaded from: FILE
PX5: C185A3E2009B7986B4DD0A998E71E7009CCDF019
MD5: 26fa97bba8105f5ce7ece5111216a22e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Atmarpc\ImagePath system32\DRIVERS\atmarpc.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc\ImagePath C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Loaded from: FILE
PX5: C41A09F600246E0AEA81009B2DE4BF0073057136
MD5: ec88da854ab7d7752ec8be11a741bb7f
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\audstub.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\audstub\ImagePath system32\DRIVERS\audstub.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub\ImagePath C:\WINDOWS\system32\DRIVERS\audstub.sys
Loaded from: FILE
PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
MD5: d9f724aa26c010a217c97606b160ed68
Determination: GOOD

C:\WINDOWS\System32\Drivers\avg7core.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Avg7Core\ImagePath \SystemRoot\System32\Drivers\avg7core.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7Core\ImagePath C:\WINDOWS\System32\Drivers\avg7core.sys
Loaded from: FILE
PX5: 67739A3E605266738A910CA383908000FB63460D
MD5: 400e920d2e3f42bf6f1f75dd1b069ce3
Determination: GOOD

C:\WINDOWS\System32\Drivers\avg7rsw.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Avg7RsW\ImagePath \SystemRoot\System32\Drivers\avg7rsw.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7RsW\ImagePath C:\WINDOWS\System32\Drivers\avg7rsw.sys
Loaded from: FILE
PX5: D3752A4F8005D64C100000F6EA3191000922D830
MD5: 8a7e25876955e06142ef65b52c906cf1
Determination: GOOD

C:\WINDOWS\System32\Drivers\avg7rsxp.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Avg7RsXP\ImagePath \SystemRoot\System32\Drivers\avg7rsxp.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Avg7RsXP\ImagePath C:\WINDOWS\System32\Drivers\avg7rsxp.sys
Loaded from: FILE
PX5: 587F629080BFBF736CAB001984B437005EE48C55
MD5: 04d823d681f0d53191a172c3e667fc33
Determination: GOOD

C:\WINDOWS\System32\Drivers\avgclean.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AvgClean\ImagePath \SystemRoot\System32\Drivers\avgclean.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AvgClean\ImagePath C:\WINDOWS\System32\Drivers\avgclean.sys
Loaded from: FILE
PX5: 87B050E3083D57B52A2F00D1C9CA3A00EF6956A7
MD5: 603dc17a48c65c637623a9bb5a5e6008
Determination: GOOD

C:\WINDOWS\System32\Drivers\avgtdi.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AvgTdi\ImagePath \SystemRoot\System32\Drivers\avgtdi.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AvgTdi\ImagePath C:\WINDOWS\System32\Drivers\avgtdi.sys
Loaded from: FILE
PX5: 272B2EC760A8F718135000A25D4E000069297BEB
MD5: 8fa5cdfa0d72befff5e9a36df50e13ec
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\cdrom.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Cdrom\ImagePath system32\DRIVERS\cdrom.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom\ImagePath C:\WINDOWS\system32\DRIVERS\cdrom.sys
Loaded from: FILE
PX5: B3CE44DD80DABE80C1400031E25C450069663A5F
MD5: af9c19b3100fe010496b1a27181fbf72
Determination: GOOD

C:\WINDOWS\system32\cisvc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CiSvc\ImagePath %SystemRoot%\system32\cisvc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CiSvc\ImagePath C:\WINDOWS\system32\cisvc.exe
PX5: B03833B20005A59D1629005665669D00201F0525
MD5: c4e84243292e37ca3b6faf4a1855b8a7
Determination: GOOD

C:\WINDOWS\system32\clipsrv.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ClipSrv\ImagePath %SystemRoot%\system32\clipsrv.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv\ImagePath C:\WINDOWS\system32\clipsrv.exe
PX5: 50E35C41004F616D823700EBB15ECF008A4FA87F
MD5: 0a215e4bac9a1a9381d88c67517c850b
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CnxEtP\ImagePath system32\DRIVERS\CnxEtP.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CnxEtP\ImagePath C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
Loaded from: FILE
PX5: 1399B823803A4450EBC4006F1ED60400A3C9BEED
MD5: 0c0e075ad3700875c1eb231c054f9c1b
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CnxEtU\ImagePath system32\DRIVERS\CnxEtU.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CnxEtU\ImagePath C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
Loaded from: FILE
PX5: E3164AFC80A4DC49DE0A096816EBFD004B231D95
MD5: 28775c3f6df8c1f364f67d7121191000
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CnxTgN\ImagePath system32\DRIVERS\CnxTgN.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CnxTgN\ImagePath C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
Loaded from: FILE
PX5: 47CAAE5383FC1810A8A90142239E93007CD9929D
MD5: 47e08b4113b0da06787870228637366a
Determination: GOOD

C:\WINDOWS\system32\dllhost.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\COMSysApp\ImagePath C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SwPrv\ImagePath C:\WINDOWS\system32\dllhost.exe /Processid:{19415377-329F-41F5-A28C-5E1FB61B5F6E}
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp\ImagePath C:\WINDOWS\system32\dllhost.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv\ImagePath C:\WINDOWS\system32\dllhost.exe
PX5: 6EA1D06F0041EB21141900B4A32FF2002F6B8881
MD5: f4b3c65e2a3406f32d220019deb522f8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\disk.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Disk\ImagePath system32\DRIVERS\disk.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk\ImagePath C:\WINDOWS\system32\DRIVERS\disk.sys
Loaded from: FILE
PX5: 61E4E34300C80A908E6D00C10934AF006F571071
MD5: 00ca44e4534865f8a3b64f7c0984bff0
Determination: GOOD

C:\WINDOWS\System32\dmadmin.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmadmin\ImagePath %SystemRoot%\System32\dmadmin.exe /com
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin\ImagePath C:\WINDOWS\System32\dmadmin.exe
PX5: CB8A3D6900018319702703238C5916001DF268F6
MD5: 6c9aaa1aa9bf1699d23dec4d4113226f
Determination: GOOD

C:\WINDOWS\System32\drivers\dmboot.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmboot\ImagePath System32\drivers\dmboot.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmboot\ImagePath C:\WINDOWS\System32\drivers\dmboot.sys
Loaded from: FILE
PX5: 917F152000320DE9366A0C362239380089D45879
MD5: 6570b4c952f0d8fee4c6ef2ff5e10c08
Determination: GOOD

C:\WINDOWS\System32\drivers\dmio.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmio\ImagePath System32\drivers\dmio.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmio\ImagePath C:\WINDOWS\System32\drivers\dmio.sys
Loaded from: FILE
PX5: 33A7916180B2EE7E5AC702A49AA6DC00E6795F14
MD5: c57d35621782c7f40770f3e5ca20a182
Determination: GOOD

C:\WINDOWS\System32\drivers\dmload.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmload\ImagePath System32\drivers\dmload.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmload\ImagePath C:\WINDOWS\System32\drivers\dmload.sys
Loaded from: FILE
PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4
MD5: e9317282a63ca4d188c0df5e09c6ac5f
Determination: GOOD

C:\WINDOWS\system32\drivers\DMusic.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\DMusic\ImagePath system32\drivers\DMusic.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DMusic\ImagePath C:\WINDOWS\system32\drivers\DMusic.sys
Loaded from: FILE
PX5: 64B493018066E6FACEE6008D21636D008F236B03
MD5: a6f881284ac1150e37d9ae47ff601267
Determination: GOOD

C:\WINDOWS\system32\drivers\drmkaud.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\drmkaud\ImagePath system32\drivers\drmkaud.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\drmkaud\ImagePath C:\WINDOWS\system32\drivers\drmkaud.sys
Loaded from: FILE
PX5: FA93CCC9802BA0DD0B8800D3A4C66500B79BCD14
MD5: 1ed4dbbae9f5d558dbba4cc450e3eb2e
Determination: GOOD

C:\WINDOWS\system32\mnmsrvc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Eventlog\Application\(default) mnmsrvc
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\mnmsrvc\ImagePath C:\WINDOWS\system32\mnmsrvc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mnmsrvc\ImagePath C:\WINDOWS\system32\mnmsrvc.exe
PX5: F2F6E69800D71BFC80AE00AF40E07800F93A911A
MD5: 940a4e02b7f03c2592a52e16dddb3e46
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\fdc.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Fdc\ImagePath system32\DRIVERS\fdc.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Fdc\ImagePath C:\WINDOWS\system32\DRIVERS\fdc.sys
Loaded from: FILE
PX5: 030113CC009ED3836B77000B64308F0030511E66
MD5: ced2e8396a8838e59d8fd529c680e02c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Flpydisk\ImagePath system32\DRIVERS\flpydisk.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Flpydisk\ImagePath C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Loaded from: FILE
PX5: 60E1171000EEA79E50BF00391F7EE000F2860CEC
MD5: 0dd1de43115b93f4d85e889d7a86f548
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\fltMgr.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\FltMgr\ImagePath system32\DRIVERS\fltMgr.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FltMgr\ImagePath C:\WINDOWS\system32\DRIVERS\fltMgr.sys
Loaded from: FILE
PX5: DD494D2180C4BB98F7F901405AA62900817D3A94
MD5: 3d234fb6d6ee875eb009864a299bea29
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ftdisk\ImagePath system32\DRIVERS\ftdisk.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ftdisk\ImagePath C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Loaded from: FILE
PX5: D543638280F1FAF5EBA30154BD3E7700D3ED2EEC
MD5: f3269a6ee547ea87b949a1cea4816b38
Determination: GOOD

C:\WINDOWS\System32\DRIVERS\gmer.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\gmer\ImagePath System32\DRIVERS\gmer.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gmer\ImagePath C:\WINDOWS\System32\DRIVERS\gmer.sys
Loaded from: FILE
PX5: 2363898871BA3A5C11ED011C6BB8A400275AD21D
MD5: 35b24c17f8aea65cabc4a4e63e88ac45
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\msgpc.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Gpc\ImagePath system32\DRIVERS\msgpc.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Gpc\ImagePath C:\WINDOWS\system32\DRIVERS\msgpc.sys
Loaded from: FILE
PX5: A6DC8C520088C979894600B57B2B1A00363C4157
MD5: c0f1d4a21de5a415df8170616703debf
Determination: GOOD

C:\WINDOWS\System32\Drivers\HTTP.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HTTP\ImagePath System32\Drivers\HTTP.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTP\ImagePath C:\WINDOWS\System32\Drivers\HTTP.sys
Loaded from: FILE
PX5: 1A572A9180D9F92E022704747529EC0016C1652C
MD5: cb77bb47e67e84deb17ba29632501730
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\i8042prt\ImagePath system32\DRIVERS\i8042prt.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\i8042prt\ImagePath C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Loaded from: FILE
PX5: 5176B379805D75ECD1900002BF9BC2003FF0C0D5
MD5: 30e64dfa4efaacc8142ea07766181fb4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\imapi.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Imapi\ImagePath system32\DRIVERS\imapi.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Imapi\ImagePath C:\WINDOWS\system32\DRIVERS\imapi.sys
Loaded from: FILE
PX5: A6DE19768012C7FDA37F00B5535D7900050612BF
MD5: f8aa320c6a0409c0380e5d8a99d76ec6
Determination: GOOD

C:\WINDOWS\system32\imapi.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ImapiService\ImagePath C:\WINDOWS\system32\imapi.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ImapiService\ImagePath C:\WINDOWS\system32\imapi.exe
PX5: 74CFCD09009BDDD14A8402202B1E530034B0D214
MD5: ed7abb35c81709fb41972d30fe15311e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\intelppm.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\intelppm\ImagePath system32\DRIVERS\intelppm.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\intelppm\ImagePath C:\WINDOWS\system32\DRIVERS\intelppm.sys
Loaded from: FILE
PX5: 308DA7E000DC5FE09D58006BABC91A0052CD17AF
MD5: ebc07787034bbe312020d30198a9f362
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ip6Fw\ImagePath system32\DRIVERS\Ip6Fw.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ip6Fw\ImagePath C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Loaded from: FILE
PX5: 554B18088049820E711F003BBA86E4005B660DCC
MD5: 4448006b6bc60e6c027932cfc38d6855
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IpFilterDriver\ImagePath system32\DRIVERS\ipfltdrv.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpFilterDriver\ImagePath C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Loaded from: FILE
PX5: E130718C809C039180F700DA0AC8EE00F2B31814
MD5: 731f22ba402ee4b62748adaf6363c182
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipinip.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IpInIp\ImagePath system32\DRIVERS\ipinip.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpInIp\ImagePath C:\WINDOWS\system32\DRIVERS\ipinip.sys
Loaded from: FILE
PX5: 9655BFAF0030F62E523A00C352D248003081C413
MD5: e1ec7f5da720b640cd8fb8424f1b14bb
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipnat.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IpNat\ImagePath system32\DRIVERS\ipnat.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpNat\ImagePath C:\WINDOWS\system32\DRIVERS\ipnat.sys
Loaded from: FILE
PX5: 16BC903800541BF40F8E02F0609797000CA3B3FE
MD5: e2168cbc7098ffe963c6f23f472a3593
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipsec.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IPSec\ImagePath system32\DRIVERS\ipsec.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IPSec\ImagePath C:\WINDOWS\system32\DRIVERS\ipsec.sys
Loaded from: FILE
PX5: 84ED89D600412A2C245201A3F8A740006B772EC6
MD5: 64537aa5c003a6afeee1df819062d0d1
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\irenum.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IRENUM\ImagePath system32\DRIVERS\irenum.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IRENUM\ImagePath C:\WINDOWS\system32\DRIVERS\irenum.sys
Loaded from: FILE
PX5: 42D7DCAC001BE9A12C7B00EF915041002AED16BC
MD5: 50708daa1b1cbb7d6ac1cf8f56a24410
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\isapnp.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\isapnp\ImagePath system32\DRIVERS\isapnp.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\isapnp\ImagePath C:\WINDOWS\system32\DRIVERS\isapnp.sys
Loaded from: FILE
PX5: 8A87001A0002BFB48D1F0066402D8A00BD468997
MD5: ea3245a8e8758d6b84de189a5caaa75e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Kbdclass\ImagePath system32\DRIVERS\kbdclass.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Kbdclass\ImagePath C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Loaded from: FILE
PX5: 11013D51001BA498620F00A282D06D00135D5A16
MD5: e883ae6ea0b313e659225aa32e449ce9
Determination: GOOD

C:\WINDOWS\system32\drivers\kmixer.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\kmixer\ImagePath system32\drivers\kmixer.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kmixer\ImagePath C:\WINDOWS\system32\drivers\kmixer.sys
Loaded from: FILE
PX5: 1C3250A68067C4B7A11302D8512D99006E8A628F
MD5: ba5deda4d934e6288c2f66caf58d2562
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mouclass.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Mouclass\ImagePath system32\DRIVERS\mouclass.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mouclass\ImagePath C:\WINDOWS\system32\DRIVERS\mouclass.sys
Loaded from: FILE
PX5: 7E80CA6A0038C59C5C6F0047F0E35500920EB276
MD5: c458e314b8722253897c94a714c2e0c0
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MRxDAV\ImagePath system32\DRIVERS\mrxdav.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxDAV\ImagePath C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Loaded from: FILE
PX5: 2A28D206005617C9C4F8026FCC47BD006A62BA75
MD5: 46edcc8f2db2f322c24f48785cb46366
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MRxSmb\ImagePath system32\DRIVERS\mrxsmb.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxSmb\ImagePath C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Loaded from: FILE
PX5: 3A6FDF2E00838449EA5E06BDEF52FE0062D6AA8B
MD5: 025af03ce51645c62f3b6907a7e2be5e
Determination: GOOD

C:\WINDOWS\system32\msdtc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSDTC\ImagePath C:\WINDOWS\system32\msdtc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSDTC\ImagePath C:\WINDOWS\system32\msdtc.exe
PX5: 3A5257C800292C38184B000639E3D800639539E0
MD5: 3124662b40761a3ef8f4254d2f32e3f4
Determination: GOOD

C:\WINDOWS\system32\msiexec.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSIServer\ImagePath C:\WINDOWS\system32\msiexec.exe /V
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSIServer\ImagePath C:\WINDOWS\system32\msiexec.exe
PX5: 2199A4A600D88009341401C8D9AE0A004C78202A
MD5: f5f0146580e7023adb963879840777f8
Determination: GOOD

C:\WINDOWS\system32\drivers\MSKSSRV.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSKSSRV\ImagePath system32\drivers\MSKSSRV.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSKSSRV\ImagePath C:\WINDOWS\system32\drivers\MSKSSRV.sys
Loaded from: FILE
PX5: 441E162B80A429811D1500CB9CEDF700CED69BEA
MD5: ae431a8dd3c1d0d0610cdbac16057ad0
Determination: GOOD

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSPCLOCK\ImagePath system32\drivers\MSPCLOCK.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPCLOCK\ImagePath C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Loaded from: FILE
PX5: 3656535900693AA115D1001337247B009D5BCE4B
MD5: 13e75fef9dfeb08eeded9d0246e1f448
Determination: GOOD

C:\WINDOWS\system32\drivers\MSPQM.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSPQM\ImagePath system32\drivers\MSPQM.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPQM\ImagePath C:\WINDOWS\system32\drivers\MSPQM.sys
Loaded from: FILE
PX5: 5D7EA63E804A637C13CA0078C414AC000E912E93
MD5: 1988a33ff19242576c3d0ef9ce785da7
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\mssmbios\ImagePath system32\DRIVERS\mssmbios.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mssmbios\ImagePath C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Loaded from: FILE
PX5: 5C75220680F731D03C3D001BD399CC00D7DBED29
MD5: 469541f8bfd2b32659d5d463a6714bce
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NdisTapi\ImagePath system32\DRIVERS\ndistapi.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisTapi\ImagePath C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Loaded from: FILE
PX5: 25AEC9EA809D4D4825A500A2A9E22F00CCB1FFC8
MD5: 08d43bbdacdf23f34d79e44ed35c1b4c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ndisuio\ImagePath system32\DRIVERS\ndisuio.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ndisuio\ImagePath C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Loaded from: FILE
PX5: 0BF3AB388038D73732EB00A9A855ED006D3C0384
MD5: 34d6cd56409da9a7ed573e1c90a308bf
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NdisWan\ImagePath system32\DRIVERS\ndiswan.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisWan\ImagePath C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Loaded from: FILE
PX5: 304E26E9803B344266FF0104DAA0B500E6B358BD
MD5: 0b90e255a9490166ab368cd55a529893
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\netbios.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetBIOS\ImagePath system32\DRIVERS\netbios.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBIOS\ImagePath C:\WINDOWS\system32\DRIVERS\netbios.sys
Loaded from: FILE
PX5: 6F5EDA40008AE18787EB007972CAB100F174D35C
MD5: 3a2aca8fc1d7786902ca434998d7ceb4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\netbt.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetBT\ImagePath system32\DRIVERS\netbt.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBT\ImagePath C:\WINDOWS\system32\DRIVERS\netbt.sys
Loaded from: FILE
PX5: 7D3B6A2A0069D5737CDE020A47DE6F00F472D659
MD5: 0c80e410cd2f47134407ee7dd19cc86b
Determination: GOOD

C:\WINDOWS\system32\netdde.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetDDE\ImagePath %SystemRoot%\system32\netdde.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetDDEdsdm\ImagePath %SystemRoot%\system32\netdde.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDE\ImagePath C:\WINDOWS\system32\netdde.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDEdsdm\ImagePath C:\WINDOWS\system32\netdde.exe
PX5: AAA3C89900BB76ABBADC01BFB3AC1B00E2E8A55F
MD5: de62ee316fab09de3d7a5180f0775abf
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NwlnkFlt\ImagePath system32\DRIVERS\nwlnkflt.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFlt\ImagePath C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Loaded from: FILE
PX5: A826BA3A803B83AE30C000488911C200DC3CA878
MD5: b305f3fad35083837ef46a0bbce2fc57
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NwlnkFwd\ImagePath system32\DRIVERS\nwlnkfwd.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFwd\ImagePath C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Loaded from: FILE
PX5: B9B73139006979BB7FBC0031EA7E320032D237D0
MD5: c99b3415198d1aab7227f2c88fd664b9
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\parport.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Parport\ImagePath system32\DRIVERS\parport.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Parport\ImagePath C:\WINDOWS\system32\DRIVERS\parport.sys
Loaded from: FILE
PX5: 4A82394D8019443A393C017F618C1500973C174B
MD5: 3490ead0612bfd0e7c1b864ee24e6a4a
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\pci.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PCI\ImagePath system32\DRIVERS\pci.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCI\ImagePath C:\WINDOWS\system32\DRIVERS\pci.sys
Loaded from: FILE
PX5: 9DA3602E807459480C5D01595A918400CA482387
MD5: 91fc1d483d900b1c0600a08b871c39d5
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\pciide.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PCIIde\ImagePath system32\DRIVERS\pciide.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCIIde\ImagePath C:\WINDOWS\system32\DRIVERS\pciide.sys
Loaded from: FILE
PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14
MD5: b2df00d650fd6c4ee781740ed3c8e67f
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\raspptp.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PptpMiniport\ImagePath system32\DRIVERS\raspptp.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PptpMiniport\ImagePath C:\WINDOWS\system32\DRIVERS\raspptp.sys
Loaded from: FILE
PX5: F406FA260016D348BD2800EFDBDF52003203F53C
MD5: 1c5cc65aac0783c344f16353e60b72ac
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\psched.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PSched\ImagePath system32\DRIVERS\psched.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PSched\ImagePath C:\WINDOWS\system32\DRIVERS\psched.sys
Loaded from: FILE
PX5: C7C1320E008655110E77011715C66E0009C5AE75
MD5: 48671f327553dcf1d27f6197f622a668
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ptilink.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ptilink\ImagePath system32\DRIVERS\ptilink.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ptilink\ImagePath C:\WINDOWS\system32\DRIVERS\ptilink.sys
Loaded from: FILE
PX5: F96F182D805891FA452B007EBD870E004C25BA07
MD5: 80d317bd1c3dbc5d4fe7b1678c60cadd
Determination: GOOD

C:\WINDOWS\system32\drivers\pxark.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\pxark\ImagePath \??\C:\WINDOWS\system32\drivers\pxark.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pxark\ImagePath C:\WINDOWS\system32\drivers\pxark.sys
Loaded from: FILE
PX5: 87296EB280D7F1DA296B00CB462B950061E4FEFB
MD5: d2b5e899d78c0fb0dd290d62b36f333e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rasacd.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasAcd\ImagePath system32\DRIVERS\rasacd.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAcd\ImagePath C:\WINDOWS\system32\DRIVERS\rasacd.sys
Loaded from: FILE
PX5: EF519CA180B540A42200002C4F06E3005372DD33
MD5: fe0d99d6f31e4fad8159f690d68ded9c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Rasl2tp\ImagePath system32\DRIVERS\rasl2tp.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasl2tp\ImagePath C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Loaded from: FILE
PX5: C15C1546804EC8E6C8410037F34FAD00B1FBF6DF
MD5: 98faeb4a4dcf812ba1c6fca4aa3e115c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasPppoe\ImagePath system32\DRIVERS\raspppoe.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasPppoe\ImagePath C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Loaded from: FILE
PX5: A8F2C94800B2E031A21A00F0EC682E009B5794D5
MD5: 7306eeed8895454cbed4669be9f79faa
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\raspti.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Raspti\ImagePath system32\DRIVERS\raspti.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Raspti\ImagePath C:\WINDOWS\system32\DRIVERS\raspti.sys
Loaded from: FILE
PX5: 506F10F380FEE57C406900BE351741009F00F0DE
MD5: fdbb1d60066fcfbb7452fd8f9829b242
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rdbss.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Rdbss\ImagePath system32\DRIVERS\rdbss.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rdbss\ImagePath C:\WINDOWS\system32\DRIVERS\rdbss.sys
Loaded from: FILE
PX5: EE21D17900972EBEAA93023D87A14E0013D2E867
MD5: 03b965b1ca47f6ef60eb5e51cb50e0af
Determination: GOOD

C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RDPCDD\ImagePath System32\DRIVERS\RDPCDD.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDPCDD\ImagePath C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Loaded from: FILE
PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74
MD5: 4912d5b403614ce99c28420f75353332
Determination: GOOD

C:\WINDOWS\system32\sessmgr.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RDSessMgr\ImagePath C:\WINDOWS\system32\sessmgr.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDSessMgr\ImagePath C:\WINDOWS\system32\sessmgr.exe
PX5: 2C67C68B0020C05D2C3E02893D0F09005D1CF7F5
MD5: cc0693c481502844a24ef71b90a7195e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\redbook.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\redbook\ImagePath system32\DRIVERS\redbook.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\redbook\ImagePath C:\WINDOWS\system32\DRIVERS\redbook.sys
Loaded from: FILE
PX5: AEF2FC7D804F986FE3C7004FF2D91D0029FD0FC2
MD5: a8eee004a16af1d583d9de9f6de250e0
Determination: GOOD

C:\WINDOWS\system32\locator.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RpcLocator\ImagePath %SystemRoot%\system32\locator.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcLocator\ImagePath C:\WINDOWS\system32\locator.exe
PX5: C3C0A8550045DDC726E601EBB10B83000E4A4556
MD5: 33a8f0fe0005b2d79df53441679f5149
Determination: GOOD

C:\WINDOWS\system32\rsvp.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RSVP\ImagePath %SystemRoot%\system32\rsvp.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RSVP\ImagePath C:\WINDOWS\system32\rsvp.exe
PX5: 2057508700E163D906880231F30F2D00E5519440
MD5: dce0d20f8fb66df41d53734bff9d66f0
Determination: GOOD

C:\WINDOWS\System32\SCardSvr.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SCardSvr\ImagePath %SystemRoot%\System32\SCardSvr.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SCardSvr\ImagePath C:\WINDOWS\System32\SCardSvr.exe
PX5: FFC6D19800BAA7847E46014ECC3CD200949D4E12
MD5: 74b1e7fcfca9a3a23871aa014144013e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\secdrv.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Secdrv\ImagePath system32\DRIVERS\secdrv.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Secdrv\ImagePath C:\WINDOWS\system32\DRIVERS\secdrv.sys
Loaded from: FILE
PX5: 84A9A7CB006F9ECC508100883E7135006D51A95C
MD5: 90a3935d05b494a5a39d37e71f09a677
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\serenum.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\serenum\ImagePath system32\DRIVERS\serenum.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\serenum\ImagePath C:\WINDOWS\system32\DRIVERS\serenum.sys
Loaded from: FILE
PX5: 4F3C7EAD801665B83CEF00E324D68C009966C2DD
MD5: a2d868aeeff612e70e213c451a70cafb
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\serial.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Serial\ImagePath system32\DRIVERS\serial.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Serial\ImagePath C:\WINDOWS\system32\DRIVERS\serial.sys
Loaded from: FILE
PX5: 84269A0C80DA4AE9020E01315B99420097A96A32
MD5: dbab3260e7eb3398cb87267d1410fad4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SISAGP\ImagePath system32\DRIVERS\SISAGPX.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SISAGP\ImagePath C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
Loaded from: FILE
PX5: BAA159C080358CC3901800B417B63E008CB12118
MD5: 61ca562def09a782d26b3e7edec5369a
Determination: GOOD

C:\WINDOWS\system32\drivers\sisidex.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\sisidex\ImagePath system32\drivers\sisidex.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sisidex\ImagePath C:\WINDOWS\system32\drivers\sisidex.sys
Loaded from: FILE
PX5: 51E9DD63807A58527F83002F8FA52E0078B990B4
MD5: ebe8e50647d0efef0abc8c2f717405d9
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\sisnic.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SISNIC\ImagePath system32\DRIVERS\sisnic.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SISNIC\ImagePath C:\WINDOWS\system32\DRIVERS\sisnic.sys
Loaded from: FILE
PX5: C3379E0B0049FAA1800300F6730E4300F32B92EC
MD5: 3fbb6ef8b5a71a2fa11f5f461bb73219
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SISNICXP\ImagePath system32\DRIVERS\sisnicxp.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SISNICXP\ImagePath C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
Loaded from: FILE
PX5: 8995082000B8831C809B006D72855E00AC4E8324
MD5: 47f39481bc8941e0d51601a85691448d
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SiSRaid\ImagePath system32\DRIVERS\SiSRaid.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SiSRaid\ImagePath C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
Loaded from: FILE
PX5: 112A32CA8034CCF0B54400F3A749A20065231C80
MD5: d0013138311fdab6dafccedfeed59ab1
Determination: GOOD

C:\WINDOWS\system32\drivers\splitter.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\splitter\ImagePath system32\drivers\splitter.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\splitter\ImagePath C:\WINDOWS\system32\drivers\splitter.sys
Loaded from: FILE
PX5: 249A00630095166C194E008C6AC35800063B57CE
MD5: 0ce218578fff5f4f7e4201539c45c78f
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\sr.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\sr\ImagePath \SystemRoot\system32\DRIVERS\sr.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sr\ImagePath C:\WINDOWS\system32\DRIVERS\sr.sys
Loaded from: FILE
PX5: 4D90659E00D8A4771F1A013E6E421F00F36027A5
MD5: 896f566afc498077172eae8a50e8baf8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\srv.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Srv\ImagePath system32\DRIVERS\srv.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Srv\ImagePath C:\WINDOWS\system32\DRIVERS\srv.sys
Loaded from: FILE
PX5: 75BFBC608040FEEB14BC05A8A20D28000AA8481B
MD5: ea554a3ffc3f536fe8320eb38f5e4843
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ss_bus.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ss_bus\ImagePath system32\DRIVERS\ss_bus.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ss_bus\ImagePath C:\WINDOWS\system32\DRIVERS\ss_bus.sys
Loaded from: FILE
PX5: AE41BF33D03DE849E3D6005B24F1E500F38D5452
MD5: bd15182e9d2d3fabc1d1313badbd2415
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ss_mdfl\ImagePath system32\DRIVERS\ss_mdfl.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ss_mdfl\ImagePath C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
Loaded from: FILE
PX5: 9362B246705632A920AC00FCBC89F6002C7F531F
MD5: 67d1144f249a3c5e03ebd7a2304dee11
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ss_mdm\ImagePath system32\DRIVERS\ss_mdm.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ss_mdm\ImagePath C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
Loaded from: FILE
PX5: 50176AEE302353576F0E015435A7FB0030FC1E49
MD5: 954b7ce2d54c703d6a8471d6b05a5e13
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\swenum.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\swenum\ImagePath system32\DRIVERS\swenum.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swenum\ImagePath C:\WINDOWS\system32\DRIVERS\swenum.sys
Loaded from: FILE
PX5: FDB253C8004ADC8E110200CB82EF3C003BACCEF1
MD5: 03c1bae4766e2450219d20b993d6e046
Determination: GOOD

C:\WINDOWS\system32\drivers\swmidi.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\swmidi\ImagePath system32\drivers\swmidi.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swmidi\ImagePath C:\WINDOWS\system32\drivers\swmidi.sys
Loaded from: FILE
PX5: D73823E800EBA9D4D48400057CBBEE004EA1E5C8
MD5: 94abc808fc4b6d7d2bbf42b85e25bb4d
Determination: GOOD

C:\WINDOWS\system32\drivers\sysaudio.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\sysaudio\ImagePath system32\drivers\sysaudio.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sysaudio\ImagePath C:\WINDOWS\system32\drivers\sysaudio.sys
Loaded from: FILE
PX5: 23CF2276806778A5EDCF00D9512FDE00BB195FEF
MD5: 650ad082d46bac0e64c9c0e0928492fd
Determination: GOOD

C:\WINDOWS\system32\smlogsvc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SysmonLog\ImagePath %SystemRoot%\system32\smlogsvc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SysmonLog\ImagePath C:\WINDOWS\system32\smlogsvc.exe
PX5: C0E6801A0095AB606A660128541E440050C06325
MD5: bc8b8694def74b4e6c626322d4321a54
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\tcpip.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Tcpip\ImagePath system32\DRIVERS\tcpip.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Tcpip\ImagePath C:\WINDOWS\system32\DRIVERS\tcpip.sys
Loaded from: FILE
PX5: 4F73F53680D573A87D91052B82C9450084D6047A
MD5: 1dbf125862891817f374f407626967f4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\termdd.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TermDD\ImagePath system32\DRIVERS\termdd.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermDD\ImagePath C:\WINDOWS\system32\DRIVERS\termdd.sys
Loaded from: FILE
PX5: 3111E3EA882052CE9F39002D38F46900A7415306
MD5: a540a99c281d933f3d69d55e48727f47
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\uagp35.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\uagp35\ImagePath system32\DRIVERS\uagp35.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\uagp35\ImagePath C:\WINDOWS\system32\DRIVERS\uagp35.sys
Loaded from: FILE
PX5: 9D095C07801C22E3AE6600D63D61E600F240BE62
MD5: 49c805d42d75eddc9b6a7130999c9054
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\update.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Update\ImagePath system32\DRIVERS\update.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Update\ImagePath C:\WINDOWS\system32\DRIVERS\update.sys
Loaded from: FILE
PX5: DB815C1080BD5D598E3605C672D6A20096A59C7E
MD5: ced744117e91bdc0beb810f7d8608183
Determination: GOOD

C:\WINDOWS\System32\ups.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\UPS\ImagePath %SystemRoot%\System32\ups.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UPS\ImagePath C:\WINDOWS\System32\ups.exe
PX5: B1B748F7000750CB484000B4D1F04D00484BD2C2
MD5: e4896f38a3f8dacea6ea8d7ec9889d91
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbehci.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbehci\ImagePath system32\DRIVERS\usbehci.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbehci\ImagePath C:\WINDOWS\system32\DRIVERS\usbehci.sys
Loaded from: FILE
PX5: 42E57CAC00DC4FAF684000867EE93C003087E4F7
MD5: 15e993ba2f6946b2bfbbfcd30398621e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbhub.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbhub\ImagePath system32\DRIVERS\usbhub.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbhub\ImagePath C:\WINDOWS\system32\DRIVERS\usbhub.sys
Loaded from: FILE
PX5: 1972CD35009EF197E1E10053A918EE0090181966
MD5: c72f40947f92cea56a8fb532edf025f1
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbohci.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbohci\ImagePath system32\DRIVERS\usbohci.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbohci\ImagePath C:\WINDOWS\system32\DRIVERS\usbohci.sys
Loaded from: FILE
PX5: 97A6F69780D7B5F44212000A79EBE000E5CEE5D9
MD5: bdfe799a8531bad8a5a985821fe78760
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbprint.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbprint\ImagePath system32\DRIVERS\usbprint.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbprint\ImagePath C:\WINDOWS\system32\DRIVERS\usbprint.sys
Loaded from: FILE
PX5: C449F0710094064A6580004CDAAF0B00CAA1349A
MD5: a42369b7cd8886cd7c70f33da6fcbcf5
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\USBSTOR\ImagePath system32\DRIVERS\USBSTOR.SYS
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\USBSTOR\ImagePath C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Loaded from: FILE
PX5: 6135CAAA80509344675C002A218295006093CEAA
MD5: 6cd7b22193718f1d17a47a1cd6d37e75
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\USRWGU.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\USRWGU(USR)\ImagePath system32\DRIVERS\USRWGU.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\USRWGU(USR)\ImagePath C:\WINDOWS\system32\DRIVERS\USRWGU.sys
Loaded from: FILE
PX5: A2F02D330082FD773A8006BDA9BDFC00B3D10A62
MD5: 64b7da31dee25c17fc67f9e4131eda93
Determination: GOOD

C:\WINDOWS\System32\drivers\vga.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VgaSave\ImagePath \SystemRoot\System32\drivers\vga.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VgaSave\ImagePath C:\WINDOWS\System32\drivers\vga.sys
Loaded from: FILE
PX5: 14B18202007EA0B752C8003693833D00BCED634F
MD5: 8a60edd72b4ea5aea8202daf0e427925
Determination: GOOD

C:\WINDOWS\system32\Shadow.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\(default) MS Software Shadow Copy provider 1.0
PX5: 44E2E9FB00305E993C75009C1FBF8F00D582F681
MD5: f67f896ba60045fa0b5663a7f2003dce
Determination: GOOD

C:\WINDOWS\System32\vssvc.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VSS\ImagePath %SystemRoot%\System32\vssvc.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VSS\ImagePath C:\WINDOWS\System32\vssvc.exe
PX5: F8FD01E1006746AE7C9C04ADE2180F00B254A617
MD5: 147c653ad61bd01556723b3c8c4fafc8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\wanarp.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Wanarp\ImagePath system32\DRIVERS\wanarp.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wanarp\ImagePath C:\WINDOWS\system32\DRIVERS\wanarp.sys
Loaded from: FILE
PX5: D61BDDFF00BF41D487E5002B87E94900EE92AF43
MD5: 984ef0b9788abf89974cfed4bfbaacbc
Determination: GOOD

C:\WINDOWS\system32\drivers\wdmaud.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\wdmaud\ImagePath system32\drivers\wdmaud.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wdmaud\ImagePath C:\WINDOWS\system32\drivers\wdmaud.sys
Loaded from: FILE
PX5: 1A706C8200C406CF446E0184AD924B00FE330A09
MD5: efd235ca22b57c81118c1aeb4798f1c1
Determination: GOOD

C:\WINDOWS\system32\wbem\wmiapsrv.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WmiApSrv\ImagePath C:\WINDOWS\system32\wbem\wmiapsrv.exe
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiApSrv\ImagePath C:\WINDOWS\system32\wbem\wmiapsrv.exe
PX5: A8EB9B0C007C19C1EE9501FD1D31580061EB57F5
MD5: 0ee2a2754039b13a632489726689dad0
Determination: GOOD

C:\Programmi\Windows Media Player\WMPNetwk.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WMPNetworkSvc\ImagePath "C:\Programmi\Windows Media Player\WMPNetwk.exe"
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WMPNetworkSvc\ImagePath C:\Programmi\Windows Media Player\WMPNetwk.exe
PX5: AF2881470070FC5204AF0EFACB168500F7ECD6E8
MD5: f30dc8f80cf65a323e8b6a2db81561e3
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WudfPf\ImagePath system32\DRIVERS\WudfPf.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfPf\ImagePath C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Loaded from: FILE
PX5: 0CF32E7D00C942692FB1016FE6CD6B005D0F67E4
MD5: f15feafffbb3644ccc80c5da584e6311
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WudfRd\ImagePath system32\DRIVERS\wudfrd.sys
Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfRd\ImagePath C:\WINDOWS\system32\DRIVERS\wudfrd.sys
Loaded from: FILE
PX5: 938378B8001690D3445C01DE64563A001F0572DD
MD5: 28b524262bce6de1f7ef9f510ba3985b
Determination: GOOD

C:\WINDOWS\system32\userinit.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit C:\WINDOWS\system32\userinit.exe
PX5: 33A4BB2F001DA1EB620B00510674AE00F15A5361
MD5: c1e7fe19f98a877bf8f941bf48148695
Determination: GOOD

C:\WINDOWS\system32\logonui.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost logonui.exe
PX5: 6B3184960083D65DDE0B0761A134100078FE806C
MD5: 43bdf167ce792a5639d99ad7f1eabc1c
Determination: GOOD

C:\WINDOWS\system32\sysdm.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet rundll32 shell32,Control_RunDLL "sysdm.cpl"
PX5: 77D613BF00DD23AB9A92044AE70A3A00F8BE273E
MD5: ab25117d8498730753b25bf32d7836d6
Determination: GOOD

C:\WINDOWS\system32\rundll32.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet rundll32 shell32,Control_RunDLL "sysdm.cpl"
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Autoplay for SlideShow
PX5: 797CA9E8007174E38209003396ABA600D9E79205
MD5: f88cdb0ccc416b3778736be74cdebb94
Determination: GOOD

C:\WINDOWS\system32\autochk.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager\BootExecute autocheck
PX5: 38890F3300760B775A86096430A56A00DB68AE82
MD5: 779768a0a8091edb749dcb8fe60213e1
Determination: GOOD

C:\WINDOWS\system32\lsdelete.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager\BootExecute autocheck
PX5: 396D5CA1005ED7541EF2003B3C2E0700D100AD00
MD5: 33b97c883430c332c6dfae5d074bd755
Determination: GOOD

C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\KeyFileName C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll
PX5: 18FDF0650029FF2F9067038B74E5FB00E6236711
MD5: 1fc79cf17eca1f4e0fc784abb8d72c31
Determination: GOOD

C:\Programmi\Messenger\msmsgs.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\KeyFileName C:\Programmi\Messenger\msmsgs.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\Exec C:\Programmi\Messenger\msmsgs.exe
PX5: 937DB9BC008B29B4DA13198C306CAF00327E8384
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Determination: GOOD

C:\WINDOWS\system32\msieftp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}\KeyFileName C:\WINDOWS\system32\msieftp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63da6ec0-2e98-11cf-8d82-444553540000} FTP Folders Webview
PX5: 44133DFB00C5C1B9D64903B9EB9B6E00A95E5477
MD5: 9ba0424bf46a751e9f68829a9afbe680
Determination: GOOD

C:\WINDOWS\system32\ieudinit.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\StubPath C:\WINDOWS\system32\ieudinit.exe
PX5: 73CA61DA00728720360A0021165ED300383A334D
MD5: 324ecd19db11ebdba37e1f69d887b565
Determination: GOOD

C:\WINDOWS\inf\unregmp2.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath C:\WINDOWS\inf\unregmp2.exe /ShowWMP
PX5: 62D1ABBC006680A4DC3104F3FD5F6600BA9B55C1
MD5: 720fe9eddfa670d2bdf98c13aa6305af
Determination: GOOD

C:\WINDOWS\system32\ie4uinit.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\StubPath C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\StubPath C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
PX5: 4744B054003C4032144001425FEA5D00DFFD0625
MD5: 5082eb7cebc228028e5326d1cb05b925
Determination: GOOD

C:\WINDOWS\system32\IEDKCS32.DLL
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}\DllName iedkcs32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\DllName iedkcs32.dll
PX5: 9FB6E06100A76C9BDE4E054D2A167800B0FE311E
MD5: 78a279d37a53d5617e61f23aaff505d1
Determination: GOOD

C:\WINDOWS\system32\shmgrate.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\StubPath %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
PX5: 20602ECB00AD0F89A6D6007CC62E8E00FE74C13B
MD5: f8cbcdaa8c509f6a424834fe51956e21
Determination: GOOD

C:\WINDOWS\system32\regsvr32.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\StubPath %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\StubPath regsvr32.exe /s /n /i:U shell32.dll
PX5: 9F2DE48F0086912530FD001A3E083800D58E0872
MD5: da9623d7e0ca24dd3e08523287e05a4c
Determination: GOOD

C:\Programmi\Outlook Express\setup50.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\StubPath "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}\StubPath "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
PX5: 990052A900467F972069015D0AA93E00C6116D6B
MD5: 5565e7539564f955441de6fdcbe447a9
Determination: GOOD

C:\WINDOWS\system32\advpack.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
PX5: 3DF6892B001811DCE8EF01709A8D58000B11E7BD
MD5: 73aa55c0280088eecafe208cd0560a38
Determination: GOOD

C:\WINDOWS\system32\logon.scr
Loaded from: \REGISTRY\User\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE logon.scr
Loaded from: \REGISTRY\User\S-1-5-19\Control Panel\Desktop\SCRNSAVE.EXE %SystemRoot%\System32\logon.scr
Loaded from: \REGISTRY\User\S-1-5-20\Control Panel\Desktop\SCRNSAVE.EXE %SystemRoot%\System32\logon.scr
Loaded from: \REGISTRY\User\S-1-5-21-1220945662-1417001333-839522115-1004\Control Panel\Desktop\SCRNSAVE.EXE C:\WINDOWS\System32\logon.scr
Loaded from: \REGISTRY\User\S-1-5-18\Control Panel\Desktop\SCRNSAVE.EXE logon.scr
PX5: 509D0B6F00114C175E1803F3B4819D004996445C
MD5: 6fa8411d60c4faee5102eee1367ab34d
Determination: GOOD

C:\WINDOWS\system32\dskquota.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\DllName dskquota.dll
PX5: 67A29FF30003BFCF6E3801450DA1040095E8819B
MD5: 78b72d69ee065560a89b7ece65ed7e2c
Determination: GOOD

C:\WINDOWS\system32\sclgntfy.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\DllName sclgntfy.dll
PX5: 164435B300B5B4E0548400AA1F6E0800C2CDD06A
MD5: 5ff2551a3d740476f06b20f59cd7f0be
Determination: GOOD

C:\WINDOWS\system32\comm.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\comm.drv comm.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 0D8B262B3068553F296F004B25B4F300F3172575
MD5: 01b656374912d7ccf7465a3893f18982
Determination: GOOD

C:\WINDOWS\system32\vga.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\display.drv vga.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14
MD5: 9c86bbb80450af95b6a4ea8ebda93d76
Determination: GOOD

C:\WINDOWS\system32\mmsystem.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\drivers mmsystem.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: B7018ADE208113FC103101C8EB6DD700B1D99765
MD5: 7b3633a771ffad1cfb8d999fb5fc2687
Determination: GOOD

C:\WINDOWS\system32\keyboard.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\keyboard.drv keyboard.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14
MD5: ed4bf709aad8b665075de06a0945b030
Determination: GOOD

C:\WINDOWS\system32\mouse.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\mouse.drv mouse.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14
MD5: 7d29780ac88bb7292cdcff71ba67433d
Determination: GOOD

C:\WINDOWS\system32\wfwnet.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\network.drv wfwnet.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: E9641F0220200734353000D28FC59A003BEC664C
MD5: 5302ada9b0793c84151fc463dd65d7bf
Determination: GOOD

C:\WINDOWS\system32\progman.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\shell progman.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: C0D0815600445D69AC3B01B2DAB067005DE0E11A
MD5: df0960f73f899d517ffe5a96f8715e0e
Determination: GOOD

C:\WINDOWS\system32\sound.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\sound.drv sound.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: E70CAE91D00DCE52067C00647C846400B79BCD14
MD5: 028a1f74926dc3df2d9629edc9aebafb
Determination: GOOD

C:\WINDOWS\system32\system.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\system.drv system.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14
MD5: 4a00d59ae6d75bdfc2c8e5182c4b1376
Determination: GOOD

C:\WINDOWS\system32\ntvdm.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\cmdline %SystemRoot%\system32\ntvdm.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\wowcmdline %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
PX5: DFD881F400018F016A4F06473E7EAA001AE7779E
MD5: 0fea136cc628c6182e91598f7990229c
Determination: GOOD

C:\WINDOWS\system32\krnl386.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\wowcmdline %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
PX5: 01F6A66B6040DCB569EA013E85A2EE004745F621
MD5: 5400c4565b1b7f811b7010a92134476b
Determination: GOOD

C:\WINDOWS\system32\commdlg.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1
MD5: 282c6a1e0565458ce162c907a84043f4
Determination: GOOD

C:\WINDOWS\system32\ctl3dv2.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: C84734B440655DC66A4D00304EF8AC0014627D07
MD5: 637d88e7a1bedc4457c80dbc8ba9f135
Determination: GOOD

C:\WINDOWS\system32\ddeml.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C
MD5: bf6529de6619c4970e727f58e0ad48d1
Determination: GOOD

C:\WINDOWS\system32\lanman.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2
MD5: e9d142feaa02e867c8dcddfe84e29e20
Determination: GOOD

C:\WINDOWS\system32\netapi.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9
MD5: 0f4ad2e828a6cb0f100cb36f3ac6faee
Determination: GOOD

C:\WINDOWS\system32\olecli.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD
MD5: ca0305757c0648715f6d92ba0c43992f
Determination: GOOD

C:\WINDOWS\system32\olesvr.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F
MD5: 16bf834a84a7dc0d24edc8e924c90637
Determination: GOOD

C:\WINDOWS\system32\pmspl.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93
MD5: 57f8a50513e43aaf6a7b23389e389bbc
Determination: GOOD

C:\WINDOWS\system32\shell.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E
MD5: dc8a8c47542edd026ad8f4ac3d6c2292
Determination: GOOD

C:\WINDOWS\system32\toolhelp.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 87219368400265353643009B30E21C003936EBD7
MD5: c86363c599e5d6836c21a3a3fd21c388
Determination: GOOD

C:\WINDOWS\system32\win87em.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F
MD5: c980c971ad4ff3ca5cefdef40932d3a1
Determination: GOOD

C:\WINDOWS\system32\winoldap.mod
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: E19A53B2202676D208C7002132DA8800B79BCD14
MD5: 0ddfd6315da4b29d09d09b6873ea460b
Determination: GOOD

C:\WINDOWS\system32\winsock.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14
MD5: 68485c5ef0e2efcebf21bbb1042b823b
Determination: GOOD

C:\WINDOWS\system32\winspool.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: F5BB157440E5748C08D600021F9AD300B79BCD14
MD5: 0b4b94b78123e8035b84105bc024f9f8
Determination: GOOD

C:\WINDOWS\system32\wowdeb.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: C1613D5DB0A80A260ABB006471357400B79BCD14
MD5: a7b82d6b38a2acd3b2684e7371c6ce93
Determination: GOOD

C:\WINDOWS\system32\timer.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 01DC5380F09B29550F040024FDB8830045F6872C
MD5: 01dc53809b29550424fdb88345f6872c
Determination: GOOD

C:\WINDOWS\system32\compobj.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F
MD5: 40f9fc896b2ba69fdc04d75e9d00dd01
Determination: GOOD

C:\WINDOWS\system32\storage.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292
MD5: 3a5cd674ada85bcc1ff26b81b4cdefb5
Determination: GOOD

C:\WINDOWS\system32\ole2.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31
MD5: 145aa8ecf0526c093f71117c181694ab
Determination: GOOD

C:\WINDOWS\system32\ole2disp.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7
MD5: eb38be7d7cf9ec15442a9d24cb39a2ac
Determination: GOOD

C:\WINDOWS\system32\ole2nls.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 09B13294B021FA9E558F026E08072F00900228B5
MD5: 32cfcc848a57f87638e31e8735515f80
Determination: GOOD

C:\WINDOWS\system32\typelib.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: C0620321C004C14EB60D020DCCE16200701F9AEA
MD5: 7161255dfa81e67b66b746d2504d2f2b
Determination: GOOD

C:\WINDOWS\system32\msvideo.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3
MD5: 0fec57467004486cf202ed7bdfa5dcee
Determination: GOOD

C:\WINDOWS\system32\avifile.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 23078576D07C879BAB0E016052733100CC123BD6
MD5: 92fbb472d13a6cc283529301810922fb
Determination: GOOD

C:\WINDOWS\system32\msacm.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 9509859960B48961EF3C0048E192C7002EB67DBB
MD5: b3e0e6c925d333fdca47808ebf787cb2
Determination: GOOD

C:\WINDOWS\system32\mciavi.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8
MD5: e6a1bb6f039486bceb825b365aa5548d
Determination: GOOD

C:\WINDOWS\system32\mciseq.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 6F3561B8D089079262B000F61C353D001FC85F9C
MD5: 6f3561b8890792b0f61c353d1fc85f9c
Determination: GOOD

C:\WINDOWS\system32\mciwave.drv
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 2D1A8D9600222A826E980084C50D45003B805765
MD5: 2d1a8d96222a829884c50d453b805765
Determination: GOOD

C:\WINDOWS\system32\avicap.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8
MD5: 4a78d6c08d90bde538d5b538a082c1c9
Determination: GOOD

C:\WINDOWS\system32\mapi.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls comm.drv
PX5: 26070C10A0AAA3E5F53707B6FD82F000CE7ADC57
MD5: 7979e5e1a1febebe6478108c1691b3a9
Determination: GOOD

C:\WINDOWS\system32\ntsd.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\Debugger ntsd -d
PX5: 834FBBDD002D211C7C10004432E9BD00FC3D4F55
MD5: 3ecffb9259462acccaf0063841e85e9b
Determination: GOOD

C:\WINDOWS\system32\mmsys.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00022613-0000-0000-C000-000000000046} Propriet. dei file Multimedia
PX5: 22BCF726009533B384CD093581FB0B00BBF55E93
MD5: b9e3764a67f8d272e88a74e0bdfa1bd0
Determination: GOOD

C:\WINDOWS\system32\icmui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{176d6597-26d3-11d1-b350-080036a75b03} Gestore scanner ICM
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DB2625A-54DF-11D0-B6C4-0800091AA605} Gestore monitor ICM
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{675F097E-4C4D-11D0-B6C1-0800091AA605} Gestore stampante ICM
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DBCE2480-C732-101B-BE72-BA78E9AD5B27} Profilo ICC
PX5: 79852F4F004FA70AD8870036A8B3F300BFB6CC72
MD5: cc61775dd0099c04c1c464d2e838e0a3
Determination: GOOD

C:\WINDOWS\system32\rshx32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F2E5C40-9550-11CE-99D2-00AA006E086C} Pagina di protezione NTFS
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} Pagina di protezione della stampante
PX5: 8E3D69C300B1B3BBA05400C01998E00021B13B08
MD5: 96dbc8f1582fe95b299cd3d6cdba10a2
Determination: GOOD

C:\WINDOWS\system32\docprop.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3EA48300-8CF6-101B-84FB-666CCB9BCD32} Pagina di propriet. di Docfile OLE
PX5: 4D155A630014F006B8E7003E1F6CD600C0918C31
MD5: 33cf28feac3984edea3b8672a0d7f46a
Determination: GOOD

C:\WINDOWS\system32\deskadp.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071712-76d4-11d1-8b24-00a0c9068ff3} Estensione scheda video del Pannello di controllo
PX5: 1FEBC52C0075696A427B005EACC72200AF70D61C
MD5: 77dd733136353761750b2258ad368a7e
Determination: GOOD

C:\WINDOWS\system32\deskmon.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071713-76d4-11d1-8b24-00a0c9068ff3} Estensione monitor del Pannello di controllo
PX5: E6AC7E1B00B4347342D70033642CB1001FC78895
MD5: b4d9f35f49b9e5b03c45bebd96486fe4
Determination: GOOD

C:\WINDOWS\system32\dssec.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E40F770-369C-11d0-8922-00A024AB2DBB} Pagina di protezione DS
PX5: BF365090005B6ECFCC56008F370997000EDC51ED
MD5: fba19f60318c5e62cc531f7265e64899
Determination: GOOD

C:\WINDOWS\system32\SlayerXP.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Pagina compatibilit.
PX5: 071E70380069307964410011CDEF880004B79666
MD5: 92e3c0617dda6f19a7b0f680c94c9b6f
Determination: GOOD

C:\WINDOWS\system32\shscrap.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56117100-C0CD-101B-81E2-00AA004AE837} Gestore dati dei ritagli di shell
PX5: CEE438A6004ACC126CE400DA76EA3300F6FBD343
MD5: 886e25758e76f75b62955e031eaaa7e5
Determination: GOOD

C:\WINDOWS\system32\diskcopy.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59099400-57FF-11CE-BD94-0020AF85B590} Estensione copia dischi
PX5: 74FF218D0092AEB8EC3016F62F9A37009BC24342
MD5: 18ac1727a4fdd1012974ad76580d0c74
Determination: GOOD

C:\WINDOWS\system32\ntlanui2.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59be4990-f85c-11ce-aff7-00aa003ca9f6} Estensioni shell per oggetti Rete Microsoft Windows
PX5: 0FBD6225003D84B73AA5000A7557EF00532B5590
MD5: 75ac93bb0eda95a6b928c7949e60b98b
Determination: GOOD

C:\WINDOWS\system32\printui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77597368-7b15-11d0-a0c2-080036af3f03} Estensione shell per la stampante Web
PX5: CFC465B500331E10BE8C08062B62D70065070AFA
MD5: ca104d6e9428ba00346cd615a1ee2e31
Determination: GOOD

C:\WINDOWS\system32\dskquoui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7988B573-EC89-11cf-9C00-00AA00A14F56} Disk Quota UI
PX5: 22C011F30068927142C902641380E9009CE9DCD6
MD5: beca74d3e444b46fa22300b26a46b67d
Determination: GOOD

C:\WINDOWS\system32\syncui.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85BBD920-42A0-1069-A2E4-08002B30309D} Sincronia file
PX5: 32CB8DAC001BF20AF6D60250E1D558008C7994BA
MD5: ad552fcc0582ea9d1a8f7ab38fb53393
Determination: GOOD

C:\WINDOWS\system32\hticons.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8} Estensione di icona di HyperTerminal
PX5: FDDAAC340069DC70AEDE004813C9AE00464F204F
MD5: 487b70d88ae51825e90c98e067205e60
Determination: GOOD

C:\WINDOWS\system32\fontext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD84B380-8CA2-1069-AB1D-08000948F534} Tipi di carattere
PX5: A9B1E4F600762191E233053033E9D8001908E1DB
MD5: 71a69eee673b5d15ebc8479be12d65c7
Determination: GOOD

C:\WINDOWS\system32\deskperf.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f92e8c40-3d33-11d2-b1aa-080036a75b03} Display TroubleShoot CPL Extension
PX5: DEBA621400871F794A8D0005514927006E3B795A
MD5: 584dac27268a6a1892062380b1582494
Determination: GOOD

C:\WINDOWS\system32\cryptext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7444C717-39BF-11D1-8CD9-00C04FC29D45} Estensione Crypto PKO
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7444C719-39BF-11D1-8CD9-00C04FC29D45} Estensione firma crittografata
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu\(default) {7444C719-39BF-11D1-8CD9-00C04FC29D45}
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu\(default) {7444C719-39BF-11D1-8CD9-00C04FC29D45}
PX5: 144B846200DE013DD4E800E6AFBAF700F56839D9
MD5: d8340d897ad5cf76e359d3ebbabb5a03
Determination: GOOD

C:\WINDOWS\system32\wiashext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E211B736-43FD-11D1-9EFB-0000F8757FCD} Scanner e fotocamere digitali
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} Scanner e fotocamere digitali
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{905667aa-acd6-11d2-8080-00805f6596d2} Scanner e fotocamere digitali
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F953603-1008-4f6e-A73A-04AAC7A992F1} Scanner e fotocamere digitali
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83bbcbf3-b28a-4919-a5aa-73027445d672} Scanner e fotocamere digitali
PX5: C96A74CF00663EB10AB209D765C2F9007A08BE3F
MD5: c1f811f1edc12130f9842b93b588957f
Determination: GOOD

C:\WINDOWS\system32\remotepg.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0152790-D56E-4445-850E-4F3117DB740C} Remote Sessions CPL Extension
PX5: B276FC4B0072F7D1EE38004C043BDE00E8D7EAE4
MD5: 248afc0c31e60bbbfaceac5fd66b4f3d
Determination: GOOD

C:\WINDOWS\system32\wshext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60254CA5-953B-11CF-8C96-00AA00B8708C} Estensione shell per Windows Script Host
PX5: 66026A8D0045E4F800BE0104F649E900B9F8B8B3
MD5: 2a7ce0d301ed72a88b5ede591ac7c51a
Determination: GOOD

C:\Programmi\File comuni\System\Ole DB\oledb32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2206CDB2-19C1-11D1-89E0-00C04FD7A829} Microsoft Data Link
PX5: 722A7F0200065713701D079CB9F9D70095D47802
MD5: a2033e5a2b7fc1874cacd6d70a7a7095
Determination: GOOD

C:\WINDOWS\system32\mstask.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} Tasks Folder Icon Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} Tasks Folder Shell Extension
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} Operazioni pianificate
PX5: 28BAE091003DDB7248B2048CE9759F0060145387
MD5: ec25a03ff0624969d508c6f1e25cd664
Determination: GOOD

C:\WINDOWS\system32\wuaucpl.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F327514-6C5E-4d60-8F16-D07FA08A78ED} Auto Update Property Sheet Extension
PX5: DEC1D60858D0AD974D1603850E3A98002B746A2D
MD5: d7fa9a9750403cc68dc209cde7c50d7a
Determination: GOOD

C:\WINDOWS\system32\twext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{596AB062-B4D2-4215-9F74-E9109B0A8153} Pagina propriet. versioni precedenti
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DB7A13C-F208-4981-8353-73CC61AE2783} Versioni precedenti
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\(default)
Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\(default)
PX5: 83D6D2D5007A7A78AC5A00555BE37F0060757F73
MD5: 9c0305df90319693b0b8025976de5c66
Determination: GOOD

C:\WINDOWS\system32\shmedia.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} Audio Media Properties Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} Video Media Properties Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4B29F9D-D390-480b-92FD-7DDB47101D71} Wav Properties Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87D62D94-71B3-4b9a-9489-5FE6850DC73E} Avi Properties Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6FD9E45-6E44-43f9-8644-08598F5A74D9} Midi Properties Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{c5a40261-cd64-4ccf-84cb-c394da41d590} Video Thumbnail Extractor
PX5: 6F935BCA00698E3154450276A47BF4000FC59B48
MD5: bf30bb4d33afa9e7e33f82f7de84f18c
Determination: GOOD

C:\WINDOWS\system32\sendmail.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
PX5: 89815E52001B0148D88B0081AF133A006B487C42
MD5: 2e2cf126e0c68ee3954d4033035ca78e
Determination: GOOD

C:\WINDOWS\system32\occache.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88C6C381-2E85-11D0-94DE-444553540000} ActiveX Cache Folder
PX5: 78560C4700E08BC5906401C51FDA2F00A54AE2A0
MD5: a52b1ba902dd3e9a00d1b965a9708dc9
Determination: GOOD

C:\WINDOWS\system32\appwiz.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{352EC2B7-8B9A-11D1-B8AE-006008059382} Gestione applicazioni shell
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B124F8F-91F0-11D1-B8B5-006008059382} Enumeratore applicazioni installate
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFCCC7A0-A282-11D1-9082-006008059382} Darwin App Publisher
PX5: 7BF23A6100E0F96772F20888CE0D3F00288DF318
MD5: 5811931252689335b915135f40af5ef1
Determination: GOOD

C:\WINDOWS\system32\shimgvw.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e84fda7c-1d6a-45f6-b725-cb260c236066} Shell Image Verbs
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} Shell Image Data Factory
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F30C968-480A-4C6C-862D-EFC0897BB84B} GDI + programma di estrazione file in anteprima
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBD2C50-62AD-11d0-B806-00C04FD706EC} Summary Info Thumbnail handler (DOCFILES)
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAB841A0-9550-11cf-8C16-00805F1408F3} Programma di estrazione pagine HTML in anteprima
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} Shell Image Property Handler
PX5: BF42E4FC005BE16EB66806F7E01C32002F436309
MD5: 3528c993453ca6aec6ab684ff1189950
Determination: GOOD

C:\WINDOWS\system32\netplwiz.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC6EEFFB-43F6-46c5-9619-51D571967F7D} Pubblicazione guidata sul Web
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{add36aa8-751a-4579-a266-d66f5202ccbb} Ordinazione di stampe tramite Web
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6b33163c-76a5-4b6c-bf21-45de9cd503a1} Oggetto Pubblicazione guidata sul Web
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58f1f272-9240-4f51-b6d4-fd63d1618591} Creazione guidata profilo Passport
PX5: C0B90A180022DF616EE40D61CC92200055AE5438
MD5: 497a6c557821b002c784437591ff731b
Determination: GOOD

C:\WINDOWS\system32\zipfldr.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} Cartella compressa
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD472F60-27FA-11cf-B8B4-444553540000} Compressed (zipped) Folder Right Drag Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} Compressed (zipped) Folder SendTo Target
PX5: ED969ADB00D5666D2CF80569EB9E87007A803837
MD5: 84dc2b97ae10dea7b265a74971634131
Determination: GOOD

C:\WINDOWS\system32\extmgr.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{692F0339-CBAA-47e6-B5B5-3B84DB604E87} Extensions Manager Folder
PX5: 6C60122500BA5A5E06E202286D44CF00C34ACD81
MD5: 4baaaa6a1f6dd9f888b9a1bf47a74a1b
Determination: GOOD

C:\WINDOWS\system32\docprop2.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{883373C3-BF89-11D1-BE35-080036B11A03} Microsoft DocProp Shell Ext
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9CF0EAE-901A-4739-A481-E35B73E47F6D} Microsoft DocProp Inplace Edit Box Control
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8EE97210-FD1F-4B19-91DA-67914005F020} Microsoft DocProp Inplace ML Edit Box Control
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} Microsoft DocProp Inplace Droplist Combo Control
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A205B57-2567-4A2C-B881-F787FAB579A3} Microsoft DocProp Inplace Calendar Control
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} Microsoft DocProp Inplace Time Control
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\(default) Summary Properties Page
Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\(default) Summary Properties Page
PX5: BAD4E96E0064F346BC36008E2891DB0060D308D0
MD5: 886ba5db0a87b5a0d5f85c39424fc2ac
Determination: GOOD

C:\WINDOWS\system32\dsquery.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A23E65E-31C2-11d0-891C-00A024AB2DBB} Directory Query UI
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} Shell properties for a DS object
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} Directory Object Find
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F020E586-5264-11d1-A532-0000F8757D7E} Directory Start/Search Find
PX5: 97CEB5F9000C9E25AA2703A3E1CE88000E6ADB1E
MD5: 3241be7fa4e0191ae13d80b605ac980e
Determination: GOOD

C:\WINDOWS\system32\dsuiext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D45D530-764B-11d0-A1CA-00AA00C16E65} Directory Property UI
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62AE1F9A-126A-11D0-A14B-0800361B1103} Directory Context Menu Verbs
PX5: 6A192EC500170EFDBCEB0145A96D9300BCCCF2CE
MD5: ca33e221efa6c8bc9081f62fb81c4f46
Determination: GOOD

C:\WINDOWS\msagent\agentpsh.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{143A62C8-C33B-11D1-84FE-00C04FA34A14} Microsoft Agent Character Property Sheet Handler
PX5: 7469413C00931FFF5E8700E559045400C1A9DC6C
MD5: 43e7c7538d4fd053d19758dd758a2842
Determination: GOOD

C:\WINDOWS\system32\dfsshlex.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} DfsShell
PX5: C56F8BCC000B5CE570B200C57894E100F757413D
MD5: 41f6a64eb0d0c8b6fdff7c376f4cec17
Determination: GOOD

C:\WINDOWS\system32\photowiz.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60fd46de-f830-4894-a628-6fa81bc0190d} %DESC_PublishDropTarget%
PX5: B7418C4500E88487A00C02F731B52500E7F273D2
MD5: 06cfb5ce176f60aa715635a291960acc
Determination: GOOD

C:\WINDOWS\System32\mmcshext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A80E4A8-8005-11D2-BCF8-00C04F72C717} MMC Icon Handler
PX5: 8A0ADE010092153AC6C80087DEA97400BEB13B83
MD5: d1c8ed56d0db39e432eddc5bfca6dbe5
Determination: GOOD

C:\WINDOWS\system32\cabview.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} .CAB file viewer
PX5: 3D37E41700A8F7F74C2701763FA52300CB1B48CD
MD5: b6bf125d2c37cd7df340b255a07134e8
Determination: GOOD

C:\Programmi\Outlook Express\wabfind.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32714800-2E5F-11d0-8B85-00AA0044F941} &Contatti...
PX5: 4FBC213F00A9A845805300462EEB2700C79BF84F
MD5: 64ecedd4e261443874cad4d66fe9fe44
Determination: GOOD

C:\WINDOWS\system32\wmpshell.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8DD448E6-C188-4aed-AF92-44956194EB1F} Windows Media Player Burn Audio CD Context Menu Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} Windows Media Player Play as Playlist Context Menu Handler
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} Windows Media Player Add to Playlist Context Menu Handler
PX5: A257F2F40064E0C786EE01FC6369D9002CF4EA3F
MD5: 7f36e513a02d1ae1a1cea84014775a14
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} Cartelle Web
PX5: CFF3A8E900F0931C20561499EDC2B000C723D664
MD5: 77264964a2b836234341006159fe89a3
Determination: GOOD

C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0006F045-0000-0000-C000-000000000046} Microsoft Outlook Custom Icon Handler
PX5: B7C4D8B0B0FB43B0D522009AFBB78800355E8257
MD5: 4a3438efcf533b29445945b7b2551b20
Determination: GOOD

C:\WINDOWS\system32\Audiodev.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{640167b4-59b0-47a6-b335-a6b3c0695aea} Portable Media Devices
PX5: 4BE217500087C5F13A360430E7958900806DA483
MD5: 4c48f1b30a82583caee0da02dd7259ee
Determination: GOOD

C:\WINDOWS\system32\wpdshext.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35786D3C-B075-49b9-88DD-029876E11C01} Portable Devices
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} Portable Devices Menu
PX5: 260936F700D6CD55B83A276215529800C0FDB145
MD5: 81d2a27c916c7830743e4afa454099f7
Determination: GOOD

C:\WINDOWS\system32\msapsspc.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders msapsspc.dll
PX5: 8C479BBA0065475850000105207F00002CA02E51
MD5: 9b6e96f4ec4104bcb180c5bea2787b3f
Determination: GOOD

C:\WINDOWS\system32\digest.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders msapsspc.dll
PX5: 2283761F0087EB020C9B01CC3CCBC600B4AB6B96
MD5: 9b4cd31081f2ce1d69d2580d015c82ea
Determination: GOOD

C:\WINDOWS\system32\msnsspc.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders msapsspc.dll
PX5: 5FC3C3D6008FE4D0702D042D3521CB003038EB19
MD5: a99939bae7757437683f4d6b1021a499
Determination: GOOD

C:\Programmi\Adobe\Reader 8.0\Reader\pdfprevhndlrshim.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\{49400A7C-81A8-4F52-8CCE-D54739EE87EC} Adobe PDF Preview Handler
PX5: 623D7460882DBAFD90910060B8205E0036350873
MD5: 54caaebac648af1ba1f943046a824356
Determination: GOOD

C:\Programmi\Adobe\Reader 8.0\Reader\pdfprevhndlr.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\{DC6EFB56-9CFA-464D-8880-44885D7DC193} Adobe PDF Preview Handler for Vista
PX5: 3BD592F470063CF846ED01556DDA8700DCEF7EC5
MD5: ea24a77157a310f434144a9d71ba05aa
Determination: GOOD

C:\WINDOWS\Resources\themes\Luna\Luna.msstyles
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Themes\InstallVisualStyle %SystemRoot%\Resources\themes\Luna\Luna.msstyles
PX5: D4AC08E190E1815FF0763FFB772E82003759142D
Determination: GOOD

C:\WINDOWS\system32\rdpclip.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms rdpclip
PX5: 3129DB34009CADCFF4300018D68AB90013FA4372
MD5: 456e33d8a5b34b0b9b5de1270e13c7a3
Determination: GOOD

C:\WINDOWS\system32\rdpwsx.dll
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\WsxDll rdpwsx
PX5: 2D4F90888862EA65546401DF11DAFF009FB4CACF
MD5: 98b543037e34c640622fa61e895326c4
Determination: GOOD

C:\WINDOWS\system32\RDPCFGEX.DLL
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\CfgDll RDPCFGEX.DLL
PX5: 648184F200AE0568123C00C1F661D900A8042FB8
MD5: 0f6f4433f47441c14f17d5348cf609b0
Determination: GOOD

C:\WINDOWS\system32\rdpsnd.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\wave rdpsnd.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\mixer rdpsnd.dll
PX5: 34FBA65500CFB6AF4EE7003742BB470065937B12
MD5: 1c5c414cc29d507b89e355e1733a7491
Determination: GOOD

C:\WINDOWS\system32\imaadp32.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm imaadp32.acm
PX5: 528D926A00EB3B4A408A0067B777E0007219DE4B
MD5: 316f81b3ec381c1c76e07ca43fc12bfc
Determination: GOOD

C:\WINDOWS\system32\msg711.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711 msg711.acm
PX5: 98836843004ECD5624170012D62AF300ADA7FDE1
MD5: d609edecb9692217bca166c09a8aa6d0
Determination: GOOD

C:\WINDOWS\system32\msgsm32.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610 msgsm32.acm
PX5: 7715C6930008610D4E5300A5AC1D5400348AB758
MD5: dbb6c6dba7c404bf266e064889c45907
Determination: GOOD

C:\WINDOWS\system32\tssoft32.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch tssoft32.acm
PX5: 9DB260C30072F5C620530046E6B0DC000EF1898D
MD5: 49445261ffaab7f8b915c4d3041aa7f4
Determination: GOOD

C:\WINDOWS\system32\iccvid.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.cvid iccvid.dll
PX5: 0CEE20B80002FE623A80014E667E0900EDC97E34
MD5: be4de2539b3db9d31d75fe0d323c52ee
Determination: GOOD

C:\WINDOWS\system32\msh263.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.I420 msh263.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M263 msh263.drv
PX5: D1EBECF00092F1C390AB04548720B200A8771D55
MD5: b2e67e6045966c14a746627dccf3f67d
Determination: GOOD

C:\WINDOWS\system32\ir32_32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv31 ir32_32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv32 ir32_32.dll
PX5: 48C6FD2800CF7D770AB40340E9EE0B00336C0935
MD5: cde3aeaeeff57dbb43133f46e96ad8c5
Determination: GOOD

C:\WINDOWS\system32\ir41_32.ax
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv41 ir41_32.ax
PX5: 88C1844600D60C2BF2960C06110E8900D716354E
MD5: 757c7944eb0d518020bb59a1a3ae9826
Determination: GOOD

C:\WINDOWS\system32\iyuv_32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iyuv iyuv_32.dll
PX5: 8D2F485A000F6953BA8B00EF89F3AE0028DCEE98
MD5: 193315b73270bad33a3c2f527c8380f6
Determination: GOOD

C:\WINDOWS\system32\msrle32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mrle msrle32.dll
PX5: 6AD29AC5008293D12C2D00B216F74700B26503F0
MD5: 7b999ca58c6276d885f17abc73982009
Determination: GOOD

C:\WINDOWS\system32\msvidc32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.msvc msvidc32.dll
PX5: CE4E524C0073A8EC64FF00E1300C68000D8D97A8
MD5: d648edba85278839e30979ce627e5c81
Determination: GOOD

C:\WINDOWS\system32\msyuv.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.uyvy msyuv.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yuy2 msyuv.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvyu msyuv.dll
PX5: 92EC75E800DB9BE5440C000A47ABC3009642377A
MD5: b35e1e08bf94e68daf5d9f52485ea368
Determination: GOOD

C:\WINDOWS\system32\tsbyuv.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvu9 tsbyuv.dll
PX5: 86646A040019522320A100B4BB4D900094B11477
MD5: a892ec07dffc3d8bf879102982f08721
Determination: GOOD

C:\WINDOWS\system32\msg723.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723 msg723.acm
PX5: 11020CC8008FB79ED00601EAD6C03900AA679A83
MD5: d53bde174ad076ae58c8245a524cfb85
Determination: GOOD

C:\WINDOWS\system32\msh261.drv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M261 msh261.drv
PX5: A41AA5420008DA3EF0B402388EE55600B25D24F8
MD5: 35f5338123495c871c4c7cc9fce784f6
Determination: GOOD

C:\WINDOWS\system32\msaud32.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1 msaud32.acm
PX5: C38F33CC0026C9E080B10460DFC46F004CE633B9
MD5: 9efca60a4bdcf77fc5e2337e3ab61b1e
Determination: GOOD

C:\WINDOWS\system32\sl_anet.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet sl_anet.acm
PX5: 3DA8D952002B67BF508D01A57E615F00B2B2EA92
MD5: c2e1907dde505f02585e7c85f927333a
Determination: GOOD

C:\WINDOWS\system32\iac25_32.ax
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2 C:\WINDOWS\system32\iac25_32.ax
PX5: D062C8E7003B5A390C1703C014BB9700CE1BED53
MD5: 60b88c336ef385eb0ed77b73852712f3
Determination: GOOD

C:\WINDOWS\system32\ir50_32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv50 ir50_32.dll
PX5: 8FA030FE0030B5D3865F0B4087D0420068F6854C
MD5: b11fb596034932dc55a7638911f482c2
Determination: GOOD

C:\WINDOWS\system32\l3codeca.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm C:\WINDOWS\system32\l3codeca.acm
PX5: 29088BE70099BF88700A0426A3266D008E350E66
MD5: 4b4fd61ebb404842eb5823a50a3a58a9
Determination: GOOD

C:\WINDOWS\system32\mpg4c32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.MPG4 mpg4c32.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.MP42 mpg4c32.dll
PX5: 9EEA4E7700E5529D8682067E5AD5E300A3EF639A
MD5: 83e27675bda528960ae960b43592c129
Determination: GOOD

C:\WINDOWS\system32\ACDV.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.ACDV ACDV.dll
PX5: E29AF12500B660829025079BC4645D00C2F14B89
MD5: 6d50dc3cf49c125be1db4b87a6cbae2b
Determination: GOOD

C:\WINDOWS\system32\divx.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.DIVX divx.dll
PX5: 724935205A81D9D34CF60B56A8915100614C1406
MD5: cf27f9f4c488b9628080e0fc47f77f79
Determination: GOOD

C:\WINDOWS\system32\xvidvfw.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.XVID xvidvfw.dll
PX5: DEB4648B0030C460C01602180AE02B0096CE9FD8
MD5: 00084dd7a6eb6d0c1dfd15c6e03997b5
Determination: GOOD

C:\WINDOWS\system32\yv12vfw.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yv12 yv12vfw.dll
PX5: 4BDE05EB00E04C7D50930332D627F80049105AE8
MD5: dd602c1fba3a3e962627569c9e10af7c
Determination: GOOD

C:\WINDOWS\system32\ac3filter.acm
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.ac3filter ac3filter.acm
PX5: C1243646000641F1D093054ABEEA6D006F456C0B
MD5: e3b1c7113532c820ff3da17131d4cfe4
Determination: GOOD

C:\WINDOWS\system32\ff_vfw.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.FFDS ff_vfw.dll
PX5: 2A9E326B003348512AD500C4E6BC4A00AF675498
MD5: e23405e5e648c8beaaf4dbc14f789a31
Determination: GOOD

C:\WINDOWS\system32\cmd.exe
Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SafeBoot\AlternateShell cmd.exe
PX5: 174F65020044C14C121406F23AA7F300C65DE81F
MD5: 94744851b6a9bdcefcd26cc61a6afd12
Determination: GOOD

C:\WINDOWS\system32\ipxrip.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXRIP\DllName ipxrip.dll
PX5: 859821B9009D40A9548200AD83A363008B36EF0D
MD5: 2dac54a61b837fac36ffd92b7e39b3ff
Determination: GOOD

C:\WINDOWS\system32\ipxsap.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXSAP\DllName ipxsap.dll
PX5: 85797B9500D099280499015DBB948C00AAAAF548
MD5: 3eea6d343b3d6fcf500db1837c07df06
Determination: GOOD

C:\WINDOWS\System32\iprtrmgr.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DllPath %SystemRoot%\System32\iprtrmgr.dll
PX5: D40494A6008ED12A98FE023AAD1857000DD8C7B5
MD5: 30584106b1e3c4f836d35c92ba38b184
Determination: GOOD

C:\WINDOWS\System32\ipxrtmgr.dll
Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\DllPath %SystemRoot%\System32\ipxrtmgr.dll
PX5: 4718448E00AA1CC09C1B00C6E262700012078A35
MD5: 7ff943a30ba413c3f43e8441a28b7aa7
Determination: GOOD

C:\WINDOWS\system32\Firewall.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\Internet Connection Firewall Firewall.cpl
PX5: C6AD4E5900619E5B3AA801566FFF65004318E0B5
MD5: 486c95d7867757ef75946cdc7fa547dd
Determination: GOOD

C:\WINDOWS\system32\NetSetup.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\NetSetupWizard NetSetup.cpl
PX5: 1727E2B500CA6EDF648A0091303FF7003D7EE312
MD5: 6c00e8b5734cd98456e36a1919393597
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\Speech C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl
PX5: 4B95DF2F0028608F7026024663B5470081E40772
MD5: b281e4e0c7de6016f067191aa0b10047
Determination: GOOD

C:\Programmi\digicomt\Michelangelo USB ADSL\CnxAdslC.cpl
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\CnxAdslC.cpl %ProgramFiles%\digicomt\Michelangelo USB ADSL\CnxAdslC.cpl
PX5: 859E11490099BEBF50AD10F0ACFCF100C7E50483
MD5: 9a871c00425a3287a158f33ddf607d68
Determination: GOOD

C:\WINDOWS\system32\Magnify.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier\Application path Magnify.exe
PX5: 8FD0DD1200F1CC211E520147693D72005CC20F83
MD5: b8485b1b335c0c00397dd7abc041475d
Determination: GOOD

C:\WINDOWS\system32\osk.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard\Application path osk.exe
PX5: 865A974F008F100B4EF6035F16FFB2007D13E899
MD5: 7d5b9dd2d397e5d323c5de2d0b4caeb6
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\GIFIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\GIF\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\GIFIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\GIF\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\GIFIMP32.FLT
PX5: 993BB4A800FF3CBA00C20440406ACE009AA5D495
MD5: bdb9d3ab59c17cbb9440768e5d8b4564
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\JPEGIM32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\JPEG\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\JPEGIM32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\JPEG\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\JPEGIM32.FLT
PX5: 61599D610092525FD02503FCE55931004C828E52
MD5: cdc50376ce04cdaa17b339e0e4946cb8
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\PNG32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\PNG\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PNG32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PNG\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PNG32.FLT
PX5: 1DF13743009E7BB4C02603E788DBE0007E64B0D6
MD5: 9c776e425d136ca08994695cafdfe825
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\TIFFIM32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\TIFF\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\TIFFIM32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\TIFF\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\TIFFIM32.FLT
PX5: 6A65288600710C5E10250304BA3E68002583ACD3
MD5: 6f2343f8e2b4f8f3561dc9d4d8453274
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\WPGEXP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\WPG\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\WPGEXP32.FLT
PX5: AD28D8EA00A2E2DE50320171DF11DA000A8ED846
MD5: 7030ba21d3434fb92c2b72b0a0e17655
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\BMPIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\BMP\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\BMPIMP32.FLT
PX5: 93747641008297F45017019294DF89004BA0EA98
MD5: 3e747480aa108b914826e258d6f1addf
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\CDRIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CDR\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\CDRIMP32.FLT
PX5: AF8081000041B2D6C0750AEF28FC600065C7015F
MD5: 352733377ffa81c7961e465a9d52f838
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\CGMIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\CGM\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\CGMIMP32.FLT
PX5: 1C973A2300A46A1C60810661ECDD4000B5833085
MD5: a6079566e62bf63cbd8c502901321d20
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\EPSIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\EPS\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\EPSIMP32.FLT
PX5: 4F91CDDE00E688FBD01F0AD63A234A00A6598AEB
MD5: c257a8c4efb10aa4256abcdc4f3e8f2b
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\FPX32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\FPX\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\FPX32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\MIX\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\FPX32.FLT
PX5: C5889C0C0054E9ECC0AF17A09E00EE00C55F9AFC
MD5: 9a2a02a92b25ebfe8e9c3ae55783ca56
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\PCDIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PCD\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PCDIMP32.FLT
PX5: 6D990415003226DC90300150E1672E0019EC75D1
MD5: 2da296ee2e638ef5452facff15168944
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\PCXIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PCX\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PCXIMP32.FLT
PX5: 786B79BE0043616D4033013060AF85003F0FC68D
MD5: 17f65b900afecb480b0a5cbc240c9600
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\PICTIM32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PICT\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\PICTIM32.FLT
PX5: 21A9ECD100C714F3F03501E6382101000C61A2E4
MD5: 49a69036a2933e799477101f1f21782b
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\WMFIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\WMF\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\WMFIMP32.FLT
PX5: 971F6A2B00A27CEF908B002DDDE82A00B908A952
MD5: 23f7f256d7e0b9e3f79e0849e8d7ade5
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Grphflt\WPGIMP32.FLT
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\WPG\Path C:\PROGRA~1\FILECO~1\MICROS~1\Grphflt\WPGIMP32.FLT
PX5: 71A90DB500F4B10C80DB02C4B2ED030039CCE1A1
MD5: 2be99e2b6d4c6a4485bf64329101f845
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\ieinfo5\(default) C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx
PX5: D9CCCE7600AE330472C5014263EDAE006E08A176
MD5: 7cfdd7f54c64bff62f64665a7e567896
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSIOFF10.OCX
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\msioff10\(default) C:\PROGRA~1\FILECO~1\MICROS~1\Msinfo\MSIOFF10.OCX
PX5: 594282EE0058D082A094069985DDC9007700217D
MD5: b006a57bb3a559fb47e60586921efa5d
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Path C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Path C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe
PX5: DCC20BBB0036A3BB9EFA00953DF8F200E6CDE36A
MD5: 12644a48270558aec35230e476534f48
Determination: GOOD

C:\Programmi\Microsoft Office\Office10\MSQRY32.EXE
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSQuery\Path C:\PROGRA~1\MICROS~2\Office10\MSQRY32.EXE
PX5: 824F331BA0A83A44454B0B458613BC00D1271B54
MD5: bb4c7db40472d0e2cbe11b49336920f7
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\HTML\Path C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\HTML\Path C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv
PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF
MD5: 20b2a413befa1b0d309416bf8228dc95
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WRD6EX32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWord6Exp\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WRD6EX32.CNV
PX5: 9EF728AE00C58DD2B08410F920658800EA5D0276
MD5: 15b06591adf703ff0c85bedd1f6fd8bd
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WRD6ER32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWord6RTFExp\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WRD6ER32.CNV
PX5: C22C201100EFB7579AD700F939686B00B4A10B83
MD5: b476c81d6b87f64cb4877f03a2058d65
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\MACWRD32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordMac4\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordMac5\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordMac51\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordMac\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MACWRD32.CNV
PX5: 87D8F47F00C3BB7728E003635229F400D4781807
MD5: 723528d02d16c0cefc3bb60c4426da64
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WNWRD232.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWordWin2\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WNWRD232.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordWin2\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WNWRD232.CNV
PX5: 2BDF980F00193A16302F03FA6F2D9900E57E9ED2
MD5: dfb89304b96e3bb021de8a6686c9ffb7
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WORKS432.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWorksWin4\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WORKS432.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWorksWin4\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WORKS432.CNV
PX5: 6FFFA7710000B9E8201804DD699F370088265D70
MD5: 42ccb9262723652deed0bf389c808c49
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WORKS532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWorksWin5\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WORKS532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWorksWin5\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WORKS532.CNV
PX5: 4981BE5640FD4C23D0A000D8B66B290098B37F7B
MD5: 92088fcf40081530e8162be89c29750d
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDat\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDat50\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDOS50\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctDOS51\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\WrdPrfctWin\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WrdPrfctDos\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT532.CNV
PX5: 70AFF0680003DB938A0905DC950C11003475EC65
MD5: 12200bc8c018f927bf434592c319918c
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\LOTUS32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Lotus123\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\LOTUS32.CNV
PX5: 9E6FBAEB007F0979C8A60102158E26004800BC2C
MD5: 2c0ea238b6254d8dc507f0623c4e7a6c
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\EXCEL32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSBiff\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\EXCEL32.CNV
PX5: 704A8728007B1BFD60FA029E8725FD00F40319BC
MD5: b4d026a85b418baf7733421f565fa378
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWinWrite.wpc\Path C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc
PX5: 71A6A3C449C4AC08B01A01656F55D100B9B2E691
MD5: afd63ca25e43793fd7c42c5f74961559
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\MSWRD632.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MSWRD632.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWordJ6\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MSWRD632.CNV
PX5: 417C23C900BA5AE0485702F2E91DAA00C9EA8DFC
MD5: 5724a6002efe616a882ed4e63e88bb40
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc\Path C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc
PX5: 255241CE4A8E0D0D40E903D813E15E00D95525A3
MD5: da91b90d37135534d061b7e3480fc11c
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd832.cnv
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord8\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\MSWRD832.CNV
PX5: E4DB25CE10AF0B4B41E904034C3FBD003A7F764C
MD5: 40a28e9cc57f760a213a71fce642cedd
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\RECOVR32.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Recover\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\RECOVR32.CNV
PX5: 57E4029000E09B18F49B0082C5DE430039E0386C
MD5: b975f36cb222ed7e6106c6e3c0e42ce6
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WPFT632.CNV
Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\WordPerfect6x\Path C:\PROGRA~1\FILECO~1\MICROS~1\TextConv\WPFT632.CNV
PX5: 412C671900DFF5F068FC04E6DC6B6D002FAD07F5
MD5: 91f3540765a68c917473dce842f0049f
Determination: GOOD

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\Exec %windir%\Network Diagnostic\xpnetdiag.exe
PX5: 6E52CD7800F62BCA82480884AE41CB00F32ECB92
MD5: cebed017c4965fc4407ccd986ae0a528
Determination: GOOD

C:\Programmi\Microsoft Office\Office10\OSA.EXE
Loaded from: FILE
PX5: 8210284EA0B722E4453301D7A215060004970604
MD5: 5bc65464354a9fd3beaa28e18839734a
Determination: GOOD

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\msupd97861.exe
Loaded from: FILE
PX5: 2259CF0E00046ED9529E00964941B90053F8D9DA
MD5: 87505a29911355b6ca19e6e7a771c25d
Determination: BAD
Malware Group: TROJAN.AGENT.GEN

C:\WINDOWS\system32\ActiveSkin.ocx
Loaded from: FILE
PX5: A9783B690032B177C4AF03D86ADC2A00A3D8FB3A
MD5: 877955ec5ffa130e6552396e2c7c4ade
Determination: GOOD

C:\WINDOWS\system32\advpack.dll.mui
Loaded from: FILE
PX5: 5A12196A005E7A2E30A3009A60D51200ACCB3580
MD5: 9ce8525c1766082857d3acb9f01573b2
Determination: GOOD

C:\WINDOWS\system32\Digita.sys
Loaded from: FILE
PX5: 137A9E8120EF42BD1AC900F6CC84690040265C7B
MD5: 81a3cff05560c1be2789b1f7bdd66b53
Determination: GOOD

C:\WINDOWS\system32\dsqueryh.dll
Loaded from: FILE
PX5: 4BF7A2BA00E85BB04C0801E236B7E500F05919B6
MD5: f0ac00763b5dd64188e19f79c9ae85e2
Determination: BAD
Malware Group: Generic.Malware

C:\WINDOWS\system32\ieframe.dll.mui
Loaded from: FILE
PX5: 7CFF633600E0BA21C0580FB2DDEACF0049B43F2E
MD5: 5198ffae588eaa2e66519325a821136a
Determination: GOOD

C:\WINDOWS\system32\MFC71.dll
Loaded from: FILE
PX5: 6CC9C2640078308D309410C7EE8D9E0004FCAA75
MD5: f35a584e947a5b401feb0fe01db4a0d7
Determination: GOOD

C:\WINDOWS\system32\MRT.exe
Loaded from: FILE
PX5: 45AA98D878B2B6E11A5E1DD1B1511B01FF629C53
Determination: GOOD

C:\WINDOWS\system32\watchdog.sys
Loaded from: FILE
PX5: A5490EC7005C2AF84570001E79455E0011553B7B
MD5: c9bf2f12c4e6c12f8a85fba4b6bc6208
Determination: GOOD

C:\WINDOWS\system32\win32k.sys
Loaded from: FILE
PX5: AF40E9838058D78E21CB1CA553259300AEAD9216
MD5: 6afde6c2294db179a558377f9eb5a0f7
Determination: GOOD

C:\WINDOWS\system32\wuapi.dll.mui
Loaded from: FILE
PX5: 92E0CC095853C0C1753300650DDDAD00C0399BC2
MD5: b7b1ebd53c9e861db7a8ab7d13d8e1d8
Determination: GOOD

C:\WINDOWS\system32\wuaucpl.cpl.mui
Loaded from: FILE
PX5: FD92C06C58084CD4759C00E6600FAC0065A26BA6
MD5: 5271dcc72118b26619d1f8f4b3372a06
Determination: GOOD

C:\WINDOWS\system32\wuaueng.dll.mui
Loaded from: FILE
PX5: 8F87ECF5583D62C253DE00AB7F3D51002C1F4DC0
MD5: a9875e8f8a1852e0e325a02ce421ed36
Determination: GOOD

C:\WINDOWS\system32\wucltui.dll.mui
Loaded from: FILE
PX5: 70241DA158CC4AF1959400D2361A37006066AE07
MD5: 7a5740c5a55447e88a760322334244d5
Determination: GOOD

C:\UNWISE.EXE
Loaded from: FILE
PX5: 8730CAEA004CD65F7AF502198F79210037A1E134
MD5: 3a938ed2427df10e571041069e6980cb
Determination: GOOD

C:\WINDOWS\gmer.dll
Loaded from: FILE
PX5: F0C918D83FF21742F072081E53B72400AB278D28
MD5: 53e4edef3f73670fbd693e7d727d5519
Determination: GOOD

C:\WINDOWS\gmer.exe
Loaded from: FILE
PX5: 72FF4713003F55FAE08E0806436EB300BA0F5943
MD5: 6dd2d8708876be4e76c04567af1b2cef
Determination: GOOD

C:\WINDOWS\QTFont.for
Loaded from: FILE
PX5: E1034D75817709F3057F002D1EBD9600D5EAD02B
MD5: e1034d757709f37f2d1ebd96d5ead02b
Determination: GOOD

C:\WINDOWS\SiSport.sys
Loaded from: FILE
PX5: 52522D22FF88387C0D60008A66E53100B79BCD14
MD5: 5b031f8c9d9afb54d9e8147cebe5f4ae
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temporary Internet Files\Content.IE5\W8F3KNJ7\a2FreeSetup[1].exe
Loaded from: FILE
PX5: 14A6205A604CA60575654449C763F101106EC42F
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\abc123.pid
Loaded from: FILE
PX5: 8B96F25B04A4BB3100C000D0FC6EFA00CC3D4322

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\ABDComponents.dll
Loaded from: FILE
PX5: 289968B600C0B7B910D7045307E5DC00AED6D5EB
MD5: f84c80f936c82bde9603cfc3b1bf203d
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\BarControl.dll
Loaded from: FILE
PX5: 96618E74008731B770FC012138E9AE0072E89FE9
MD5: 63638cec4b1b06b2bbe7cabf8c22a5e7
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\FFTB-REAL_signed.exe
Loaded from: FILE
PX5: 862F9D13B87224A3D9D16828D26F9500F2B8AE0F
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\fftbapi.dll
Loaded from: FILE
PX5: 67B3C02F00485D1CC6720096451722009B818CF1
MD5: d8f5a0d6574d6dd2a68047aa17e2ca57
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\GDSSetup.exe
Loaded from: FILE
PX5: B69BD09F68B3494656940B515709410001BFB5DB
MD5: 76603d37a604c05782a22815b2ccc6f9
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\GLB6.tmp
Loaded from: FILE
PX5: 7242C3420078678818750111D50F830009F36A96
MD5: 1af0911ad0d6b8ebc4bd0465fd0433de
Determination: SUSPICIOUS

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\GoogleInstApp.exe
Loaded from: FILE
PX5: 4461BCB2204923351548244E79865300357D6B8D
MD5: a495a92bedcb5c949dca9e71cf0efcd1
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\GoogleToolbar.dll
Loaded from: FILE
PX5: F44A29C200C1FD5260B90B192D4A0A00C5650D42
MD5: 4f08c21bfb6b0480c8bcdb9d3611ff6e
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\Twain001.Mtx
Loaded from: FILE
PX5: B90AB276037B7576000B0039AA44E10003647DF7

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\yintl_detect.exe
Loaded from: FILE
PX5: F763193D70FB504FB1DE00AF99CF1600F4445F5A
MD5: 5de19c6b7d1e8aa897f47e197390072e
Determination: GOOD

C:\Documents and Settings\Morreale\Impostazioni locali\Temp\zjxgnkpu.ini
Loaded from: FILE
PX5: 677B2C6104BA00E800DF002A76A94100C7E48CB2

C:\WINDOWS\Temp\alcxwdm.sys
Loaded from: FILE
PX5: 96CE996D4017673B0F2F2306CB2A3D00113F2087
MD5: 933933288df5ed26d1928215c97d05c7
Determination: GOOD

C:\WINDOWS\system32\drivers\acpiec.sys
Loaded from: FILE
PX5: F21BE3DC800E8A0A2F3C009238A73C008905B399
MD5: 49ac5cd87fbdda62f3e25190019e7627
Determination: GOOD

C:\WINDOWS\system32\drivers\amdk6.sys
Loaded from: FILE
PX5: 4242D904806C60F8A08300740C09B400A99A704A
MD5: 03bbca770830a6ffc5a57b697d150f2f
Determination: GOOD

C:\WINDOWS\system32\drivers\amdk7.sys
Loaded from: FILE
PX5: EABF85AE00CF7D2BA2F600B95331A000E92CF98B
MD5: a4ff6cfcd83941b3628779cb32959c2b
Determination: GOOD

C:\WINDOWS\system32\drivers\arp1394.sys
Loaded from: FILE
PX5: E79B803D809043E9ED9C00655C5EAE00E1E46E49
MD5: f0d692b0bffb46e30eb3cea168bbc49f
Determination: GOOD

C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
Loaded from: FILE
PX5: A73AAFA5C01706ED1657005184698A000DFF3991
MD5: de91d0d73c3e61e6826d98fac2fac729
Determination: GOOD

C:\WINDOWS\system32\drivers\atmepvc.sys
Loaded from: FILE
PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B
MD5: 39a0a59180f19946374275745b21aeba
Determination: GOOD

C:\WINDOWS\system32\drivers\atmlane.sys
Loaded from: FILE
PX5: 823332B380717184DAFD00B035ED9500F95C0458
MD5: 0128e78fe835f074e469f03db681ca9e
Determination: GOOD

C:\WINDOWS\system32\drivers\atmuni.sys
Loaded from: FILE
PX5: 92E7BF650082565E607E05AD216E0900953642D5
MD5: e7ef69b38d17ba01f914ae8f66216a38
Determination: GOOD

C:\WINDOWS\system32\drivers\avgmfx86.sys
Loaded from: FILE
PX5: 5CEACF26484D8409691D002E31934B00DCCD2A08
MD5: 0f471f46d155046bb58e4d6869a15382
Determination: GOOD

C:\WINDOWS\system32\drivers\AWRTPD.sys
Loaded from: FILE
PX5: 9443D85580132C06185A00846D3009009DCB0F0B
MD5: ec018602809b28520caa132cd616bb2a
Determination: GOOD

C:\WINDOWS\system32\drivers\AWRTRD.sys
Loaded from: FILE
PX5: 6018459180814B2820FB00C5D1B25900FA03784B
MD5: 10d3f81b955cd10d6464b1b922e5ac68
Determination: GOOD

C:\WINDOWS\system32\drivers\beep.sys
Loaded from: FILE
PX5: F62FA4F780D77A5110B2005CD7507900637E04C1
MD5: da1f27d85e0d1525f6621372e7b685e9
Determination: GOOD

C:\WINDOWS\system32\drivers\bridge.sys
Loaded from: FILE
PX5: 69CABDC3803104ED17D001BEA902E2004A7836B0
MD5: e4e6a0922e3d983728c9ad4e8d466954
Determination: GOOD

C:\WINDOWS\system32\drivers\cbidf2k.sys
Loaded from: FILE
PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7
MD5: 90a673fc8e12a79afbed2576f6a7aaf9
Determination: GOOD

C:\WINDOWS\system32\drivers\cdaudio.sys
Loaded from: FILE
PX5: 7D0D30B9001A5352491B006D9C79D000079079B1
MD5: c1b486a7658353d33a10cc15211a873b
Determination: GOOD

C:\WINDOWS\system32\drivers\cdfs.sys
Loaded from: FILE
PX5: 0225C13D004CC9CDF93000922132D000BA57D976
MD5: cd7d5152df32b47f4e36f710b35aae02
Determination: GOOD

C:\WINDOWS\system32\drivers\cinemst2.sys
Loaded from: FILE
PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424
MD5: 0cccbd6ef94910804921bf04a2107ef8
Determination: GOOD

C:\WINDOWS\system32\drivers\classpnp.sys
Loaded from: FILE
PX5: 61280642007AE0BEC20400D8EC4D8200079FF3CE
MD5: d86173b401470f06d9810f7962969ddf
Determination: GOOD

C:\WINDOWS\system32\drivers\cpqdap01.sys
Loaded from: FILE
PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3
MD5: 9624293e55ad405415862b504ca95b73
Determination: GOOD

C:\WINDOWS\system32\drivers\crusoe.sys
Loaded from: FILE
PX5: E4FE1A7080AF31429EBC00A2612936006E0D7B97
MD5: f8c288d89ad71bf1aff0f9e4db5d3a10
Determination: GOOD

C:\WINDOWS\system32\drivers\diskdump.sys
Loaded from: FILE
PX5: 6D7A5F848072A37B37EB00C342763700264F9014
MD5: d16c81677a9be399c63cd2ea486472a5
Determination: GOOD

C:\WINDOWS\system32\drivers\drmk.sys
Loaded from: FILE
PX5: 73B664558055CFD9EB9800CC44976A00031F37A9
MD5: ff86422268de771d571e123eb7092c6a
Determination: GOOD

C:\WINDOWS\system32\drivers\dxapi.sys
Loaded from: FILE
PX5: D0E069F50027643C29470029619BD400B7B7054A
MD5: fe97d0343acfdebdd578fc67cc91fa87
Determination: GOOD

C:\WINDOWS\system32\drivers\dxg.sys
Loaded from: FILE
PX5: 3F54B7A780F0ED98157C011AE18D4A00EE6485EB
MD5: d3dac8432110aad0b02a58b4459ab835
Determination: GOOD

C:\WINDOWS\system32\drivers\dxgthk.sys
Loaded from: FILE
PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14
MD5: a73f5d6705b1d820c19b18782e176efd
Determination: GOOD

C:\WINDOWS\system32\drivers\fastfat.sys
Loaded from: FILE
PX5: 1E68B78D00BA4E2F30E102605EF38B00BED2E67D
MD5: 3117f595e9615e04f05a54fc15a03b20
Determination: GOOD

C:\WINDOWS\system32\drivers\fips.sys
Loaded from: FILE
PX5: 1007D8C50089CEC889D600EFFDE6B800D02A5DA9
MD5: 333fbbc71bdcbb46c58a3b51b3d51184
Determination: GOOD

C:\WINDOWS\system32\drivers\fsvga.sys
Loaded from: FILE
PX5: 78ACD409008333CF30C90046F776F800BAB458CE
MD5: 25a7f5539209be062d4bb3f9cd84bd16
Determination: GOOD

C:\WINDOWS\system32\drivers\fs_rec.sys
Loaded from: FILE
PX5: 2E3179C900CB71741FBA004F645EEB00865149D3
MD5: 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a
Determination: GOOD

C:\WINDOWS\system32\drivers\hidclass.sys
Loaded from: FILE
PX5: 800EAA28801FAC928DC800F3F0296600134890AF
MD5: 378055ab8dda86228683c697c4e11685
Determination: GOOD

C:\WINDOWS\system32\drivers\hidparse.sys
Loaded from: FILE
PX5: 202AE5AF805FDB4161470039E900C0009EB401B0
MD5: 5fff41cd5108e9051d255c37825af697
Determination: GOOD

C:\WINDOWS\system32\drivers\imagedrv.sys
Loaded from: FILE
PX5: 3C11D7B200AF52D217B100E01B523C0062C31D17
MD5: 25edd75e23c5ef6b33d0fbcce125a601
Determination: GOOD

C:\WINDOWS\system32\drivers\imagesrv.sys
Loaded from: FILE
PX5: 3AE6FD8C0077A269F23F01BAA2ECA40083866402
MD5: 9c4bbacf4e9b9543c3ce23f1fe556941
Determination: GOOD

C:\WINDOWS\system32\drivers\ks.sys
Loaded from: FILE
PX5: 78D9F49380D52F3B2603022FFE8CE100B4CA1585
MD5: b9540e258f952650de8dec68719a5c97
Determination: GOOD

C:\WINDOWS\system32\drivers\ksecdd.sys
Loaded from: FILE
PX5: 774C935980F76922670D01959D71E6009D9267E6
MD5: eb7ffe87fd367ea8fca0506f74a87fbb
Determination: GOOD

C:\WINDOWS\system32\drivers\mcd.sys
Loaded from: FILE
PX5: 874B185900D5916B1EF900C2FE181D00136FAB22
MD5: d1f8be91ed4ddb671d42e473e3fe71ab
Determination: GOOD

C:\WINDOWS\system32\drivers\mf.sys
Loaded from: FILE
PX5: F49C56310087ADB9F998009652109C00BB35FCB1
MD5: 729d83e56c29c510258a6e9e79ffddc3
Determination: GOOD

C:\WINDOWS\system32\drivers\mnmdd.sys
Loaded from: FILE
PX5: 33A41DEC8064684210700001C4EA1400320E2D4F
MD5: 4ae068242760a1fb6e1a44bf4e16afa6
Determination: GOOD

C:\WINDOWS\system32\drivers\modem.sys
Loaded from: FILE
PX5: F22F2ACE0067686F7617004AA04CD400DCD5102E
MD5: b30d2db351e3191bd71232036cfe711a
Determination: GOOD

C:\WINDOWS\system32\drivers\mountmgr.sys
Loaded from: FILE
PX5: 7309084F00AE944FA5B9001585E15200FF872CDC
MD5: 65653f3b4477f3c63e68a9659f85ee2e
Determination: GOOD

C:\WINDOWS\system32\drivers\msfs.sys
Loaded from: FILE
PX5: 075BA4B3803111464A9700E6E20263008B5F85A4
MD5: 561b3a4333ca2dbdba28b5b956822519
Determination: GOOD

C:\WINDOWS\system32\drivers\mup.sys
Loaded from: FILE
PX5: 488AE40380446D0EA57D014A890CCF00C681450A
MD5: 82035e0f41c2dd05ae41d27fe6cf7de1
Determination: GOOD

C:\WINDOWS\system32\drivers\ndis.sys
Loaded from: FILE
PX5: D3D6286080F2E0F0CA7A02249DEC7F001D734284
MD5: 558635d3af1c7546d26067d5d9b6959e
Determination: GOOD

C:\WINDOWS\system32\drivers\ndproxy.sys
Loaded from: FILE
PX5: FB8873A080F72F00942D005DFF5068001A60ED1C
MD5: 59fc3fb44d2669bc144fd87826bb571f
Determination: GOOD

C:\WINDOWS\system32\drivers\nic1394.sys
Loaded from: FILE
PX5: 720917AF800A6EE8F12400F5E9C6E000F750E215
MD5: 5c5c53db4fef16cf87b9911c7e8c6fbc
Determination: GOOD

C:\WINDOWS\system32\drivers\nikedrv.sys
Loaded from: FILE
PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9
MD5: be984d604d91c217355cdd3737aad25d
Determination: GOOD

C:\WINDOWS\system32\drivers\nmnt.sys
Loaded from: FILE
PX5: 4F6E51DE803D5E299DD30090E39024009FB3BD94
MD5: 60cf8c7192b3614f240838ddbaa4a245
Determination: GOOD

C:\WINDOWS\system32\drivers\npfs.sys
Loaded from: FILE
PX5: 20DA5FD280719B5A789A008E44C90300CCA72CD2
MD5: 4f601bcb8f64ea3ac0994f98fed03f8e
Determination: GOOD

C:\WINDOWS\system32\drivers\NSDriver.sys
Loaded from: FILE
PX5: D7A41BC58062FA0624F6003169CC6600FBF360AB
MD5: 05bdd706a847bbfa9fd5948cd636eb1a
Determination: GOOD

C:\WINDOWS\system32\drivers\ntfs.sys
Loaded from: FILE
PX5: F6D2D4BD008F0B21C44F08EC65529C002F16FA15
MD5: 19a811ef5f1ed5c926a028ce107ff1af
Determination: GOOD

C:\WINDOWS\system32\drivers\null.sys
Loaded from: FILE
PX5: 7047032880E19D2B0B4300F23A496700B79BCD14
MD5: 73c1e1f395918bc2c6dd67af7591a3ad
Determination: GOOD

C:\WINDOWS\system32\drivers\nwlnkipx.sys
Loaded from: FILE
PX5: B455E8AE80D2C31959AC01662F7EE7009B9C1B54
MD5: 79ea3fcda7067977625b3363a2657c80
Determination: GOOD

C:\WINDOWS\system32\drivers\nwlnknb.sys
Loaded from: FILE
PX5: 04BB889700AAB944F73D0096D8122400A0912260
MD5: 56d34a67c05e94e16377c60609741ff8
Determination: GOOD

C:\WINDOWS\system32\drivers\nwlnkspx.sys
Loaded from: FILE
PX5: 38D410228045AB3DDA820098A4E752008EA9780C
MD5: c0bb7d1615e1acbdc99757f6ceaf8cf0
Determination: GOOD

C:\WINDOWS\system32\drivers\oprghdlr.sys
Loaded from: FILE
PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14
MD5: 4bb30ddc53ebc76895e38694580cdfe9
Determination: GOOD

C:\WINDOWS\system32\drivers\p3.sys
Loaded from: FILE
PX5: BC6A682380C862C2B56A0022A0FE9B00ED93F9A1
MD5: acf18d9f903b29790b8f8e01535f37d4
Determination: GOOD

C:\WINDOWS\system32\drivers\partmgr.sys
Loaded from: FILE
PX5: CD5C0D6C00BC0D35496D00DCA66DE800E5B26EF9
MD5: 3334430c29dc338092f79c38ef7b4cd0
Determination: GOOD

C:\WINDOWS\system32\drivers\parvdm.sys
Loaded from: FILE
PX5: D78233F200E873FD1B40001BF0D2FD00501E1542
MD5: 0dabef655a444cb1e193626fb1d24b9f
Determination: GOOD

C:\WINDOWS\system32\drivers\pciidex.sys
Loaded from: FILE
PX5: DD4713DB00668128625F00A6F0879B00FA781103
MD5: 520b91ab011456b940d9b05fc91108ff
Determination: GOOD

C:\WINDOWS\system32\drivers\pcmcia.sys
Loaded from: FILE
PX5: 1E5E2DAE80A234A7D5E1011E8065A7000BABC19F
MD5: 28f3538a2091993a03506311a05053e8
Determination: GOOD

C:\WINDOWS\system32\drivers\portcls.sys
Loaded from: FILE
PX5: AD607B188079CDEF39B802DAB6A7B200F599BD35
MD5: 5b0f00e43a7094c0b7e433cb42c79164
Determination: GOOD

C:\WINDOWS\system32\drivers\processr.sys
Loaded from: FILE
PX5: AF0FBDFA005416189A000040A9FF7600B2B78287
MD5: 2be7f01e46970e946aa18cba3de019eb
Determination: GOOD

C:\WINDOWS\system32\drivers\rawwan.sys
Loaded from: FILE
PX5: 3623B25780ED679386B1006F511AA700A8DBED63
MD5: 01524cd237223b18adbb48f70083f101
Determination: GOOD

C:\WINDOWS\system32\drivers\rdpdr.sys
Loaded from: FILE
PX5: 02477783007980B5019E03607F7E03003B692115
MD5: a2cae2c60bc37e0751ef9dda7ceaf4ad
Determination: GOOD

C:\WINDOWS\system32\drivers\rdpwd.sys
Loaded from: FILE
PX5: F059F0E3086A11EC2111023C258C8900CFC29C24
MD5: b54cd38a9ebfbf2b3561426e3fe26f62
Determination: GOOD

C:\WINDOWS\system32\drivers\rio8drv.sys
Loaded from: FILE
PX5: 689BF8B80051228F2F8000540597A5009049C8B5
MD5: a56fe08ec7473e8580a390bb1081cdd7
Determination: GOOD

C:\WINDOWS\system32\drivers\riodrv.sys
Loaded from: FILE
PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7
MD5: 0a854df84c77a0be205bfeab2ae4f0ec
Determination: GOOD

C:\WINDOWS\system32\drivers\rmcast.sys
Loaded from: FILE
PX5: 51F889B700FC9166166A03256E7AAC00D3C16FD6
MD5: 9d54c7c15847b933e03d6e7c9307bae5
Determination: GOOD

C:\WINDOWS\system32\drivers\rndismp.sys
Loaded from: FILE
PX5: F5E4CD0480C828137517005714D7F1002CA246EF
MD5: 7ce8b277f3207ea82d7d22ad348befc6
Determination: GOOD

C:\WINDOWS\system32\drivers\rootmdm.sys
Loaded from: FILE
PX5: F3E7979300A8EEA3177100743639FF0080591A18
MD5: d8b0b4ade32574b2d9c5cc34dc0dbbe7
Determination: GOOD

C:\WINDOWS\system32\drivers\scsiport.sys
Loaded from: FILE
PX5: BAEDAB6C00163F8D78C6012DFF6A240038CAB5E8
MD5: d7fd0ff761e28ac0ea35ad71e0cd67e9
Determination: GOOD

C:\WINDOWS\system32\drivers\sdbus.sys
Loaded from: FILE
PX5: BA494C87000D7A4F08B4013D43118E00EBAF0531
MD5: 02fc71b020ec8700ee8a46c58bc6f276
Determination: GOOD

C:\WINDOWS\system32\drivers\sffdisk.sys
Loaded from: FILE
PX5: AF380F15808E7A972B3D001ABF251400652E930D
MD5: 1d9f1bec651815741f088a8fb88e17ee
Determination: GOOD

C:\WINDOWS\system32\drivers\sffp_sd.sys
Loaded from: FILE
PX5: 35A841FC0030CAF028AD002AAB39F600184DF1C4
MD5: 586499fd312ffd7f78553f408e71682e
Determination: GOOD

C:\WINDOWS\system32\drivers\sfloppy.sys
Loaded from: FILE
PX5: 6884E1AE807AAB872CD300DC197E0C00B015D834
MD5: 0d13b6df6e9e101013a7afb0ce629fe0
Determination: GOOD

C:\WINDOWS\system32\drivers\smclib.sys
Loaded from: FILE
PX5: 8A9722BD003AC63939580092009AC20088FC78D8
MD5: 017daecf0ed3aa731313433601ec40fa
Determination: GOOD

C:\WINDOWS\system32\drivers\sonydcam.sys
Loaded from: FILE
PX5: 0B9EAE4180F27A6F636900C11EF4E3002F2E7423
MD5: addc9e4757a68ab60562ad3cb9c288d6
Determination: GOOD

C:\WINDOWS\system32\drivers\ss_cm.sys
Loaded from: FILE
PX5: CD2D72510078E09018180018D1705E00EF8DC6AB
MD5: 0db093db64fd606f31284980f67eacaf
Determination: GOOD

C:\WINDOWS\system32\drivers\ss_cmnt.sys
Loaded from: FILE
PX5: CD2D72510078E09018180018D1705E00EF8DC6AB
MD5: 0db093db64fd606f31284980f67eacaf
Determination: GOOD

C:\WINDOWS\system32\drivers\ss_wh.sys
Loaded from: FILE
PX5: 98C9BAFEB0357EE2160500B4919598000FFD747E
MD5: b65281e2e31eaa42edcd03c048c0e88d
Determination: GOOD

C:\WINDOWS\system32\drivers\ss_whnt.sys
Loaded from: FILE
PX5: 98C9BAFEB0357EE2160500B4919598000FFD747E
MD5: b65281e2e31eaa42edcd03c048c0e88d
Determination: GOOD

C:\WINDOWS\system32\drivers\StarOpen.sys
Loaded from: FILE
PX5: 3A7574BC00CBB17816440095C402C300568EC676
MD5: 306521935042fc0a6988d528643619b3
Determination: GOOD

C:\WINDOWS\system32\drivers\stream.sys
Loaded from: FILE
PX5: E9758E5F00F11219BE3300252F112F00F38A6C5B
MD5: c43356072eb3e88cd62958db10cead47
Determination: GOOD

C:\WINDOWS\system32\drivers\tape.sys
Loaded from: FILE
PX5: 1278B1EF80B32A683A3F0096934CD200746C2998
MD5: a2a9ca0d1a9ac1ff54220aa0789fe5cf
Determination: GOOD

C:\WINDOWS\system32\drivers\tcpip6.sys
Loaded from: FILE
PX5: 5D79645C800A9DEE710003BFD457ED00F0D2E94E
MD5: dccacdd2747ada221aece5c9ada5d551
Determination: GOOD

C:\WINDOWS\system32\drivers\tdi.sys
Loaded from: FILE
PX5: D2E197368059988748C500010EF1F2006AC8B3D9
MD5: 6891b74ab9a016064e82a419388d0601
Determination: GOOD

C:\WINDOWS\system32\drivers\tdpipe.sys
Loaded from: FILE
PX5: 3FCBC6C1086354332FFD003DE3512D00CB438F2A
MD5: 38d437cf2d98965f239b0abcd66dcb0f
Determination: GOOD

C:\WINDOWS\system32\drivers\tdtcp.sys
Loaded from: FILE
PX5: 8942980688A6EF76558200032BC6D800A375DA91
MD5: ed0580af02502d00ad8c4c066b156be9
Determination: GOOD

C:\WINDOWS\system32\drivers\tosdvd.sys
Loaded from: FILE
PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE
MD5: 699450901c5ccfd82357cbc531cedd23
Determination: GOOD

C:\WINDOWS\system32\drivers\tsbvcap.sys
Loaded from: FILE
PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD
MD5: d74a8ec75305f1d3cfde7c7fc1bd62a9
Determination: GOOD

C:\WINDOWS\system32\drivers\tunmp.sys
Loaded from: FILE
PX5: CBD0AEE38035D6A5300B00CF5C419100CB427E52
MD5: 87a0e9e18c10a9e454238e3330e2a26d
Determination: GOOD

C:\WINDOWS\system32\drivers\udfs.sys
Loaded from: FILE
PX5: 5FD2643980FF4C93024701049FF5A900913F1B6B
MD5: 12f70256f140cd7d52c58c7048fde657
Determination: GOOD

C:\WINDOWS\system32\drivers\usb8023.sys
Loaded from: FILE
PX5: 6C38C2AE8005B13A31EC001CD2E193004FD5788A
MD5: af090265ec388bab320f1ff7e7a7d5ea
Determination: GOOD

C:\WINDOWS\system32\drivers\usbcamd.sys
Loaded from: FILE
PX5: D11C923000C0476E5DDA002FC1E34E00BC32EEBC
MD5: 2654eecc6fb13603ebddcd5c8ea943d1
Determination: GOOD

C:\WINDOWS\system32\drivers\usbcamd2.sys
Loaded from: FILE
PX5: D11C923080C0476E5DDA002FC1E34E002B3DC035
MD5: 61018ba9df6b63e51d9753c980e73ec2
Determination: GOOD

C:\WINDOWS\system32\drivers\usbd.sys
Loaded from: FILE
PX5: F328D8568037A02F12FA00A0B0E095005A1BACA9
MD5: 596eb39b50d6ebd9b734dc4ae0544693
Determination: GOOD

C:\WINDOWS\system32\drivers\usbintel.sys
Loaded from: FILE
PX5: 46A2709480A8B9863E99007B5ED70B000E5AFC3D
MD5: 2853fd4c4489e0f8bfcf78efcdb7e998
Determination: GOOD

C:\WINDOWS\system32\drivers\usbport.sys
Loaded from: FILE
PX5: A1EF174180FC34972E3902AA15903200854523B2
MD5: 2034ca78f9c6e787b4b76d81ac888351
Determination: GOOD

C:\WINDOWS\system32\drivers\vdmindvd.sys
Loaded from: FILE
PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF
MD5: 55e01061c74a8cefff58dc36114a8d3f
Determination: GOOD

C:\WINDOWS\system32\drivers\videoprt.sys
Loaded from: FILE
PX5: BBE87C52808D55E2379801ACFA738900C0632DEC
MD5: d5a9d123f5ed7c9965a481bd20cf66d8
Determination: GOOD

C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
Loaded from: FILE
PX5: C2B259410067E6FB8D7C0079F01FA60004D4401F
MD5: 534605704173f98a601bea7938fcb43d
Determination: GOOD

C:\WINDOWS\system32\drivers\volsnap.sys
Loaded from: FILE
PX5: AC3AFD0E80294768D03200EE1153E40098EF3DD1
MD5: 698869e82c57169f2140c04a272bf12b
Determination: GOOD

C:\WINDOWS\system32\drivers\wmilib.sys
Loaded from: FILE
PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3
MD5: 2f31b7f954bed437f2c75026c65caf7b
Determination: GOOD

C:\WINDOWS\system32\drivers\wpdusb.sys
Loaded from: FILE
PX5: E04E67C68020394F960F004FBC02B000DC6FED3C
MD5: cf4def1bf66f06964dc0d91844239104
Determination: GOOD

C:\WINDOWS\system32\drivers\ws2ifsl.sys
Loaded from: FILE
PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545
MD5: 6abe6e225adb5a751622a9cc3bc19ce8
Determination: GOOD

C:\Documents and Settings\All Users\Dati applicazioni\desktop.ini
Loaded from: FILE
PX5: 88CF0FF93E2A4A9F00A700BD9B751300B2E9E22B

C:\Documents and Settings\Morreale\Dati applicazioni\desktop.ini
Loaded from: FILE
PX5: 88CF0FF93E2A4A9F00A700BD9B751300B2E9E22B

C:\Programmi\CCleaner\CCleaner.exe
Loaded from: FILE
PX5: 19FDA908F0F19F4D045E0CBF40BDD000CE6B5B85
MD5: 0abc2333a3a65e396915e7a1ad2d5fe3
Determination: GOOD

C:\Programmi\LimeWire\LimeWire.exe
Loaded from: FILE
PX5: 4528FB82001377224056023A82CA7F000E0BD396
MD5: 365418b2fefca481c6ce388da076eac2
Determination: GOOD


Results::
Known malicious programs: 2



End of PrevxCSI Log - http://www.prevx.com
stemor
09-01-2008, 23:39
...e di BitDefender
BitDefender Online Scanner



Scan report generated at: Wed, Jan 09, 2008 - 22:32:52





Scan path: A:\;C:\;D:\;







Statistics

Time
00:15:27

Files
106546

Folders
2603

Boot Sectors
2

Archives
750

Packed Files
6081




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
887340

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.
stemor
09-01-2008, 23:43
...scusate per il casino ma ho qualche problema con Z-share:rolleyes:
lancetta
10-01-2008, 00:32
Scarica Avenger da qua AVENGER (http://swandog46.geekstogo.com/avenger.zip)
Scompattalo, avvialo, seleziona "Input script manually" e clicca sulla lente d'ingrandimento. Nella nuova finestra, incolla questo script:
Files to delete:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\msupd97861.exe
C:\WINDOWS\system32\dsqueryh.dll
C:\Documents and Settings\Morreale\Impostazioni locali\Temp\GLB6.tmp
clicca sul pulsante "Done",clicca sull'icona di semaforo verde rispondi "yes" ,il pc dovrebbe riavviarsi da solo se così non fosse, riavvialo manualmente.
Al riavvio del sistema verrà visualizzato il log in c:\avenger.txt e lo alleghi qui

Pulita con CCleaner( QUI (http://www.filehippo.com/download/9838386a743262a2d7aaedfb3b432ae2/download/))disattivando dalle opzioni avanzate "cancella solo file più vecchi di 48 ore" oppure con ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 (è stand alone) Avvia ATF Cleaner
(se usi Firefox o Opera, selezionali dal menu in alto)
metti la spunta su "Select All" per ogni browser
e clicca su "Empty Selected"
e nuovo log di hijackthis scaricalo da QUI LINK (http://www.download.com/3001-8022_4-10379544.html) è stand alone (senza installazione)mettilo in una sua cartella dedicata, lo avvii dalla schermata clik su "do a system scan and save a logfile" ti si aprirà una schermata txt con dei dati,;)
stemor
10-01-2008, 00:58
Fatto con avenger (l'ho dovuto fare due volte, perchè alla prima al riavvio mi diceva che era impossibile aprire il log).
Devo fare anche il resto?
stemor
10-01-2008, 01:00
A leggere ora il log mi pare che i soliti due file non vogliano proprio essere tolti:(
lancetta
10-01-2008, 01:11
A leggere ora il log mi pare che i soliti due file non vogliano proprio essere tolti:(

infatti ne ha zompato solo uno vedi se sono nel task manager terminali e riprova con avenger con lo stesso script
stemor
10-01-2008, 01:16
Fatto anche Ccleaner e Hijackthis che non mi ha permesso di fixare quei due files :cry:
Task manager lo faccio in continuazione ma non appare nulla di sospetto
lancetta
10-01-2008, 01:49
Fatto anche Ccleaner e Hijackthis che non mi ha permesso di fixare quei due files :cry:
Task manager lo faccio in continuazione ma non appare nulla di sospetto

scarica killbox http://www.killbox.net/downloads/KillBox.exe Inserire il percorso completo del file in Full Path
poi selezionare DELETE ON REBOOT
lancetta
10-01-2008, 01:55
se non riesci con kill prova anche questo che sblocca anche i processi

http://download.html.it/software/getit/1887/unlocker/
stemor
10-01-2008, 02:35
Qualcosa è stato fatto: Killbox non ha fatto nulla, mentre Unlocker mi è riuscito ad eliminare msupd97861.exe, mentre gli altri due (khjgfshi.dat e dsqueryh.dll) sono ancora lì, inamovibili e irrinominabili.
Grazie mille dell'aiuto, ora vado a letto...domani riprende la caccia ;)
stemor
10-01-2008, 17:21
Dunque, rifatte varie procedure e non riesco a togliere i due files in questione (khjgfshi.dat e dsqueryh.dll), inoltre il test result di AVG mi dice:

Object C:\WINDOWS\system32\dsqueryh.dll
Result Trojan Horse Generic9.AKAV
Status Infected

e

Object C:\WINDOWS\system32\shell32.dll
Result Change
Status Changed

Soprattutto non riesco a capire la parte relativa a shell32
lancetta
10-01-2008, 17:58
Dunque, rifatte varie procedure e non riesco a togliere i due files in questione (khjgfshi.dat e dsqueryh.dll), inoltre il test result di AVG mi dice:

Object C:\WINDOWS\system32\dsqueryh.dll
Result Trojan Horse Generic9.AKAV
Status Infected

e

Object C:\WINDOWS\system32\shell32.dll
Result Change
Status Changed

Soprattutto non riesco a capire la parte relativa a shell32


start > esegui:
Regsvr32.exe C:\WINDOWS\system32\dsqueryh.dll /u

poi riprovi a cancellare
stemor
10-01-2008, 18:08
Scusa non ho capito in esegui che devo scrivere
lancetta
10-01-2008, 18:38
Scusa non ho capito in esegui che devo scrivere

copia ed incolla il comando
stemor
10-01-2008, 18:45
Mi dice: load non riuscito....accesso negato
lancetta
10-01-2008, 19:58
hum...hai provato con i tool di cui sopra dalla modalità provvisoria (F8 al boot)????
stemor
10-01-2008, 20:03
Quali delle decine di tools scaricati in questi giorni?
lancetta
10-01-2008, 20:12
Quali delle decine di tools scaricati in questi giorni?

:D :D :D ..hai ragione ..parlavo degli ultimi due ( Killbox e Unlocker)
mi riposti anche un altro log di prevxCSI però hostalo su Z-share se possibile
e anche di hijackthis devo vedere una cosa...
stemor
10-01-2008, 20:54
In modalità provvisoria non succede nulla.
prevxcsi2.log - 0.28MB (http://www.zshare.net/download/63819962c0c27c/)
Riverside
10-01-2008, 20:59
Socio, potrei fare un prova? :rolleyes:
lancetta
10-01-2008, 21:10
Socio, potrei fare un prova? :rolleyes:

socio....c'è bisogno che chiedi???? :):
lancetta
10-01-2008, 21:25
DA HIJACKTHIS prova anche da provvisoria se necessario

O2 - BHO: (no name) - {7E6394EA-EE61-428D-B846-3D700CEEEFD7} - C:\WINDOWS\system32\dsqueryh.dll

fixa questo chiudi il browser prima (se usi IE)

e riproviamo a cancellare
fai prima avenger .....fammi sapere
Riverside
10-01-2008, 21:33
socio....c'è bisogno che chiedi???? :):
Ed allora proviamoci.

@ Stemor:

● disinstalla la Google toolbar (da installazione applicazioni);
● cerca la relativa cartella (dovrebbe trovarsi in C:\Programmi, se non sbaglio) e rimuovila;

rilancia Hthis e fixa queste voci:

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

fixa, anche la voce che rompe i maroni:

O2 - BHO: (no name) - {7E6394EA-EE61-428D-B846-3D700CEEEFD7} - C:\WINDOWS\system32\dsqueryh.dll

Poi prosegui in questo modo, sempre con il Ripristino Configurazione di sistema disabilitato:

scarica questi due tool:

MSNFIX TOOL: clicca qui per il download dal Sito ufficiale (http://sosvirus.changelog.fr/MSNFix.zip)

in alternativa, da qui:

MSNFIX TOOL: Mirror per il download (http://in.solit.us/archives/show/98990)

LIVEKILL CLEAN MESSENGER: clicca qui per il download dal Sito ufficiale (http://www.livekill.org/plug.html)
scegliere la versione appropriata per il Sistema operativo in uso: Windows XP oppure Windows Vista

in alternativa, da qui:

LIVEKILL PER WINDOWS XP: Mirror per il download (http://in.solit.us/archives/show/98993)

LIVEKILL PER WINDOWS VISTA: Mirror per il downoad (http://in.solit.us/archives/show/98991)

Installa MSNFIX:
● scompatta il file Zip che hai, precedentemente posizionato sul Desktop (verrà creata una cartella)
● lancia MSNFix File batch
● digita I per impostare la lingua, e, premi invio
● digita R per cercare il malware
● digita N per eliminare ciò che trova
● digita A per creare il log da pubblicare
● digita R per ripulire il registro ed uscire
● digita Q per terminare MSNFix
● verranno creati un log ed un file Zip
li trovi, assieme al log, all'interno della cartella posizionata sul Desktop
● [b]cestina, solo il file Zip e ripulisci il cestino
[b]Allega il log rilasciato

installa LIVEKILL CLEAN MESSENGER:
Una volta installato
● chiudi MSN Messenger (se lo usi e se lo hai aperto)
● lancia LiveKill
● l'antivirus si aggiornerà automaticamente ed eseguirà una scansione
● verrà rilasciato un Log (reperibile sul Desktop): allegalo

Scarica DUSTBUSTER (richiede l’installazione)
clicca qui per il download (http://www.majorgeeks.com/download.php?det=1182)
● esegui il download da uno dei mirror disponibili sul sito
● una volta installato, lancialo:
● Dust Buster provvederà, automaticamente, ad individuare e rimuovere tutti i file inutili ancora presenti sull’hard disk

● Riavvia il sistema
● allega il log che ti ho chiesto ed un nuovo log di Hthis eseguito dopo il riavvio
lancetta
10-01-2008, 21:35
scusa zompa anche questi visto che sono missing

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

un altra cosa hijackthis mettilo in una cartella dedicata (anche sul desktop)
stemor
10-01-2008, 22:22
...diciamo che mi sono fermato piuttosto presto :mad: ...già il primo passaggio non riesco a farlo: non mi fa disinstallare Google toolbar (clicco su rimuovi e non succede nulla).
Per quanto riguarda la cartella l'avevo già rimossa sospettando mi creasse dei problemi, però non pensavo fosse un'applicazione.
Riverside
10-01-2008, 22:41
...diciamo che mi sono fermato piuttosto presto :mad: ...già il primo passaggio non riesco a farlo: non mi fa disinstallare Google toolbar (clicco su rimuovi e non succede nulla).
Per quanto riguarda la cartella l'avevo già rimossa sospettando mi creasse dei problemi, però non pensavo fosse un'applicazione.
Sei un genio :mbe: è chiaro che non te la fa disinstallare se hai segato via la cartella senza prima averla disinstallata :muro:
Devi reinstallarla e dopo la disinstalli :doh:
stemor
10-01-2008, 23:12
Fatto con Hijack ma non mi ha fixato il famoso file. Ho scaricato msnfix ma quando apro il batch mi da errore e se provo a digitare qualsiasi cosa si chiude.
Non so se può essere utile ma non uso Msn nè alcun tipo di messenger
Riverside
10-01-2008, 23:21
Fatto con Hijack ma non mi ha fixato il famoso file. Ho scaricato msnfix ma quando apro il batch mi da errore e se provo a digitare qualsiasi cosa si chiude.
Non so se può essere utile ma non uso Msn nè alcun tipo di messenger
Senti, o ti metti in testa di eseguire le procedure cosi come vengono indicate, o possiamo stare qui 15 giorni e non risolvere nulla.
Ora torni al mio post precedente (quello dove ti ho indicato la procedura) e ti rileggi tutto quello che ti è stato detto di fare (compresa reinstallare la toolbar di google e poi, disinstallarla).
stemor
10-01-2008, 23:25
La toolbar di google l'avevo già reinstallata e disinstallata, ma sono bloccato a msnfix visto che come ti ho detto quando apro il batch mi da errore e se provo a digitare qualsiasi cosa si chiude.
Riverside
10-01-2008, 23:29
ma sono bloccato a msnfix visto che come ti ho detto quando apro il batch mi da errore e se provo a digitare qualsiasi cosa si chiude.
Procedi con il resto :doh:
stemor
10-01-2008, 23:55
Fatto tutta la procedura (tranne Msnfix)
stemor
10-01-2008, 23:56
giovedì 10 gennaio 2008 23.40.03 build 1256

Microsoft Windows XP Home Edition(it-IT)
1023 Mo (RAM)
Last DataBase update : 1.621
C:\Programmi\LiveKillCleanMessenger
NORMAL MODE

There is not any virus on your computer !
Riverside
11-01-2008, 00:06
E' ancora presente :mbe:

O2 - BHO: (no name) - {7E6394EA-EE61-428D-B846-3D700CEEEFD7} - C:\WINDOWS\system32\dsqueryh.dll

Riprova con Avenger:

Scarica AVENGER (Non richiede l’installazione)
clicca qui per il download (http://swandog46.geekstogo.com/avenger.zip)

Devi creare una apposta Cartella sul Desktop ed al suo interno scompatta il file
● avvialo
● seleziona Input script manually e clicca sulla lente d'ingrandimento
● nella nuova finestra incolla questo script (tutto il testo in rosso):

Files to delete:
C:\WINDOWS\system32\dsqueryh.dll


● clicca sul pulsante Done
● clicca sull'icona semaforo verde
● rispondi yes
● Il P.C. dovrebbe riavviarsi da solo; altrimenti riavvia manualmente
● al riavvio del sistema verrà salvato un log in C:\avenger.txt
allega il log che verrà rilasciato
lancetta
11-01-2008, 00:17
edit:
preceduto dal socio;)
stemor
11-01-2008, 00:20
Eccolo qui
Chill-Out
11-01-2008, 00:24
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Doppio click su combofix.exe e segui le istruzioni
Allegare il log C:\combofix.txt e anche il file; C:\ComboFix-quarantined-files.txt
N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire) e preferibile inoltre disconnettersi e disabilitare momentaneamente i software di sicurezza
stemor
11-01-2008, 00:38
Ecco il log, ma la cartella quarantine di Combofix è vuota
combofixlog.txt - 0.01MB (http://www.zshare.net/download/63875173c87ccc/)
Chill-Out
11-01-2008, 00:47
Fixa da HJT per l'ennesima volte la seguente voce:

O2 - BHO: (no name) - {7E6394EA-EE61-428D-B846-3D700CEEEFD7} - C:\WINDOWS\system32\dsqueryh.dll

Apri il Blocco Note copia e incolla queste righe:

File::
C:\WINDOWS\system32\dsqueryh.dll
C:\WINDOWS\system32\drivers\khjgfshi.dat

Driver::
C:\WINDOWS\system32\drivers\khjgfshi.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E6394EA-EE61-428D-B846-3D700CEEEFD7}]

Salva il file sul Desktop come CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix

al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt + nuovo log di HJT, ciao.
__________________
stemor
11-01-2008, 13:43
Rieccomi Chill-Out, fatta tutta la procedura, ecco i logs
combofix.txt - 0.01MB (http://www.zshare.net/download/64053189855852/)
murack83pa
11-01-2008, 13:53
Rieccomi Chill-Out, fatta tutta la procedura, ecco i logs
combofix.txt - 0.01MB (http://www.zshare.net/download/64053189855852/)

nel mentre aspetti l'analisi di combofix da parte di chill, ho visto il log di hiajckthis e purtroppo l'infezione nn mi sembra ancora sparita, guarda questa voce

O2 - BHO: (no name) - {7E6394EA-EE61-428D-B846-3D700CEEEFD7} - C:\WINDOWS\system32\dsqueryh.dll

vediamo cosa dice chill
ciao
stemor
11-01-2008, 14:11
Si purtroppo mi ero accorto che l'infame era ancora lì, così come khjgfshi.dat non rilevato da HJT ma pur sempre presente. Di questo passo divento senior member in una settimana:rolleyes:
lancetta
11-01-2008, 16:13
Si purtroppo mi ero accorto che l'infame era ancora lì, così come khjgfshi.dat non rilevato da HJT ma pur sempre presente. Di questo passo divento senior member in una settimana:rolleyes:

Hum...forse fino ad adesso ho sbagliato lo script

in avenger inserisci:


Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E6394EA-EE61-428D-B846-3D700CEEEFD7}

Files to delete:
C:\WINDOWS\system32\dsqueryh.dll
C:\WINDOWS\system32\drivers\khjgfshi.dat

drivers to unload:
khjgfshi



vediamo............
Chill-Out
11-01-2008, 16:19
Per il momento hostiamo i log qui:
http://www.sendmefile.com
@stemor

avrei bisogno del log di combofix, grazie.
stemor
11-01-2008, 16:34
@Lancetta
Ecco il log di Avenger
@Chill-Out
Ecco il link per Combofix
http://www.sendmefile.com/00606344
Chill-Out
11-01-2008, 18:02
Apri il Blocco Note copia e incolla queste righe:

File::
C:\WINDOWS\system32\dsqueryh.dll
C:\WINDOWS\system32\drivers\khjgfshi.dat
C:\WINDOWS\system32\drivers\ahilpvyf.sys
C:\WINDOWS\system32\drivers\oadgliei.sys

Driver::
C:\WINDOWS\system32\drivers\khjgfshi.dat
C:\WINDOWS\system32\drivers\ahilpvyf.sys
C:\WINDOWS\system32\drivers\oadgliei.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E6394EA-EE61-428D-B846-3D700CEEEFD7}]

Salva il file sul Desktop come CFScript.txt....stesso procedimento
stemor
11-01-2008, 18:25
Grande Chill-Out ci sei riuscito :mano: :winner:
Adesso che sono in quarantena che devo fare?
http://www.sendmefile.com/00606363
Chill-Out
11-01-2008, 18:33
I tool e i realtivi log li puoi anche cancellare, scusami ma ieri sera parte dello script mi era rimasto nella tastiera :stordita: , ma come puoi notare tu stesso in questa giorni questa sezione e al delirio.
Una raccomandazione evita di scaricare giochini vari sono pieni di schifezze esempio SecretsOfOlympus
Ti chiedo un'ultima cosuccia mi alleghi un log di questo tool:
http://noahdfear.geekstogo.com/FindAWF.exe
+ un log di HJT
stemor
11-01-2008, 18:50
In effetti quei giochini creavano qualche problema (tipo chiusura applicazioni e pagina blu con riavvio), li ho usati per poco e ora mai più.
Grazie ancora e grazie anche agli altri ragazzi che ci hanno provato :mano:
Eccoti i logs da te richiesti

P.S. Avrei un altro problema di cui avevo accennato all'inizio di questo thread:

Mentre eseguivo uno scan con a-squared è comparsa la pagina blu di windows "si è verificato un problema e windows è stato chiuso per impedire danni...".
Da rilevare che c'era anche scritto:
Ntfs.sys Address F76B01AF base at F76AAOOO, DateStamp 45cc56a7

Non è purtroppo la prima volta che compare. Succede da sempre, generalmente ogni tanto, tranne in alcuni casi in cui succede anche più volte in un giorno alternato con chiusura improvvisa di pagine (spesso è riportato: IRQL_NOT_EQUAL oppure PAGE_FAULT_IN_NON_PAGED_AREA, etc.). Mai riuscito a risolvere il problema, anche l'assistenza tecnica ha detto che non sapeva cosa fare (riformattato ma non è cambiato nulla)...ma credo questo sia un altro problema

sai dove posso postare un nuovo thread al riguardo?
lancetta
11-01-2008, 19:07
***
Chill-Out
11-01-2008, 19:13
@stemor

rimani sintonizzato c'è ancora un lavorettino da fare, appena abbiamo un'attimo o io o Lancetta,ciao.
Chill-Out
11-01-2008, 22:25
Inserisci questo Script in Avenger

Files to move:
C:\WINDOWS\bak\SiSUSBrg.exe | C:\WINDOWS\SiSUSBrg.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe | C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe | C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Silicon Integrated Systems\SiSRaidPackage\bak\SRaid.exe | C:\Programmi\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe | C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


al termine nuovo log di FindAWF
stemor
12-01-2008, 03:12
Fatto tutto.
Potresti spiegarmi il perchè di quest'ultima operazione?
Chill-Out
12-01-2008, 10:06
Perchè dal log di Combo ho visto le tracce del Trojan Obfuscated e per conferma ti ho chiesto un log di FindAWF infatti il Trojan si è sostituito ai file in esecuzione automatica copiando gli originali in una cartella denominata bak

Ho un dubbio su questo e l'ho tralasciato: C:\Programmi\ACD Systems\DevDetect\DevDetect.exe è attualmente in uso sul tuo PC perchè dal log di HJT non risulta, mentre in realtà dovremmo vederlo.
stemor
12-01-2008, 14:39
DevDetect è il Device Detector per visualizzare con ACDSee le immagini conservate nella fotocamera...dici che può essere in qualche modo infetto?
Chill-Out
12-01-2008, 21:33
DevDetect è il Device Detector per visualizzare con ACDSee le immagini conservate nella fotocamera...dici che può essere in qualche modo infetto?

In Avenger
Files to move:
C:\Programmi\ACD Systems\DevDetect\bak\DEVDET~1.EXE | C:\Programmi\ACD Systems\DevDetect\DEVDET~1.EXE
stemor
12-01-2008, 23:00
Fatto, che dici ora sono pulito?
Chill-Out
12-01-2008, 23:09
Direi che fondamentalmente sei pulito ultimo log di FindAwf che controllo due voci e dovremmo aver finito, visto che ci siamo ti consiglio di installare un Firewall software vedi Comodo
stemor
12-01-2008, 23:16
Eccolo, aspetto che mi dai l'ok per cancellare un po' di tools
Chill-Out
12-01-2008, 23:19
il log va bene, tutto ok.
stemor
12-01-2008, 23:41
Grazie ancora sei stato molto gentile :)
Per quanto riguarda l'altro problemino di cui sopra, sai dove posso postare?

..... pagina blu di windows "si è verificato un problema e windows è stato chiuso per impedire danni...".
Da rilevare che c'era anche scritto:
Ntfs.sys Address F76B01AF base at F76AAOOO, DateStamp 45cc56a7

Non è purtroppo la prima volta che compare. Succede da sempre, generalmente ogni tanto, tranne in alcuni casi in cui succede anche più volte in un giorno alternato con chiusura improvvisa di pagine (spesso è riportato: IRQL_NOT_EQUAL oppure PAGE_FAULT_IN_NON_PAGED_AREA, etc.). Mai riuscito a risolvere il problema, anche l'assistenza tecnica ha detto che non sapeva cosa fare (riformattato ma non è cambiato nulla)...ma credo questo sia un altro problema
Chill-Out
12-01-2008, 23:47
Direi qui:

http://www.hwupgrade.it/forum/forumdisplay.php?f=33

buon proseguimento,ciao.
stemor
12-01-2008, 23:48
Grazie e ciao :mano: