[win XP] AIUTO VIRUS. devo risolvere il problema al più presto. - Pagina 2

murack83pa · 08-01-2008, 12:29

ti svelo un segreto: hijackthis nn è la sfera di cristallo...detto altrimenti,hijackthis nn è un programma che rileva le infezioni,almeno nn sempre: sarebbe stato meglio che postavi il log di prevx.....

anche se lo scherzetto dell'antivirus è strano, segui la procedura di rimozione del vundo
sei sicuro di avere seguito tutte le istruzioni? la procedura è complessa...

questi passaggi preliminari li hai rispettati?
1) Disattivare ripristino configurazione di sistema:

● tasto destro del mouse sull'icona Risorse del Computer
● seleziona la voce Proprietà
● apri la scheda Ripristino configurazione di Sistema
● spunta la voce Disattiva ripristino configurazione di sistema
● conferma, la modifica, con Applica e, poi Ok

2)Avviare in modalità provvisoria: all'accensione del pc premere ripetutamente F8. Apparirà una schermata con vari tipi di avvio. voi selezionate modalità provvisoria.

devi fare girare i programmi indicati secondo quel'ordine indcato dalla guida: tu hai usato solo vundofix e fixvundo, ma c sono altri programmi
quindi, ricapitolando, devi fare le seguenti scansioni e postare qui tutti i log:
VundoFix
Download: http://www.atribune.org/public-beta/VundoFix.exe

FixVundo
Download: http://www.symantec.com/content/en/u...s/FixVundo.exe

ComboFix
Download: http://www.techsupportforum.com/sect...s/ComboFix.exe
dopo che posti i log, aspetta indicazioni
in tutto questo, xò nn so se il mod dirà di postarci nel 3d ufficiale o rimanere qui....tu intanto segui la guida e posta i log al termine di tutte le scansioni
ciao

edit: link aggiornato (bentornato chill..era da tanto che nn ti si vedeva!)

**Chill-Out** · 08-01-2008, 15:44

ComboFix lo scarichi da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Arki_ · 09-01-2008, 21:27

allora ho seguito le regole del forum per la rimozione del trojan.vundo.

ecco i risultati delle scansioni.

premetto solo che :

- ho effettuato le prime tre scansioni (vundofix, fixvundo e combofix) in modalità provvisoria. anche se la scansione di vundofix, come forse già sapete, al termine ti riavvia il sistema. quindi sono rientrato in modalità normale di windows, ho riavviato e sono rientrato nuovamente in provvisoria per effettuare le utlime due.

- i tre programmi hanno sicuramente rilevato qualcosa, ma pare che quel file nnnmlmj.dll che prima compariva adesso non è comparso (ed è stato eliminato). ne restano però di altri.

- per effettuare le successive scansioni con prevx csi e virit sono entrato in modalità normale, sempre come detto nella guida, e credo abbiano rilevato un bel pò di trojan.vundo (virit soprattutto). volevo sapere, dato che mi pare di aver capito che tale trojan ha infettato determinati file di programmi (come logitech, messenger...) cosa fare. dovrò reinstallarli? o si cureranno da soli a rimozione del trojan avvenuta?

- vi comunico che non sono riuscito però a far partire la scansione con avenger (che ho scaricato dalla guida) perchè come è scritto bisogna inserire uno script prima di partire con la scansione. ma dove si trova questo script?? non mi è chiara la questione. ho seguito le indicazioni e quando apro la finestra con la lente dentro non mi appare nessuno script, nè so dove copiarne uno da incollare (come dice la guida).

alla fine, nel caos totale, vi allego i vari log :

VUNDOFIX (che ho effettuato come prima e successivamente una volta rientrato in modalità normale)

Codice:

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 19.08.28 08/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nnnmlmj.dll
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nnnmlmj.dll
C:\WINDOWS\system32\nnnmlmj.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.exe
C:\WINDOWS\system32\ssqpq.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...



VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 2.15.50 09/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.exe
C:\WINDOWS\system32\ssqpq.exe Has been deleted!

Performing Repairs to the registry.
Done!

FIXVUNDO (questo pare non trovi mai nulla. bah!)

Codice:

Symantec Trojan.Vundo Removal Tool 1.5.0

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\dareiz@kaiba.cc\DFSR\Staging\CS{7024943D-1CC3-B15D-FD5F-81465F98E44A}\01\10-{7024943D-1CC3-B15D-FD5F-81465F98E44A}-v1-{F751E798-B641-42DC-8D00-80A4C24A8EF7}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\01\12-{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}-v1-{F751E798-B641-42DC-8D00-80A4C24A8EF7}-v12-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\44\18-{364FC8DB-A18D-451E-A2CE-7DDACF42F04A}-v244-{7D12C007-A211-4490-917B-4FAE60C60654}-v18-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\57\19-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v57-{7D12C007-A211-4490-917B-4FAE60C60654}-v19-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\58\20-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v58-{7D12C007-A211-4490-917B-4FAE60C60654}-v20-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\59\21-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v59-{7D12C007-A211-4490-917B-4FAE60C60654}-v21-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\61\23-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v61-{7D12C007-A211-4490-917B-4FAE60C60654}-v23-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\62\24-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v62-{7D12C007-A211-4490-917B-4FAE60C60654}-v24-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\63\25-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v63-{7D12C007-A211-4490-917B-4FAE60C60654}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\67\26-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v67-{7D12C007-A211-4490-917B-4FAE60C60654}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\68\27-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v68-{7D12C007-A211-4490-917B-4FAE60C60654}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\69\28-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v69-{7D12C007-A211-4490-917B-4FAE60C60654}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\70\29-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v70-{7D12C007-A211-4490-917B-4FAE60C60654}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\71\30-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v71-{7D12C007-A211-4490-917B-4FAE60C60654}-v30-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\72\31-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v72-{7D12C007-A211-4490-917B-4FAE60C60654}-v31-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\73\32-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v73-{7D12C007-A211-4490-917B-4FAE60C60654}-v32-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\74\33-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v74-{7D12C007-A211-4490-917B-4FAE60C60654}-v33-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\75\34-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v75-{7D12C007-A211-4490-917B-4FAE60C60654}-v34-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\77\35-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v77-{7D12C007-A211-4490-917B-4FAE60C60654}-v35-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\78\36-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v78-{7D12C007-A211-4490-917B-4FAE60C60654}-v36-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\79\37-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v79-{7D12C007-A211-4490-917B-4FAE60C60654}-v37-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\01\11-{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}-v1-{F751E798-B641-42DC-8D00-80A4C24A8EF7}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\15\38-{306473DC-A189-40FB-99E4-7448515BD1DE}-v15-{7D12C007-A211-4490-917B-4FAE60C60654}-v38-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\16\91-{54A66D57-3E11-4417-A1F0-84D243795954}-v16-{54A66D57-3E11-4417-A1F0-84D243795954}-v91-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\18\39-{54A66D57-3E11-4417-A1F0-84D243795954}-v18-{7D12C007-A211-4490-917B-4FAE60C60654}-v39-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\20\92-{54A66D57-3E11-4417-A1F0-84D243795954}-v20-{54A66D57-3E11-4417-A1F0-84D243795954}-v92-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\22\66-{54A66D57-3E11-4417-A1F0-84D243795954}-v22-{306473DC-A189-40FB-99E4-7448515BD1DE}-v66-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\24\67-{54A66D57-3E11-4417-A1F0-84D243795954}-v24-{306473DC-A189-40FB-99E4-7448515BD1DE}-v67-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\26\76-{54A66D57-3E11-4417-A1F0-84D243795954}-v26-{306473DC-A189-40FB-99E4-7448515BD1DE}-v76-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\29\77-{54A66D57-3E11-4417-A1F0-84D243795954}-v29-{306473DC-A189-40FB-99E4-7448515BD1DE}-v77-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\32\40-{54A66D57-3E11-4417-A1F0-84D243795954}-v32-{7D12C007-A211-4490-917B-4FAE60C60654}-v40-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\34\41-{54A66D57-3E11-4417-A1F0-84D243795954}-v34-{7D12C007-A211-4490-917B-4FAE60C60654}-v41-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\36\78-{54A66D57-3E11-4417-A1F0-84D243795954}-v36-{306473DC-A189-40FB-99E4-7448515BD1DE}-v78-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\39\79-{54A66D57-3E11-4417-A1F0-84D243795954}-v39-{306473DC-A189-40FB-99E4-7448515BD1DE}-v79-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\46\80-{54A66D57-3E11-4417-A1F0-84D243795954}-v46-{306473DC-A189-40FB-99E4-7448515BD1DE}-v80-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\52\68-{54A66D57-3E11-4417-A1F0-84D243795954}-v52-{306473DC-A189-40FB-99E4-7448515BD1DE}-v68-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\54\81-{54A66D57-3E11-4417-A1F0-84D243795954}-v54-{306473DC-A189-40FB-99E4-7448515BD1DE}-v81-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\56\69-{54A66D57-3E11-4417-A1F0-84D243795954}-v56-{306473DC-A189-40FB-99E4-7448515BD1DE}-v69-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\59\71-{54A66D57-3E11-4417-A1F0-84D243795954}-v59-{306473DC-A189-40FB-99E4-7448515BD1DE}-v71-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\61\72-{54A66D57-3E11-4417-A1F0-84D243795954}-v61-{306473DC-A189-40FB-99E4-7448515BD1DE}-v72-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\63\82-{54A66D57-3E11-4417-A1F0-84D243795954}-v63-{306473DC-A189-40FB-99E4-7448515BD1DE}-v82-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\65\73-{54A66D57-3E11-4417-A1F0-84D243795954}-v65-{306473DC-A189-40FB-99E4-7448515BD1DE}-v73-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\67\74-{54A66D57-3E11-4417-A1F0-84D243795954}-v67-{306473DC-A189-40FB-99E4-7448515BD1DE}-v74-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\69\84-{54A66D57-3E11-4417-A1F0-84D243795954}-v69-{306473DC-A189-40FB-99E4-7448515BD1DE}-v84-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\75\85-{54A66D57-3E11-4417-A1F0-84D243795954}-v75-{306473DC-A189-40FB-99E4-7448515BD1DE}-v85-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\87\86-{54A66D57-3E11-4417-A1F0-84D243795954}-v87-{306473DC-A189-40FB-99E4-7448515BD1DE}-v86-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\perfidaxever@hotmail.com\SharingMetadata\batifab@yahoo.it\DFSR\Staging\CS{81AB862E-6220-EC62-FDB4-EF4F6F555BD6}\01\10-{81AB862E-6220-EC62-FDB4-EF4F6F555BD6}-v1-{5372329D-3400-48C8-AEDF-D91AA7662E86}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\perfidaxever@hotmail.com\SharingMetadata\luce.cor@hotmail.it\DFSR\Staging\CS{CA7B7B05-DC04-67BD-B8E3-14BAE92A650E}\01\11-{CA7B7B05-DC04-67BD-B8E3-14BAE92A650E}-v1-{5372329D-3400-48C8-AEDF-D91AA7662E86}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\01\49-{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v49-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\61\1077-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1061-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1077-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\62\1078-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1062-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1078-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\63\1079-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1063-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1079-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\64\1066-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1064-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1066-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\68\1080-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1068-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1080-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\69\1094-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1069-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1094-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\70\1082-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1070-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1082-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\72\1095-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1072-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1095-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\73\1096-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1073-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1096-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\74\1098-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1074-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1098-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\75\1099-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1075-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1099-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\76\1097-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1076-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1097-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\01\12-{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v12-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\23\23-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v23-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v23-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\24\24-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v24-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v24-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\24\24-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v24-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v24-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\25\25-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v25-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\25\25-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v25-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\26\26-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v26-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\26\26-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v26-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\27\27-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v27-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\27\27-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v27-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v27-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\28\28-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v28-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\29\29-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v29-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\30\30-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v30-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v30-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\46\46-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v46-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v46-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\47\47-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v47-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v47-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\48\48-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v48-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v48-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\83\84-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v83-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v84-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\dareiz@kaiba.cc\DFSR\Staging\CS{F2CD1A3F-6228-5114-8B5D-CD0FBFA9752D}\01\10-{F2CD1A3F-6228-5114-8B5D-CD0FBFA9752D}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\gingerxx@tiscali.it\DFSR\Staging\CS{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}\01\22-{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v22-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\gingerxx@tiscali.it\DFSR\Staging\CS{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}\55\49-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v55-{7D12C007-A211-4490-917B-4FAE60C60654}-v49-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\gingerxx@tiscali.it\DFSR\Staging\CS{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}\56\56-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v56-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v56-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\rogerfederer95@hotmail.it\DFSR\Staging\CS{56992C79-1DCC-B35C-5FC1-02480851D9C7}\01\67-{56992C79-1DCC-B35C-5FC1-02480851D9C7}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v67-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.

COMBOFIX

Codice:

ComboFix 08-01-07.5 - utente 2008-01-09  1.48.55.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1040.18.1648 [GMT 1:00]
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\eMule\emule .exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnmlmj.dll
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX16.tmp
C:\WINDOWS\system32\RCX1A.tmp
C:\WINDOWS\system32\RCX22.tmp
C:\WINDOWS\system32\RCX25.tmp
C:\WINDOWS\system32\RCX27.tmp
C:\WINDOWS\system32\RCX2C.tmp



	Codice:
	 <pre>
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> Acrotray.exe
C:\Programmi\ESET\nod32kui .exe ---> nod32kui.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR .EXE ---> KHALMNPR.EXE
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe ---> Communications_Helper.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe ---> LVComSX.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe ---> LogitechDesktopMessenger.exe
C:\Programmi\MSN Messenger\MsnMsgr .Exe ---> MsnMsgr.Exe
</pre>

.
.
(((((((((((((((((((((((((   Files Creati Da 2007-12-09 al 2008-01-09  )))))))))))))))))))))))))))))))))))
.

2008-01-08 18:13 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-08 17:59 . 2008-01-08 17:59	<DIR>	d--------	C:\Programmi\Logitech
2008-01-08 17:59 . 2006-08-22 23:20	155,648	--a------	C:\WINDOWS\system32\kemutb.dll
2008-01-08 17:59 . 2006-08-22 23:19	131,072	--a------	C:\WINDOWS\system32\KemUtil.dll
2008-01-08 17:59 . 2008-01-08 17:59	118,784	-r-------	C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-01-08 17:59 . 2006-08-22 23:20	110,592	--a------	C:\WINDOWS\system32\KemWnd.dll
2008-01-08 17:59 . 2006-07-19 12:03	94,208	--a------	C:\WINDOWS\KHALMNPR.Exe
2008-01-08 17:59 . 2006-08-22 23:20	69,632	--a------	C:\WINDOWS\system32\KemXML.dll
2008-01-08 17:59 . 2006-07-19 12:28	36,736	--a------	C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-01-08 17:59 . 2006-08-23 01:08	3,712	--a------	C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-01-08 16:59 . 2008-01-08 18:02	15,360	--a------	C:\WINDOWS\system32\ctfmon .exe
2008-01-08 03:08 . 2008-01-08 03:08	0	--a------	C:\WINDOWS\system32\mapisvc.inf
2008-01-08 02:21 . 2008-01-09 01:54	<DIR>	d--------	C:\VundoFix Backups
2008-01-08 01:18 . 2008-01-08 01:20	32,764	--a------	C:\WINDOWS\17PHolmes572.exe
2008-01-07 20:52 . 2008-01-07 20:52	<DIR>	d--------	C:\Documents and Settings\utente\DoctorWeb
2008-01-07 18:25 . 2008-01-08 00:51	<DIR>	d--------	C:\VEXPLITE
2008-01-07 18:25 . 2007-10-10 09:00	36,096	--a------	C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-07 02:14 . 2008-01-08 02:09	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\PrevxCSI
2008-01-07 02:14 . 2008-01-07 02:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-01-06 21:15 . 2008-01-08 02:05	250	--a------	C:\WINDOWS\gmer.ini
2008-01-06 20:26 . 2008-01-06 20:26	<DIR>	d--------	C:\Programmi\Panda Security
2008-01-06 18:45 . 2008-01-06 20:18	<DIR>	d--------	C:\Programmi\a-squared Free
2008-01-06 17:22 . 2008-01-06 17:22	<DIR>	d--------	C:\Programmi\CCleaner
2008-01-06 03:48 . 2008-01-06 03:48	<DIR>	d--------	C:\Programmi\Trend Micro
2008-01-05 03:43 . 2008-01-05 03:43	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\dvdcss
2008-01-05 03:43 . 2008-01-05 03:43	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\ArcSoft
2008-01-04 13:21 . 2008-01-04 13:21	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-04 13:21 . 2008-01-04 13:21	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-04 02:58 . 2008-01-04 02:58	<DIR>	d--------	C:\Programmi\ArcSoft
2008-01-04 02:58 . 1995-07-31 13:44	212,480	--a------	C:\WINDOWS\PCDLIB32.DLL
2008-01-04 02:58 . 2001-12-05 17:59	21	--a------	C:\WINDOWS\PMK_setup.ini
2008-01-02 13:17 . 2008-01-02 13:17	994,243	--a------	C:\WINDOWS\system32\updater.dll
2007-12-25 16:12 . 2007-12-25 16:12	<DIR>	d--------	C:\Programmi\Convar
2007-12-25 16:12 . 2003-07-18 13:58	516,784	-ra------	C:\WINDOWS\system32\XceedCry.dll
2007-12-25 16:12 . 2002-02-28 09:46	217,088	--a------	C:\WINDOWS\system32\DartSock.dll
2007-12-25 16:12 . 2002-02-21 10:12	118,784	--a------	C:\WINDOWS\system32\DartWeb.dll
2007-12-25 16:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2007-12-25 16:12 . 1998-06-13 22:53	44,544	--a------	C:\WINDOWS\system32\Gif89.dll
2007-12-25 16:12 . 2002-04-12 13:19	28,672	--a------	C:\WINDOWS\system32\DartWeb.oca
2007-12-25 16:10 . 2007-12-25 16:11	<DIR>	d--------	C:\Programmi\Stellar Phoenix Recovery Suite
2007-12-24 18:52 . 2007-12-28 11:39	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\muvee Technologies
2007-12-24 18:51 . 2007-12-24 18:51	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-24 18:46 . 2007-12-28 11:21	<DIR>	d--------	C:\Programmi\File comuni\muvee Technologies
2007-12-24 18:46 . 2006-08-30 07:10	158,456	---------	C:\WINDOWS\system32\pxwma.dll
2007-12-22 19:53 . 2007-12-28 11:24	79,280	--a------	C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-22 19:46 . 2007-12-22 19:46	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\UDL
2007-12-22 19:45 . 2008-01-04 16:44	<DIR>	d--------	C:\Programmi\ABBYY FineReader 6.0 Sprint
2007-12-22 19:39 . 2007-12-22 19:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\EPSON
2007-12-22 19:38 . 2004-08-03 23:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-22 19:38 . 2004-08-03 23:01	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-22 19:38 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-22 19:38 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-22 19:36 . 2007-12-22 19:46	<DIR>	d--------	C:\Programmi\epson
2007-12-22 19:36 . 2007-03-27 00:00	67,072	--a------	C:\WINDOWS\system32\escwiad.dll
2007-12-22 19:36 . 2007-12-22 19:36	25	--a------	C:\WINDOWS\CDE DX7400DEFGIPS.ini
2007-12-22 10:58 . 2007-12-28 11:38	<DIR>	d--------	C:\Programmi\muvee Technologies
2007-12-22 10:57 . 2007-12-22 10:57	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\muvee Technologies

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 00:53	---------	d-----w	C:\Programmi\MSN Messenger
2008-01-09 00:51	---------	d-----w	C:\Programmi\eMule
2008-01-08 17:00	---------	d-----w	C:\Programmi\File comuni\Logitech
2008-01-08 16:11	---------	d--h--w	C:\Programmi\InstallShield Installation Information
2008-01-08 15:47	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\Skype
2008-01-08 02:07	502,208	----a-w	C:\WINDOWS\system32\drivers\amon.sys
2008-01-08 00:24	---------	d-----w	C:\Programmi\MessengerDiscovery
2008-01-08 00:23	---------	d-----w	C:\Programmi\QuickTime
2007-12-22 18:48	---------	d-----w	C:\Programmi\File comuni\InstallShield
2007-12-22 09:58	---------	d-----w	C:\Programmi\DivX
2007-12-11 17:40	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\Nokia Multimedia Player
2007-12-08 00:01	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\BitTorrent
2007-12-07 23:58	---------	d-----w	C:\Programmi\BitTorrent
2007-12-07 23:07	---------	d-----w	C:\Programmi\Virtual Earth 3D
2007-12-07 20:33	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\vlc
2007-12-07 20:31	---------	d-----w	C:\Programmi\DomPlayer
2007-12-07 20:28	---------	d-----w	C:\Programmi\VideoLAN
2007-12-06 23:08	---------	d-----w	C:\Programmi\MAXON
2007-12-03 22:19	---------	d-----w	C:\Programmi\onOne Software
2007-12-03 22:19	---------	d-----w	C:\Programmi\File comuni\onOne Software Shared
2007-12-02 23:30	---------	d-----w	C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2007-12-02 14:46	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\Quark
2007-12-02 14:41	---------	d-----w	C:\Programmi\Quark
2007-12-01 18:14	---------	d-----w	C:\Programmi\StuffPlug3
2007-11-19 15:32	---------	d-----w	C:\Programmi\File comuni\Adobe
2007-11-19 15:32	---------	d-----w	C:\Programmi\Bonjour
2007-11-09 00:52	---------	d-----w	C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-10-23 16:49	586,240	----a-w	C:\WINDOWS\WLXPGSS.SCR
.


	Codice:
	<pre>
----a-w            15,360 2008-01-08 17:02:05  C:\WINDOWS\system32\ctfmon .exe
</pre>


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23CB49C5-4D41-4331-A91D-EA48333BB46A}]
			C:\WINDOWS\system32\ssqpq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2008-01-08 18:11 5674352]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-08 18:11 36864]
"eMuleAutoStart"="C:\Programmi\eMule\emule .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-12-21 11:29 7774208]
"nwiz"="nwiz.exe" [2006-12-21 11:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-12-21 11:29 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-08 18:11 620152]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-08 18:11 917504]
"Logitech Hardware Abstraction Layer"="C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE" [2008-01-08 18:11 94208]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2008-01-08 18:11 529968]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2008-01-08 18:11 244520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
C6 Messenger.lnk - C:\Programmi\C6 Messenger\c6Messenger.exe [2007-09-12 10:55:33]
Stardock ObjectDock.lnk - C:\Programmi\Stardock\ObjectDock\ObjectDock.exe [2007-08-08 03:58:50]
Yahoo! Widget Engine.lnk - C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50]
Avvio veloce di Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2007-08-08 00:46:45]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-08 17:59:54]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2008-01-08 17:59:19]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 10:43:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\FILECO~1\Stardock\MCPStub.dll

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-10-10 09:00]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-08-23 01:08]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-01-07 18:26]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-07 17:52]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-08 17:38:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 01:54:12
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo 
Files nascosti: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes --------------------- 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-01-09  1:55:34 - machine was rebooted [utente]
ComboFix-quarantined-files.txt  2008-01-09 00:55:32

PREVX CSI

Codice:

Prevx CSI Build:  (v1.2.101.109)
Prevx Computer Security Investigator Output Log
System analyzed at: 01/09/08 at 12:29:13

C:\WINDOWS\system32\ntdll.dll
	Loaded into: C:\WINDOWS\System32\smss.exe
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 98EF83350066C70122B20B444BEBEA00D217A1B2
MD5: 75a0aecc55a3f0b9e2d54119fa4aab6d
Determination: GOOD

C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 457E08CD00DE83E3183600665DD0AE001F0FA82A
MD5: 2b511a5438308a1ac8d48482279810e6
Determination: GOOD

C:\WINDOWS\system32\CSRSRV.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 672F934100D50DA280D100335AB03A0006C3D206
MD5: 4ba2dbac6357b3b9d89c53823afe15c5
Determination: GOOD

C:\WINDOWS\system32\basesrv.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: CDE7154D0060E2E4CE1D00F8B4D58500AEAC4112
MD5: 7b37b598b55bf80415c15bffe7a992a2
Determination: GOOD

C:\WINDOWS\system32\winsrv.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
PX5: 8732376800C35F4172D80484B9A63B00A104B3EF
MD5: 09a89dee6e15e360b52e556e2a46d97c
Determination: GOOD

C:\WINDOWS\system32\USER32.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 0F3EF70A0068B54FD2AC08079BAEE60002A2BAD2
MD5: 08447bdfce5d1b1956f962602381f5c1
Determination: GOOD

C:\WINDOWS\system32\KERNEL32.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: D52CD51B0060B5DEAEDC0F6CFC78C3000275A5DD
MD5: feb3cc200749ff119bb8b08224a1a594
Determination: GOOD

C:\WINDOWS\system32\GDI32.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 1F9CE28700B6BB683E2104A31AD9960012802DE9
MD5: 2262fe3b392bd2d4d6e59f6024dce576
Determination: GOOD

C:\WINDOWS\system32\sxs.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 8DD4793200312BB2E8C40A6B35703B00EAC2F4EA
MD5: 2326b65e910186b39d4c58376c97622c
Determination: GOOD

C:\WINDOWS\system32\ADVAPI32.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: DA31EA390036C3916C5C0A395DA4E3007CA4EABA
MD5: 09bb0a2c325f7085e24fae6134de2d16
Determination: GOOD

C:\WINDOWS\system32\RPCRT4.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_np	rpcrt4.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_ip_tcp	rpcrt4.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncadg_ip_udp	rpcrt4.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols\ncacn_http	rpcrt4.dll
PX5: 779FC6C5008166E0DEAA08874C150000A68771E2
MD5: e40a1024ef253382bd296a59625bd5f5
Determination: GOOD

C:\WINDOWS\system32\Apphelp.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 2E534C590076A85BF05D01EC9E4FFB0089A4554F
MD5: 086da77c3c612759d4ef437f67532e2d
Determination: GOOD

C:\WINDOWS\system32\VERSION.dll
	Loaded into: C:\WINDOWS\system32\csrss.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 17E09890009DDCC84AAD00E153CBBA0071FD3882
MD5: 9b5a59851d9a237c86210e07e2195a12
Determination: GOOD

C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: D0D54E6C00E89575B4CC07CFE43BE400C1F31A26
MD5: 4166454e2bcfcc20d1b8a5ac9feab243
Determination: GOOD

C:\WINDOWS\system32\AUTHZ.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: E9DDEB920002ADAADEA00048047B1D002E56DB1B
MD5: c0f8a404df967cacb7489c7d56f30674
Determination: GOOD

C:\WINDOWS\system32\msvcrt.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: EAD3CF360087D2AD3C120509FE506F008FB88290
MD5: 9e6cb81be111b9935f6a97c367cabd4e
Determination: GOOD

C:\WINDOWS\system32\CRYPT32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\DllName	crypt32.dll
PX5: DD3ED9060033BBFB2E83098709F8D4001E524429
MD5: 5588d8afd51d060f82315c50d7590323
Determination: GOOD

C:\WINDOWS\system32\MSASN1.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 09F301D4001F77D2E0150027945354004927323C
MD5: 0a75ac7d90bd8e6bc942dba004579d5b
Determination: GOOD

C:\WINDOWS\system32\NDdeApi.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 8E19EB1100E774A0488300C192BED30080B1D3E4
MD5: 11be44f0c0978927aed7d69b75c24937
Determination: GOOD

C:\WINDOWS\system32\PROFMAP.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 90AEB4A600D0EF596C4F00D134ACAA00BDFD0752
MD5: 0328058695d324d26528077f5b136636
Determination: GOOD

C:\WINDOWS\system32\NETAPI32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: CC4BFB2E005E161C12BF0576C5EB94007AE54E90
MD5: a8db277fb7c964a2bae0159bc05c5621
Determination: GOOD

C:\WINDOWS\system32\USERENV.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 02BF46CD00DC848D207F0BA7D391AB00DCDEB32E
MD5: ac31ca2b251fe8057528fa937335b164
Determination: GOOD

C:\WINDOWS\system32\PSAPI.DLL
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: 5DB1DF3A00AE978A5A1800B9B5A8C30041FF3076
MD5: 2baf81b8504d9c1600c51a498e5453b3
Determination: GOOD

C:\WINDOWS\system32\REGAPI.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: BDCF1CB600ACB6D2C2EE007361942C0007606048
MD5: bb756f78728c2d953574e8652b7e86a8
Determination: GOOD

C:\WINDOWS\system32\Secur32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService	secur32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\10	secur32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\16	secur32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService	secur32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\18	secur32.dll
PX5: 2226211D005B7868DA45009E23898E00149E78C6
MD5: 8285b8b146b42ff18ed08c558435011e
Determination: GOOD

C:\WINDOWS\system32\SETUPAPI.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 085443D800EAF0FA42960F6622B8E300CB4CB91D
MD5: 6f83a7ed3217d0e612445612d1991767
Determination: GOOD

C:\WINDOWS\system32\WINSTA.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 1789B2A5005E39C8D2660086022E8500C3B9450D
MD5: de24ebecf7833a4de925d0832956f21a
Determination: GOOD

C:\WINDOWS\system32\WINTRUST.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 0D34C3E0002C3B32B2670226273B8500327F7603
MD5: 48bd2908fe77abb5ef42dd4a108600b5
Determination: GOOD

C:\WINDOWS\system32\IMAGEHLP.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 92D4CA5F00EA8A5C340F02F2506EE800E1319CFF
MD5: f309c34e0f66dac995053e91effc9002
Determination: GOOD

C:\WINDOWS\system32\WS2_32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 42D0077300700B1344D7019D11CF0E00A225E294
MD5: 12ead983c875ed9bcc8b90e3f77f2e4a
Determination: GOOD

C:\WINDOWS\system32\WS2HELP.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 097C6291004A18B14EEC00B4A6264D00B84611B9
MD5: 0c1f495c1761c126bc820f4de4c8b967
Determination: GOOD

C:\WINDOWS\system32\MSGINA.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 0590994000D0A8B53A390FFB32187D003143117B
MD5: 4ba6464cf0d5fe0cd0b43ae4b3b32d26
Determination: GOOD

C:\WINDOWS\system32\SHELL32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet	rundll32 shell32,Control_RunDLL "sysdm.cpl"
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\StubPath	regsvr32.exe /s /n /i:U shell32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder	{7849596a-48ea-486e-8937-a2a3009f31a9}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn	{fbeb8a05-beee-4442-804e-409d6c4515e9}
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}	
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With\(default)	{09799AFB-AD67-11d1-ABCD-00C04FC30936}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With\(default)	{09799AFB-AD67-11d1-ABCD-00C04FC30936}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(default)	{A470F8CF-A1E8-4f65-8335-227475AA5C46}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\(default)	{A470F8CF-A1E8-4f65-8335-227475AA5C46}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(default)	Blocco menu Start
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(default)	Blocco menu Start
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu\(default)	{A470F8CF-A1E8-4f65-8335-227475AA5C46}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu\(default)	{A470F8CF-A1E8-4f65-8335-227475AA5C46}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(default)	{217FC9C0-3AEA-1069-A2DB-08002B30309D}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(default)	{217FC9C0-3AEA-1069-A2DB-08002B30309D}
PX5: EA00C46A00DF4A1A601F80DDA7E37000C893634E
Determination: GOOD

C:\WINDOWS\system32\SHLWAPI.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 4CE7353F0026001C3CA7077551D26B00F192D3F0
MD5: bbf4bc84d6bb5858634657718f319b0b
Determination: GOOD

C:\WINDOWS\system32\COMCTL32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 0FFEE7C7000006B05465090C27232C00D413C33C
MD5: 0fe5f5912c30795c455a9645970e6c7c
Determination: GOOD

C:\WINDOWS\system32\ODBC32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: A52E0F9B00E1697FD015036BACB9C10078B33C67
MD5: 485b2381cf003dad79f1371fbeaacd5a
Determination: GOOD

C:\WINDOWS\system32\comdlg32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: D1079ADC002DFDB3487D042258AF1F00F0FB72E4
MD5: c99fd691acafaeeefd03f1e4e6d3dd60
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 9530DEA70023A05308671094FE66420057AEE923
MD5: d81759006d620d41f7fd1d2a4a10c7f3
Determination: GOOD

C:\WINDOWS\system32\odbcint.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
PX5: 17030F830012904980B601AEBBE29A00B94ABB0D
MD5: ea88a16da0d06069c0c06ab5a4669e26
Determination: GOOD

C:\WINDOWS\system32\SHSVCS.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 29B6016000DA65A00EB502BB0FFC6D00E022C836
MD5: 500e8ef27757b1c463a4a263ed2c95d2
Determination: GOOD

C:\WINDOWS\system32\sfc.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 16BA5AAF006AA18914FD002B882F7D0027109E10
MD5: e6f026dbc75b6eed7331ebf581afd4d8
Determination: GOOD

C:\WINDOWS\system32\sfc_os.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 53B4176200566C3D2844029CE35AC3003149753E
MD5: 8fbf27ab56de71e2bdd5a2ccb7fb9023
Determination: GOOD

C:\WINDOWS\system32\ole32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: E758784E007AB6358C70131F94722D006C415D83
MD5: 66364440c71911d07468f3791206fb87
Determination: GOOD

C:\WINDOWS\system32\WINSCARD.DLL
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 49E7BE4C00EA6409841F01CF112B5500E75D0DD5
MD5: 840535254edd74e79d059229c5a2f800
Determination: GOOD

C:\WINDOWS\system32\WTSAPI32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 1CDB8610004CDD7F48CB007245065C0097B2DD61
MD5: e2703bb7beac36269482a8d32400ad38
Determination: GOOD

C:\WINDOWS\system32\uxtheme.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: D88EDDB7006796175ABD03E85DCCE30039E51CA1
MD5: d5193d474d7bb9ce917b4cf5f3ada9d4
Determination: GOOD

C:\WINDOWS\system32\WINMM.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8B514EB5005BE141BAA3022C5AD8F400CAAEB534
MD5: 1dc87f8c450e295fb8cc5039d27292e5
Determination: GOOD

C:\WINDOWS\system32\cscdll.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\DLLName	cscdll.dll
PX5: 36CC0D8B0009157E909D017F19231E0041E0A92E
MD5: 38c69b2bc3182a85f0b323c9d1eb7e26
Determination: GOOD

C:\Programmi\File comuni\Stardock\MCPStub.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient\DllName	C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll
PX5: C6C8F55400A02C0AC06A0072A14AF2004560916D
MD5: 0eb2de8403f97505ad3c3cdceed09455
Determination: GOOD

C:\WINDOWS\system32\WlNotify.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\DLLName	wlnotify.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\DllName	wlnotify.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\DLLName	WlNotify.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\DllName	wlnotify.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\DLLName	wlnotify.dll
PX5: 3C08F14B008AD1456C990109A197100002605D8A
MD5: 72e4cad810a967449caab723e99c74b1
Determination: GOOD

C:\WINDOWS\system32\WINSPOOL.DRV
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: A35B6D1900D11F1D3E5102B97EFC0500E974203D
MD5: a357128eea84698dcf3ed33e521292cc
Determination: GOOD

C:\WINDOWS\system32\MPR.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 4E92FBCC002BB291EAE5000F10C15F00A1E7AD21
MD5: 7013fc08075eef2d881d55f898f2d402
Determination: GOOD

C:\WINDOWS\system32\rsaenh.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
MD5: 26acbd865f8cff730f1791c4d0854352
Determination: GOOD

C:\WINDOWS\system32\msv1_0.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Authentication Packages	msv1_0
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages	kerberos
PX5: 7DDBB66E00F27A20FA0D01B81C65BB005752F1B9
MD5: affa7a2ecb1476f29641c90524f63e2e
Determination: GOOD

C:\WINDOWS\system32\iphlpapi.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 811D12860031DBC676BC0192323E8B00C52133AD
MD5: 494eb23ef42602f1622d515960a98074
Determination: GOOD

C:\WINDOWS\system32\SAMLIB.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6D3509C200E203F6FAF00078D7EA35003D8429D0
MD5: f16c9cdb4a47969b1cf48e0620f6e217
Determination: GOOD

C:\WINDOWS\system32\cscui.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}\DllName	%SystemRoot%\System32\cscui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750fdf0e-2a26-11d1-a3ea-080036587f03}	Offline Files Menu
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{10CFC467-4392-11d2-8DB4-00C04FA31A66}	Offline Files Folder Options
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}	Cartella file non in linea
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Offline Files\(default)	{750fdf0e-2a26-11d1-a3ea-080036587f03}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Offline Files\(default)	{750fdf0e-2a26-11d1-a3ea-080036587f03}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Offline Files\(default)	{750fdf0e-2a26-11d1-a3ea-080036587f03}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Offline Files\(default)	{750fdf0e-2a26-11d1-a3ea-080036587f03}
PX5: 8E7CD5F4006500C1188E05B6248B9200BAF8CA73
MD5: 53e5ab61ddcc0f057182bc1b5513b744
Determination: GOOD

C:\WINDOWS\system32\xpsp2res.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: DD9EAB9A00D5F12036192D6118710400ADB6810C
MD5: 0e8e6901c637095ec3b483475e39731e
Determination: GOOD

C:\WINDOWS\system32\NTMARTA.DLL
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 1D452FC300F103CCD4AF019C0B4A1000D0C05759
MD5: 3c1b1065c5bfca5190e7fa7efcb11b59
Determination: GOOD

C:\WINDOWS\system32\WLDAP32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 9E81915C002CE532A4010226E6EC3100C992DBA0
MD5: a340dec6229f08d8b9644f2be00100fc
Determination: GOOD

C:\WINDOWS\system32\wdmaud.drv
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\aux	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers\wave	wdmaud.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers\wave1	wdmaud.drv
PX5: E19B13CB00CFB9ED5C250033B033BB00A27F216F
MD5: 6deb9059000c34770192b78d85f6d387
Determination: GOOD

C:\WINDOWS\system32\msacm32.drv
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\wavemapper	msacm32.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wavemapper	msacm32.drv
PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B
MD5: 05e84eead6b27c958621a4e6d33859d1
Determination: GOOD

C:\WINDOWS\system32\MSACM32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: CD32AC5300D4DB3A183401A597817D009B477A6B
MD5: b088085d01b3e80e2be0e9cd1838ba9b
Determination: GOOD

C:\WINDOWS\system32\midimap.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\midimapper	midimap.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midimapper	midimap.dll
PX5: 8C299C3E002D88084A0000F598A51000C8C9681D
MD5: eaaa11be5c162266e698f7658bd8a1da
Determination: GOOD

C:\WINDOWS\system32\COMRes.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: D3FD3AB2006F991AE8A30C7CE8FD780095D6A640
MD5: b979bbba74f4f5db69c3a5dfdc52828c
Determination: GOOD

C:\WINDOWS\system32\OLEAUT32.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: B8AC5953001510F87226084B320E2F00FADEC04D
MD5: 6be31dd27f035ae0aff3fa764ddc8b4b
Determination: GOOD

C:\WINDOWS\system32\CLBCATQ.DLL
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 7768E3ED00658AB9A66507AEECA75E0031A45A6F
MD5: 0189390cdbbfa0649898486ef5af4130
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemprox.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 118AA1B200D76A754A3B0017C7664600A1463C19
MD5: cece259d273771497d2c96c8121d9c58
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemcomn.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 30B285D60040901346F3037FF72C08005C58C30E
MD5: 7db0054945c1c937553f97fa1f1eaffb
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemsvc.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 25397BDF00757EBFAAF700E3ED2B7800B9284F1B
MD5: dd3e1e96ea769c31936d9b09f9137954
Determination: GOOD

C:\WINDOWS\system32\wbem\fastprox.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: AEBA61B800E4BC9A34F5075F66FDAB005D1447F9
MD5: fc9f0b7216d087f9502ece38439ae144
Determination: GOOD

C:\WINDOWS\system32\MSVCP60.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 2D7DD02900BE71EC5085060A796CD8005BF97344
MD5: b30c42dfa52a70037ab31a85057a5657
Determination: GOOD

C:\WINDOWS\system32\NTDSAPI.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: B049763B0042836806A701AA022FCD00F10A90B1
MD5: 6ae3588c5fea68cdfcd743af5fc95398
Determination: GOOD

C:\WINDOWS\system32\DNSAPI.dll
	Loaded into: C:\WINDOWS\system32\winlogon.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: E002A9EF00BB5FBB44CD027C35B0550058480101
MD5: 6e8ce9bb6332762f102a075a65194870
Determination: GOOD

C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Eventlog\ImagePath	%SystemRoot%\system32\services.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PlugPlay\ImagePath	%SystemRoot%\system32\services.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog\ImagePath	C:\WINDOWS\system32\services.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay\ImagePath	C:\WINDOWS\system32\services.exe
PX5: 55CFB3920083E585A8B8011373392400747D1070
MD5: e77f6fa2a15390f1727f4c1c55b69da6
Determination: GOOD

C:\WINDOWS\system32\SCESRV.dll
	Loaded into: C:\WINDOWS\system32\services.exe
PX5: 42090831009A7DEDFC25041A41C0A6009F850DB8
MD5: e84a4bfd34f64af3a9b2e4ff45c02dca
Determination: GOOD

C:\WINDOWS\system32\umpnpmgr.dll
	Loaded into: C:\WINDOWS\system32\services.exe
PX5: 26E71B8F007D3456D4BB016B5AFBC800D7F565BB
MD5: 232f47c76cd56683a1a329eccb277f83
Determination: GOOD

C:\WINDOWS\system32\NCObjAPI.DLL
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 7EA0BF3D001A18F58E38007796CD8000CD7F3FCC
MD5: 1fc06b22ba62ab448613461d06c328c9
Determination: GOOD

C:\WINDOWS\system32\ShimEng.dll
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 279F162200D45347000001BBAACC850063724C8D
MD5: dc7d49e0dec335b8e14c734ab1bade66
Determination: GOOD

C:\WINDOWS\AppPatch\AcGenral.DLL
	Loaded into: C:\WINDOWS\system32\services.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 5F6310EE002D3DBC446C1C5A826CF10048881669
MD5: 26caaee19627a49509a5faaf49e418a0
Determination: GOOD

C:\WINDOWS\system32\eventlog.dll
	Loaded into: C:\WINDOWS\system32\services.exe
PX5: D2B7D57A001E9CD9DA5600E2BE4F3C00079E4466
MD5: d1caa255f33c06c8302769a86ffb905e
Determination: GOOD

C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Netlogon\ImagePath	%SystemRoot%\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NtLmSsp\ImagePath	%SystemRoot%\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PolicyAgent\ImagePath	%SystemRoot%\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ProtectedStorage\ImagePath	%SystemRoot%\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SamSs\ImagePath	%SystemRoot%\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon\ImagePath	C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp\ImagePath	C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent\ImagePath	C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage\ImagePath	C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs\ImagePath	C:\WINDOWS\system32\lsass.exe
PX5: CC1BA69F00AF6D2D3445003B3C2E0700B638080D
MD5: 0815e8da286775fa432c7c9ee5e10ba1
Determination: GOOD

C:\WINDOWS\system32\LSASRV.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: DFF408A1009F902E1A360BCBB8D0DD00224FF50F
MD5: e0c3289e36894fb2348cb748cdb37516
Determination: GOOD

C:\WINDOWS\system32\SAMSRV.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: E92EC68300CE21C68E4E06BCC0EDF6004268C49A
MD5: 12b717e63f23bdf3fd43b295542154d9
Determination: GOOD

C:\WINDOWS\system32\cryptdll.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 81B30DAB0078862F82C6000202049600DB968CD1
MD5: 4ac54687b901091378c512a6c56f6214
Determination: GOOD

C:\WINDOWS\system32\msprivs.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: 0CA48DC3002C50B3BC750065E2B27800000C62EB
MD5: d7d64ff974b96816e1ae2c5b86de35ba
Determination: GOOD

C:\WINDOWS\system32\kerberos.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages	kerberos
PX5: 5BA16E2800984E107E90042A99DCA400E3F73FD4
MD5: ccbd78ddfbddb5531a2b36684e1a2709
Determination: GOOD

C:\WINDOWS\system32\netlogon.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\68	netlogon.dll
PX5: 7826BE4E00B0693C362206A7BBB246000E968C98
MD5: 926bb51bb6de79dedb93e9c2b0811ccf
Determination: GOOD

C:\WINDOWS\system32\w32time.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B0DB78E90001F969B24A022F16FE9C007D6DCCBC
MD5: 8b97d00e5c6a593ebb605ce4b8a5caa5
Determination: GOOD

C:\WINDOWS\system32\schannel.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders	msapsspc.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages	kerberos
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService\14	schannel.dll
PX5: 6875CD56004DB153365402E13E2E3800ECF2B58B
MD5: 8991aa4feccd0f90963aa68d120782eb
Determination: GOOD

C:\WINDOWS\system32\wdigest.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Security Packages	kerberos
PX5: F311FBD900986B6DC09400C9FE9A9C00CD8F608E
MD5: bc6964976170dc87caf151a144be586c
Determination: GOOD

C:\WINDOWS\system32\scecli.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\DllName	scecli.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}\DllName	scecli.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Notification Packages	scecli
PX5: C91F3DA800B1BEBADA0C02480448D00054984981
MD5: 1446eb71adf0f54980cdd7e5a812e102
Determination: GOOD

C:\WINDOWS\system32\ipsecsvc.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: B05D914900808F8FCED102E7A46D080020A33905
MD5: 24e00a2782f1fbdda55173f6a92793b4
Determination: GOOD

C:\WINDOWS\system32\oakley.DLL
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: A4E8D0C400046CE116C204B93C6D3F0003672778
MD5: f450886f41773a5faeb25e87b758d6a8
Determination: GOOD

C:\WINDOWS\system32\WINIPSEC.DLL
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5E3F044E00E5E84280510004471F8A00BD7E5854
MD5: 30e14d74bcd1beea96a279f78a723346
Determination: GOOD

C:\WINDOWS\system32\imon.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: FILE
PX5: BD8681B200EEFFCB206004A3D31628007C0FE563
MD5: 9a51ecb77b63af6ebc76c7516d1bd5a4
Determination: GOOD

C:\WINDOWS\system32\WSOCK32.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 2C097C2B007169C960BA0014DCE7CC0038229E38
MD5: 3bd93201e3afa5a0660c793a4bdae773
Determination: GOOD

C:\Programmi\Eset\pr_imon.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 2C2B552100FD2A55C098002DDDE82A0081DF91DD
MD5: 3ea2046aa8d56e3545ab618387f4b81e
Determination: GOOD

C:\WINDOWS\system32\mswsock.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath	%SystemRoot%\System32\mswsock.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath	%SystemRoot%\System32\mswsock.dll
PX5: 644C52BE00A05754C6240337B7759700C1FF12E3
MD5: 337cb52af1f7cf6c0f57ec8bd14dc6d1
Determination: GOOD

C:\WINDOWS\system32\hnetcfg.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 2CFD58C600B6F9414A810565679BD6001F42D5DE
MD5: 250d4f4e1e27543c121378268fe07208
Determination: GOOD

C:\WINDOWS\System32\wshtcpip.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 522AC66D001B6D5A4E8E00D8A0AEF000528059BA
MD5: 08b3a60a4dd7fae800b552f8f8d5deb0
Determination: GOOD

C:\WINDOWS\system32\pstorsvc.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: DCF79E3E001DA16F86F70051A83A8600579ADC98
MD5: 24b2f25a42ba3cad1d238f2adae63f7c
Determination: GOOD

C:\WINDOWS\system32\psbase.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
PX5: E242805400420CE08090017E79023900E657FC90
MD5: 7fe963bd4bde86b5eaf5c07c6d0118c3
Determination: GOOD

C:\WINDOWS\system32\dssenh.dll
	Loaded into: C:\WINDOWS\system32\lsass.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
MD5: cacd2c63a79268d131ea37e85524cc44
Determination: GOOD

C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Alerter\ImagePath	%SystemRoot%\system32\svchost.exe -k LocalService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AppMgmt\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AudioSrv\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\BITS\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Browser\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CryptSvc\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\DcomLaunch\ImagePath	%SystemRoot%\system32\svchost -k DcomLaunch
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Dhcp\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmserver\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Dnscache\ImagePath	%SystemRoot%\system32\svchost.exe -k NetworkService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ERSvc\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\EventSystem\ImagePath	C:\WINDOWS\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\FastUserSwitchingCompatibility\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\helpsvc\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HidServ\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HTTPFilter\ImagePath	%SystemRoot%\System32\svchost.exe -k HTTPFilter
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\lanmanserver\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\lanmanworkstation\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LmHosts\ImagePath	%SystemRoot%\system32\svchost.exe -k LocalService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Messenger\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Netman\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Nla\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NtmsSvc\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasAuto\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasMan\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RemoteAccess\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RemoteRegistry\ImagePath	%SystemRoot%\system32\svchost.exe -k LocalService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RpcSs\ImagePath	%SystemRoot%\system32\svchost -k rpcss
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Schedule\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\seclogon\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SENS\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SharedAccess\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ShellHWDetection\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\srservice\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SSDPSRV\ImagePath	%SystemRoot%\system32\svchost.exe -k LocalService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\stisvc\ImagePath	%SystemRoot%\system32\svchost.exe -k imgsvc
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TapiSrv\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TermService\ImagePath	%SystemRoot%\System32\svchost -k DComLaunch
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Themes\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TrkWks\ImagePath	%SystemRoot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\upnphost\ImagePath	%SystemRoot%\system32\svchost.exe -k LocalService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\W32Time\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WebClient\ImagePath	%SystemRoot%\system32\svchost.exe -k LocalService
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\winmgmt\ImagePath	%systemroot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WmdmPmSN\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Wmi\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\wscsvc\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\wuauserv\ImagePath	%systemroot%\system32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WudfSvc\ImagePath	%SystemRoot%\system32\svchost.exe -k WudfServiceGroup
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WZCSVC\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\xmlprov\ImagePath	%SystemRoot%\System32\svchost.exe -k netsvcs
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteRegistry\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wmi\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfSvc\ImagePath	C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC\ImagePath	C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov\ImagePath	C:\WINDOWS\System32\svchost.exe
PX5: 41467A9700616549387D0095555BE300B7CBF228
MD5: 73955b04f209d8a1c633867841267a96
Determination: GOOD

c:\windows\system32\rpcss.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RpcSs\ImagePath	%SystemRoot%\system32\svchost -k rpcss
PX5: D10B46960010CCB40A5406A32381BD005F5BEA56
MD5: 0c015ab735a4624c44cb5696e9208c4c
Determination: GOOD

c:\windows\system32\termsrv.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 15A4D5880058E23888C304BFF814830042F0D520
MD5: c06cd1890279603e15020757e02de56b
Determination: GOOD

c:\windows\system32\ICAAPI.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: BB3E4FC6005CCAE92CC10044E2AB07008B832EBD
MD5: 66da850192b87548374fe13f38a2a265
Determination: GOOD

c:\windows\system32\mstlsapi.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: F3CF001500470019C4F901369ADAFD00DF876B1F
MD5: 9e54d8528f9b4324ed20cfcdf3be6a76
Determination: GOOD

c:\windows\system32\ACTIVEDS.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
PX5: EFB02947002647C8F6250205FD9612006E9558F5
MD5: 25e4e36ced6b15df8d8c10460be834a2
Determination: GOOD

c:\windows\system32\adsldpc.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
PX5: 6D8B11FE00EF99F53026027F152EC40097EA0ACA
MD5: 15ce221ace929705ba7e4346d74e8a06
Determination: GOOD

c:\windows\system32\ATL.DLL
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 90FBA32A008A4DC9E6A3004879775D009B9241D5
MD5: 32bd4cc64449ea2549be4a8efc54f4de
Determination: GOOD

C:\WINDOWS\System32\winrnr.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath	%SystemRoot%\System32\winrnr.dll
PX5: DD7C6D7B00A7C2A842AB003098E8920063CE769A
MD5: bb78454c44a5b0f97295a6d66b217d65
Determination: GOOD

C:\Programmi\Bonjour\mdnsNSP.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath	C:\Programmi\Bonjour\mdnsNSP.dll
PX5: D240058C00D95FC2705201A57ACB2E004585C058
MD5: 1f5a570ad942dfcfe4500326abdd72b2
Determination: GOOD

C:\WINDOWS\system32\rasadhlp.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: C442A786008A10AC207B003B3C2E0700E2EB90DB
MD5: 057393dff71e294edf6db3ad2a0cd0de
Determination: GOOD

C:\WINDOWS\system32\msi.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: E61CB2B900732EA71A202C11C29E1400D1F80F7A
MD5: 1cbc000ecd2de2e6fd2b19bc9aabcc52
Determination: GOOD

c:\windows\system32\dhcpcsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F53436F60068CE64B23A01BCB3126A00C328DCF2
MD5: 3d6f9b5c5c396bfbc14dc565ce624cef
Determination: GOOD

c:\windows\system32\wzcsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 3DF4750600996C8B7E470562CED514005814EDBA
MD5: 312913174d070ed81e9d78da7b648774
Determination: GOOD

c:\windows\system32\rtutils.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: BF0F14BA00130FA5ACFA00D907EAE70083958E2B
MD5: 204a7d354683a49c37505be1646c5d43
Determination: GOOD

c:\windows\system32\WMI.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 781B3D7300C600C41695006A26ACBD006AA9CB45
MD5: 7f9fd6e98cf1898f94d4a6246d4d639e
Determination: GOOD

c:\windows\system32\ESENT.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 2D3CBE9900CA56E1AA3A1013ABD8CF0050E8E49A
MD5: cf52cd81a61e6deff93ca40bba955f30
Determination: GOOD

C:\WINDOWS\System32\rastls.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F64AC68A00F37A69B87E01DB8E696800CC9225D9
MD5: f90a2f77cb88f8201a3ad783d7edb19c
Determination: GOOD

C:\WINDOWS\system32\CRYPTUI.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 5142AFD100A220AEFE57076D08D9310067F36935
MD5: 502a30e1a880124d7f71667e75be9688
Determination: GOOD

C:\WINDOWS\system32\WININET.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 8F9E6FFA00F645FE0E950A17A1595B00D082E203
MD5: 27966534a0820cd3bd988bd1517c8ff2
Determination: GOOD

C:\WINDOWS\System32\MPRAPI.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
PX5: F40536E000846CE4547B017CD7ABC100D153D57A
MD5: b61978022a65fac95b8e3817d5029870
Determination: GOOD

C:\WINDOWS\System32\RASAPI32.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 7E18516500FFE5CC9C5B03564D831C0011FCFEEB
MD5: 7ece54a6785e6a07ed02018a32b246e6
Determination: GOOD

C:\WINDOWS\System32\rasman.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 7F1D9BFF002D89D3F04E005C98AFF900ECE9EEA3
MD5: 79d87679f6f13f7f18062c39a3c5b38a
Determination: GOOD

C:\WINDOWS\System32\TAPI32.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: ECB3A62200F5E5E3C61D0271F9934A0018AE4A00
MD5: 9b53ce123c15e95de40592cfecec5a09
Determination: GOOD

C:\WINDOWS\System32\raschap.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6CBEE3D600A4FEB310F101DE8C083F003D6F721F
MD5: d7de6cd7a5f84909b12b7dbd7d93811d
Determination: GOOD

c:\windows\system32\schedsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5DDC4A3800A53317F204023D51875A00711FF5B5
MD5: 546254d4769e165cdc3388d74b201fcb
Determination: GOOD

C:\WINDOWS\System32\MSIDLE.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 892E25230047BFE41A2700448F955F00DB3FDA3D
MD5: 3dc13080f28f80ed5d31e20e226536a5
Determination: GOOD

c:\windows\system32\audiosrv.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 97A7792B000122A1A6A80092373D18006EB85382
MD5: 15ee9eff206daa73b9642fcd51a69bb1
Determination: GOOD

c:\windows\system32\wkssvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 7EE71DE000CB8C06046102E707BEAD00EAB7A0DE
MD5: b96429b547c29cfe65e0a31c53f4bb06
Determination: GOOD

c:\windows\system32\cryptsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 4924777000FF363CECB300E8D69F7300112A6AF8
MD5: e0cc838265401128097d182fb583889a
Determination: GOOD

c:\windows\system32\certcli.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 925C7DF9003B9C1200C5031520AB850028BB5515
MD5: 5f24a58d40870f8fe6cf7e15e73de146
Determination: GOOD

c:\windows\system32\es.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 8CFC4C9B007672F5B6D00383EE01A300F1E4D975
MD5: 16a4de76313dd3abf7635565baaf1512
Determination: GOOD

c:\windows\system32\ersvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 1075AE7B006257925A3B00E01F4D2400B15FB39E
MD5: ff547b3876b6e652431412345fb8ee11
Determination: GOOD

c:\windows\system32\dmserver.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: FABFF932000B9F155E610037E22ABC006B953D35
MD5: 499fff7bca07009a23447776286f0510
Determination: GOOD

c:\windows\pchealth\helpctr\binaries\pchsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5BE772A20028818F98B300E973AA5500998EE021
MD5: 03a7a19834e2a63c445b3ac5e73aab50
Determination: GOOD

c:\windows\system32\hidserv.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 96C7C37F003251D454A000B31B11EF0040F22E18
MD5: 3c924c33de25e8f01eeb3c6b8030e7bd
Determination: GOOD

c:\windows\system32\HID.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
PX5: 551CD37300F70F6C527C0010EC920400B756D4FA
MD5: 3b4e115a33a2bff0d74792d572f448dd
Determination: GOOD

c:\windows\system32\srvsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 04962F40002073267A0D01D01873E300127D7D3E
MD5: 82a782a17aaf3ad92811f5023a94181f
Determination: GOOD

c:\windows\system32\netman.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6E6B756F00C9FE25063E03CE96E58100C196B9F3
MD5: 4ad6f202266a25bc0cc1dce2a3d91563
Determination: GOOD

c:\windows\system32\netshell.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7007ACC7-3202-11D1-AAD2-00805FC1270E}	Connessioni di rete
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{992CFFA0-F557-101A-88EC-00DD010CCC48}	Connessioni di rete
PX5: F7F9A56A007CF701368C1AE01A3E1600E0C02A68
MD5: 4cc28de5620ace4f613b42a4f836dede
Determination: GOOD

c:\windows\system32\credui.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: E886FD9F0056D4F18254029213832F003DEFF647
MD5: 2d68af44b169d033545fa501b9ff4f30
Determination: GOOD

c:\windows\system32\WZCSAPI.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: EBF8733200CD9B7CCA4C0051E7642A0024707F2E
MD5: 28cddfdf8c30d886284f3549c4a8e284
Determination: GOOD

c:\windows\system32\seclogon.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5B80E36F00AA396B4A8300B7E7951D00D7AA4B2D
MD5: 241d074dab2a67d2d7616ce7c8b05650
Determination: GOOD

c:\windows\system32\sens.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 00AF89660086F69E989700E590F03600F597A8F5
MD5: 688be760c858e347a4e23186b725c86b
Determination: GOOD

c:\windows\system32\srsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F652BD0100BA7CC29C6202A16DDB5500C590261B
MD5: ba4e8ac9a60c4527c969d08f3abe9d36
Determination: GOOD

c:\windows\system32\POWRPROF.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
PX5: 31AB7E9C00B2127E4485007208C03300950D28C1
MD5: 41ff9d663219a1dd0397fe2c5b09436c
Determination: GOOD

c:\windows\system32\trkwks.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 906F8E37007C9B5A621D011F493B83005C29CC43
MD5: 6c7f265bd43a1d85103ec5cb1251d2b6
Determination: GOOD

c:\windows\system32\wbem\wmisvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: CEF9F3BC00C6E32738BF0260919AD800E787713F
MD5: a91acdd987dc3e0e1fcedda6f1ffef2a
Determination: GOOD

C:\WINDOWS\system32\VSSAPI.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: FAEC6BFB002AF8059230067AACCA280087EB5B02
MD5: b590f13f17409970a6994473eb98ef74
Determination: GOOD

c:\windows\system32\wuauserv.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 0799809A00702BD41AB400068A66AC0043C84727
MD5: 4cbb7cc975e5b67022a7f95dfc6ef9ec
Determination: GOOD

C:\WINDOWS\system32\wuaueng.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
MD5: 3eec20e41f5f331b94002970ceaec92f
Determination: GOOD

C:\WINDOWS\System32\WINHTTP.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8A8FE9C3008B23F25C3905D494C02C00D181B661
MD5: 5b4ec6c0fbacc85430ce3d6ae8563a0d
Determination: GOOD

C:\WINDOWS\System32\Cabinet.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 60605FEC005AB19AEA050033F1225300422702FD
MD5: 4d7708fd334c23e17400ca8327ce3d11
Determination: GOOD

C:\WINDOWS\System32\mspatcha.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 192CF4F3003C31E4769D0029DA080500F7D037E4
MD5: a434e5666a953f6a0406cc99b8b8c6a0
Determination: GOOD

c:\windows\system32\browser.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(default)	Personalizzazione del browser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{F6CFDF19-122B-E32D-CFAE-ECE0F8A57919}\(default)	Personalizzazione del browser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(default)	Personalizzazione del browser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{F6CFDF19-122B-E32D-CFAE-ECE0F8A57919}\(default)	Personalizzazione del browser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(default)	Personalizzazione del browser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{F6CFDF19-122B-E32D-CFAE-ECE0F8A57919}\(default)	Personalizzazione del browser
PX5: 9CDD0A4F005D0D9D2E6201C807EC76000E0D1CE8
MD5: 72fbf0322be8a0f25ae722fde36ab1e6
Determination: GOOD

c:\windows\system32\wscsvc.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B11BC224000C550D3E4B01F1618F6300676DF706
MD5: 17f70f4e37452a30c35565052ab68be9
Determination: GOOD

c:\windows\system32\ipnathlp.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP\DllName	ipnathlp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY\DllName	ipnathlp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP\DllName	ipnathlp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323\DllName	ipnathlp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT\DllName	ipnathlp.dll
PX5: 89882A6E0030CF0B12CE052A40AAE5009F9198F9
MD5: 1da364fa673e18bc1de8f5cdf3657dbd
Determination: GOOD

C:\WINDOWS\System32\Wbem\wbemcore.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: D34E2BC3004DE1451AED08DF0B2B620026599912
MD5: 2e9b41fdd71fddd9d596cf3fdf0a1fdd
Determination: GOOD

C:\WINDOWS\System32\Wbem\esscli.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: DE687FC600BAAC77C8B4030B6F14AB0094AE7226
MD5: 20938c6d287b27ab3f1fde53ff3507de
Determination: GOOD

C:\WINDOWS\system32\wbem\wmiutils.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 0BDBA5A5000A6748803F0102F9279500D2C1C9B2
MD5: bc664c7546ef5c1a5712e7b48af24741
Determination: GOOD

C:\WINDOWS\system32\wbem\repdrvfs.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: DAAC922100087395B4C8026D60ACD300B870E129
MD5: 41b4ed9f8d444ce09b6a1fe76ae22040
Determination: GOOD

C:\WINDOWS\system32\comsvcs.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6F57383100059B5E1A78136E055F2B009076402A
MD5: fc898b99db05094df3f0942dfb39ba79
Determination: GOOD

C:\WINDOWS\system32\MTXCLU.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 01D9FA2C00EC336504830130CDB57B0066308F3E
MD5: 0607fbfb19d8de4726f4188563dd0519
Determination: GOOD

C:\WINDOWS\system32\colbact.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 19B6371D00577611F4E200972AE21300251E5074
MD5: c5eb8e303fffc951b9d338f601cb2a28
Determination: GOOD

C:\WINDOWS\System32\CLUSAPI.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: F4F4A6AD001EC8C1E2C500B4FE61840054C0DDE3
MD5: c3b4cfba8936d0af25d5391f53f2da91
Determination: GOOD

C:\WINDOWS\System32\RESUTILS.DLL
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 6DFA47A500DAF26FE68800D61F5B31009BB0B65D
MD5: cad4191048f595a794e14cee31db06fd
Determination: GOOD

C:\WINDOWS\system32\wbem\wmiprvsd.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: DCBBBE7700F574BEAC5B06A359C30800D52199FA
MD5: d110a8cde08cc1d346814c814d32f2ed
Determination: GOOD

C:\WINDOWS\system32\wbem\wbemess.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 57BC20470030CEBC2E7C0420B5413100E2A61178
MD5: 1c4c78b5943ae143513dd1522e14926a
Determination: GOOD

C:\WINDOWS\system32\upnp.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 5CC09E6000F77B62063F026310FD670014E0CF2C
MD5: 7e7491c2cf7a0781c0004d2c5be71bc4
Determination: GOOD

C:\WINDOWS\system32\SSDPAPI.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B458C80C0094BE55886700FEA91CE300F0D01D10
MD5: 4ea31d2858780ddb446a9dc9b2d23c3d
Determination: GOOD

C:\WINDOWS\system32\wbem\ncprov.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 28C2B58B00AC779DB8320092176FE400CB94678D
MD5: 1b8923492b022438764dcf6bd8b0efa9
Determination: GOOD

C:\WINDOWS\system32\netcfgx.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 4F8DF8B4009990EE9C82091CBF6CD600CD59067D
MD5: ab06350510c1f68c7202703480f6ff17
Determination: GOOD

C:\WINDOWS\System32\rasmans.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: B74DD77D0086DE32A83C0202492A5E005A986AC3
MD5: ede7d761426cc2afff20a3a460f9c85e
Determination: GOOD

c:\windows\system32\tapisrv.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: D241AAE200E9E6AEC21203236372D7003EB38FD6
MD5: 2f8cba2d2a332eb5d2a7dc084e3b30b3
Determination: GOOD

C:\WINDOWS\System32\rastapi.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 699D459D008C3BC6E634009735DEBF004B936485
MD5: f4de764732e8f6028bb18aadd4912317
Determination: GOOD

C:\WINDOWS\System32\unimdm.tsp
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: BFCEE8FF0036A1F42CB803103A63E10078271DF9
MD5: 12c9c630fd867446d8b846c28454a45f
Determination: GOOD

C:\WINDOWS\System32\uniplat.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: D4A3FA58003A460436E500FC8F082200CAF4CCCF
MD5: 8bc01cbcdc4345a7367f2edcbaa4a07f
Determination: GOOD

C:\WINDOWS\System32\kmddsp.tsp
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: C200FF390086F832824F0082C924C70039E73BB5
MD5: 516447bbb1a13f72e98989580eeaeb36
Determination: GOOD

C:\WINDOWS\System32\ndptsp.tsp
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 9787C23000D76D69E07F0030C6CACA005BA7ED34
MD5: ff5cbcadd5833b484c773f7df16f13bf
Determination: GOOD

C:\WINDOWS\System32\ipconf.tsp
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: BB9887B4006414FA44B900C28BC43200412916D4
MD5: 4e2f02e1ba55160806ad42fee296f8b2
Determination: GOOD

C:\WINDOWS\System32\h323.tsp
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 72FD790F00B8268510FF046EA54C6E0080B1B5D1
MD5: ea96018804feb47c384efdb3d07e7eb9
Determination: GOOD

C:\WINDOWS\System32\hidphone.tsp
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 578102E800C1441976DD00BD8619300083827C0B
MD5: ea5c2c1f5f74a5660fb0f72e63861030
Determination: GOOD

C:\WINDOWS\System32\rasppp.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 69B8011C006A35C426B80310309570000552A536
MD5: 4a48edcab3b97997055ac533cafdb501
Determination: GOOD

C:\WINDOWS\System32\ntlsapi.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 182944C0006C52E520B8003B3C2E0700820D2E78
MD5: 8ed1589d9a626027e4faf24c149860e6
Determination: GOOD

C:\WINDOWS\System32\RASDLG.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 289AD96400BB9C934C7F0AD56A0D5500E683D618
MD5: d52a1298d47fa8652b30451855265f94
Determination: GOOD

C:\WINDOWS\system32\wups2.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8F8648A158D15CF4A9FE004434B05300230EE2A8
MD5: ceb1bd87fbcb5984bdf7dc0991a060b5
Determination: GOOD

C:\WINDOWS\system32\msxml3.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 58A2624500939316DE0712C7E1EE730028DA41A7
MD5: 410d428b92e82efc924fd9afaa640ca3
Determination: GOOD

C:\WINDOWS\system32\urlmon.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 4A82D0640009D6FB307B0995BA5D61003FB7F7BB
MD5: 193ee4259ef6c5a9d641cec0944581d7
Determination: GOOD

C:\WINDOWS\system32\advpack.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\StubPath	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\StubPath	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
PX5: 40DE446000D9DEB58E9C01A9A95DBB0000B29576
MD5: 486a0d63381b08d5a41f44e58fe3b4e4
Determination: GOOD

C:\WINDOWS\system32\wuapi.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: CDD35EBA58DB0AE863FB08B33BD0060031EAFA5A
MD5: edced3393985ed2d86641747edca53ae
Determination: GOOD

c:\windows\system32\wudfsvc.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: F6C5D2F000898E23D88C0044042EE500DEB7148F
MD5: ae93084d2d236887ba56467ae42b4955
Determination: GOOD

c:\windows\system32\WUDFPlatform.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 68EBF21300004703807D023B513C9C00752717BA
MD5: 904120aab6ef27b6af73c19d09eb2695
Determination: GOOD

c:\windows\system32\dnsrslvr.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 3AB739DC00686EC6B26F00A3B54A4300F767B865
MD5: 1a4ccb390093d1a6f0eec063f44aff31
Determination: GOOD

c:\windows\system32\lmhsvc.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 050B19680015AAE33629000A173BF5000631D061
MD5: 6e008b7eb9b67d555b5ee1c1091f3a7e
Determination: GOOD

c:\windows\system32\webclnt.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: DB971DA600E5CDC008BA01FF1B98B500F9F1371D
MD5: eba8dea9e279a9a50b608bff3cbc2cde
Determination: GOOD

c:\windows\system32\alrsvc.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 811BE0600048486C442300065BDCFA002D3B3F47
MD5: ad78b916b3cb2b7bca9503b929e534b9
Determination: GOOD

c:\windows\system32\regsvc.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 0038ECD50092146CEAE600DC41696F006EFFA138
MD5: 78fbe7da29307ede7ed0e33f1c4969bc
Determination: GOOD

c:\windows\system32\ssdpsrv.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: EFEEB4A70072CCE218E201A90823060000AE77FB
MD5: 1fbf38a525eedd7402bfa7e27236a64f
Determination: GOOD

C:\WINDOWS\system32\httpapi.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 94ABF9F30077024C6088002F3D561C00380DFCD1
MD5: 33b37fd8eeb6f19fbcae75c3645317a7
Determination: GOOD

C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Spooler\ImagePath	%SystemRoot%\system32\spoolsv.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler\ImagePath	C:\WINDOWS\system32\spoolsv.exe
PX5: 703F3D90006B0DE3E2430049B8FF4400BD40056F
MD5: 216f8454a9415dd3e451b169dc3121c4
Determination: GOOD

C:\WINDOWS\system32\SPOOLSS.DLL
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: EEC4C153008FC3AA248101F4B2E71800601A2E7A
MD5: dd90c59ef82d6cde5886b595ca8d8d8a
Determination: GOOD

C:\WINDOWS\system32\localspl.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 4416D740002AA3683E4E05C1EF102900643A9BD8
MD5: d5882abf5f3652acbf36c882ea4dc9a8
Determination: GOOD

C:\WINDOWS\system32\AdobePDF.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 0BFD05D5588D8D426EDF008397CFB0009451B378
MD5: 2fd3e73d3e00c3b00a236ff3adf9e401
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 6C82A3A300EB8CD49022098E20538200F3E7F8FE
MD5: 055309c927def2f09305ed0f3065cf66
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdistRes.ITA
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: C4AC2E4A009288C1004D0E428311A000FEE0FFFE
MD5: dd198b3cb8f188c735c11cb53f39404e
Determination: GOOD

C:\WINDOWS\system32\cnbjmon.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: ADFEA2D500C13C76C238009F710B75002AA8B844
MD5: a2660003f73982579ebfef1f6c2f6234
Determination: GOOD

C:\WINDOWS\system32\E_FLBCDE.DLL
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded from: FILE
PX5: 97A33FE30095DA7B2C5601F3E67C8B0098AFC700
MD5: a4ec6b9766e2a7faa77283697bc5c307
Determination: GOOD

C:\WINDOWS\system32\mdimon.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 4A580D5700F10E5846F3006043C178003D6E741C
MD5: cf0376023360aadd55c89ba50564afdc
Determination: GOOD

C:\WINDOWS\system32\pjlmon.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 84CFC62400E584133C01005DDEFEF70074DE7C99
MD5: bbd335eeabda429e2a4a401ae977accc
Determination: GOOD

C:\WINDOWS\system32\tcpmon.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 4DB1307F00B38383B4DE0091A261F900D73B20B9
MD5: 1417745d9156eed7c8b871a3f8a8f56d
Determination: GOOD

C:\WINDOWS\system32\usbmon.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 355B55CF00434C1C429F0037D7A64900612AB6C2
MD5: 1ae1cda7f68b0a8603a3117ae5f00b03
Determination: GOOD

C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 90B16E50005219F14AEA007FE239C5004092D249
MD5: 58e13a2292839321d3cdc918d5a4f5ae
Determination: GOOD

C:\WINDOWS\system32\win32spl.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 3EE5A7330005B84D903F019D6D465800D7DE2821
MD5: 660e56bc8c253b5b47dcc6560ccd62da
Determination: GOOD

C:\WINDOWS\system32\NETRAP.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: B3940B1900334CEB30F300847BE9340024D302E6
MD5: e7fc69c00bebc04daef86071822b2b89
Determination: GOOD

C:\WINDOWS\system32\inetpp.dll
	Loaded into: C:\WINDOWS\system32\spoolsv.exe
PX5: 84746D7B00F17DE826600104529E590058DFB441
MD5: be4ff5fbbc55dc3c2445377c50497f1f
Determination: GOOD

C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
PX5: D64C975F0052EAE6B0EC03CB00B14100F7CD4BC5
MD5: a6ea07a7d47c733d22b3f0dd6c393012
Determination: GOOD

C:\WINDOWS\system32\MSIMG32.dll
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: CB413D4600B070AF127100D0C427CA00FD59EFF9
MD5: 51f309aa675b5b77d19c573b7e0bb253
Determination: GOOD

C:\WINDOWS\system32\SHFOLDER.dll
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 209DE55C009ABDE8627700E93AF07200F7058D40
MD5: 8b205eb92b49d10055427365065357e8
Determination: GOOD

C:\Programmi\Logitech\SetPoint\lgscroll.dll
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: C58C771C0042605BAE6D00F1E47276005452C065
MD5: 30f8afac7f42a3a862e5d9ab48a88b95
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll
	Loaded into: C:\Programmi\File comuni\Stardock\SDMCP.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: BDFA7584005A9BE560AE0893E94DC600312D7A15
MD5: f33a2734000fc6d3dbae2e1337e2bb1f
Determination: GOOD

C:\WINDOWS\explorer.exe
	Loaded into: C:\WINDOWS\explorer.exe
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell	Explorer.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(default)	Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}\(default)	Guida di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\(default)	Strumenti di installazione di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\(default)	Internet Explorer 6
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{BD6A4E9F-17C0-364E-9993-843707251BDB}\(default)	Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}\(default)	Font principali di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(default)	Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}\(default)	Guida di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\(default)	Strumenti di installazione di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\(default)	Internet Explorer 6
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{BD6A4E9F-17C0-364E-9993-843707251BDB}\(default)	Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}\(default)	Font principali di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(default)	Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}\(default)	Guida di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\(default)	Strumenti di installazione di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\(default)	Internet Explorer 6
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{BD6A4E9F-17C0-364E-9993-843707251BDB}\(default)	Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}\(default)	Font principali di Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}\(default)	Mapping aree Internet Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\(default)	Personalizzazione Internet Explorer
PX5: 808EA479005E1672CAB70FD05C1DC9002A5B0A82
MD5: 178d42bd8fc34a9837417a6ce1d6bb7b
Determination: GOOD

C:\WINDOWS\system32\BROWSEUI.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E6AB780-7743-11CF-A12B-00AA004AE837}	Barra degli strumenti Microsoft Internet
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{22BF0C20-6DA7-11D0-B373-00A0C9034938}	Stato del download
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91EA3F8B-C99B-11d0-9815-00C04FD91972}	Shell Folder accresciuto
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6413BA2C-B461-11d1-A18A-080036B11A03}	Shell Folder 2 accresciuto
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F61FFEC1-754F-11d0-80CA-00AA005B4383}	BandProxy
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BA4C742-9E81-11CF-99D3-00AA004AE837}	Microsoft BrowserBand
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30D02401-6A81-11d0-8274-00C04FD5AE38}	SearchBand
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}	Ricerca all'interno
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{07798131-AF23-11d1-9111-00A0C98BA67D}	Ricerca Web
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AF4F6510-F982-11d0-8595-00AA004CD6D8}	Utilit. opzioni della struttura del Registro di sistema
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01E04581-4EEE-11d0-BFE9-00AA005B4383}	&Indirizzo
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A08C11D2-A228-11d0-825B-00AA005B4383}	Address EditBox
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00BB2763-6A77-11D0-A535-00C04FD7D062}	Completamento automatico Microsoft
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7376D660-C583-11d0-A3A5-00C04FD706EC}	TridentImageExtractor
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6756A641-DE71-11d0-831B-00AA005B4383}	Elenco di Completamento automatico MRU
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}	Elenco di Completamento automatico MRU personalizzato
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7e653215-fa25-46bd-a339-34a2790f3cb7}	Accessibile
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{acf35015-526e-4230-9596-becbe19f0ac9}	Indicatore di avanzamento popup
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00BB2764-6A77-11D0-A535-00C04FD7D062}	Elenco di Completamento automatico della Cronologia di Microsoft
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{03C036F1-A186-11D0-824A-00AA005B4383}	Elenco di Completamento automatico di Shell Folder di Microsoft
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00BB2765-6A77-11D0-A535-00C04FD7D062}	Contenitore dell'elenco di Completamento automatico multiplo Microsoft
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}	Shell Band Site Menu
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}	Shell DeskBarApp
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}	Shell DeskBar
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}	Shell Rebar BandSite
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}	Assistenza utente
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}	Impostazioni cartella globale
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{438755C2-A8BA-11D1-B96B-00A0C90312E1}	Precaricatore Browseui
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8C7461EF-2B13-11d2-BE35-3078302C2030}	Daemon di cache delle categorie di componenti
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}	.......
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}	.......
PX5: 21DE0C1E00286C5086FC0F3BED777100FCA597FC
MD5: aacd7af37c47d6a8484c6cc91a2ebd11
Determination: GOOD

C:\WINDOWS\system32\SHDOCVW.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}	Set Program Access and Defaults
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}	Cerca
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}	Guida in linea e supporto tecnico
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}	Guida in linea e supporto tecnico
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}	Esegui...
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}	Internet
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}	Posta elettronica
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D20EA4E1-3957-11d2-A40B-0C5020524152}	Tipi di carattere
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D20EA4E1-3957-11d2-A40B-0C5020524153}	Strumenti di amministrazione
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFA24E61-B078-11d0-89E4-00C04FC9E26E}	Favorites Band
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A89A860-D7B1-11CE-8350-444553540000}	Shell Automation Inproc Service
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}	Shell DocObject Viewer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}	Microsoft Browser Architecture
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FBF23B40-E3F0-101B-8488-00AA003E56F8}	InternetShortcut
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}	Servizio Cronologia Url Microsoft
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF393560-C2A7-11CF-BFF4-444553540000}	Cronologia
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}	File temporanei Internet
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}	File temporanei Internet
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}	Hook per la ricerca di URL Microsoft
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}	Schermata iniziale applicazioni Internet Explorer 4
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67EA19A0-CCEF-11d0-8024-00C04FD75D13}	CDF Extension Copy Hook
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{131A6951-7F78-11D0-A979-00C04FD705A2}	ISFBand OC
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9461b922-3c5a-11d2-bf8b-00c04fb93661}	Search Assistant OC
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}	Internet
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{871C5380-42A0-1069-A2EA-08002B30309D}	Internet Name Space
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}	Explorer Band
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\CDF\(default)	{67EA19A0-CCEF-11d0-8024-00C04FD75D13}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\CDF\(default)	{67EA19A0-CCEF-11d0-8024-00C04FD75D13}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}\BarSize
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\BarSize
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\BarSize
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\CLSID	{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\CLSID	{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\CLSID	{E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\CLSID	{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
PX5: DE7BBE0100F3689BA480161FA5C20900FE795A42
MD5: 4871eaa61bef8c94826c73842795977a
Determination: GOOD

C:\WINDOWS\system32\AcSignIcon.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}	Gestore icona firma digitale di AutoCAD
PX5: 97C73CDF68ED8AB6D46F027F8390E100EFCACFB7
MD5: f29937a86031341fc60ce316d7f88881
Determination: GOOD

C:\WINDOWS\system32\themeui.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\StubPath	%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41E300E0-78B6-11ce-849B-444553540000}	PlusPack CPL Extension
PX5: BAC50787005D6D22F49E05A57642CD002A91E075
MD5: 0f7bfe3ef3fc33fd598427c015bb8b5d
Determination: GOOD

C:\WINDOWS\system32\actxprxy.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 007947C1003133828EF901D865E09C00F6A66BF3
MD5: cac8ce72845461a8c6818071d923fc89
Determination: GOOD

C:\Programmi\Windows Media Player\wmpband.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 32BFA075008265E0547401C90665270069FEF13D
MD5: 8339741bd4022fea53ba5d340df50593
Determination: GOOD

C:\WINDOWS\system32\LINKINFO.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 0F5B6BDF001D44C44A1600B3F3AA9500B78D17FC
MD5: aed27a44228c3b2d24406a2755133922
Determination: GOOD

C:\WINDOWS\system32\ntshrui.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}	Estensioni shell per la condivisione
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}	Estensioni shell per la condivisione
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Sharing\(default)	{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\Sharing\(default)	{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\Sharing\(default)	{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\Sharing\(default)	{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\Sharing\(default)	{40dd6e20-7c17-11ce-a804-00aa003ca9f6}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\Sharing\(default)	{40dd6e20-7c17-11ce-a804-00aa003ca9f6}
PX5: 5EB8DF8A0005A80F3870025CC8B2C100D6ECC82F
MD5: 64e0c77faf1a30547739580eb5f3aacf
Determination: GOOD

C:\Programmi\File comuni\Autodesk Shared\AcSignCore16.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 31F9D55C6891CE15D61D05E89E214100FE73B312
MD5: f49821b3d4392cf4e9620ff417c6c149
Determination: GOOD

C:\Programmi\File comuni\Stardock\MCPCore.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient	{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
PX5: 89FF004300FEE3D650B00152430779007FC69222
MD5: e0475dbae1d9e5f229acb3e1dc1264c2
Determination: GOOD

C:\WINDOWS\system32\webcheck.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}	WebCheck
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}	Subscription Mgr
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5175861-2688-11d0-9C5E-00AA00A45957}	Cartella Subscription
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08165EA0-E946-11CF-9C87-00AA005127ED}	WebCheckWebCrawler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}	WebCheckChannelAgent
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}	TrayAgent
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D559C10-9FE9-11d0-93F7-00AA0059CE02}	Code Download Agent
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}	ConnectionAgent
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8BD2030-6FC9-11D0-864F-00AA006809D9}	PostAgent
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}	WebCheck SyncMgr Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
PX5: 7A671D1200F332C4486E04DF4339C300F2AAD0B7
MD5: 9adae07a13e295a98f5ee7726354c28f
Determination: GOOD

C:\WINDOWS\system32\stobject.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray	{35CEC8A3-2BE6-11D2-8773-92E220524153}
PX5: 54D80CDC00F43E2DDE26016C15CB850052548DBB
MD5: 6474c3d1c136c60291b8a5ee9ed1735b
Determination: GOOD

C:\WINDOWS\system32\BatMeter.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 73074F1200F9F02570C400FC5F48D3002E4325D8
MD5: 66db9d9ca443d7c8c9222bff72f61acf
Determination: GOOD

C:\WINDOWS\system32\WPDShServiceObj.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WPDShServiceObj	{AAA288BA-9A4C-45B0-95D7-94D524869DB5}
PX5: F46398C600DF6958CC1600B8147EB60085C12F66
MD5: 8f9a244a9e6d7c3566c9c6b064d8767c
Determination: GOOD

C:\WINDOWS\system32\mydocs.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECF03A33-103D-11d2-854D-006008059367}	MyDocs Copy Hook
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECF03A32-103D-11d2-854D-006008059367}	MyDocs Drop Target
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4a7ded0a-ad25-11d0-98a8-0800361b1103}	MyDocs Properties
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\MyDocuments\(default)	{ECF03A33-103D-11d2-854D-006008059367}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\MyDocuments\(default)	{ECF03A33-103D-11d2-854D-006008059367}
PX5: 57E2829600BA664D643501A4D8468A0095362A02
MD5: 0e34ad97f42004e23da845ff4f822090
Determination: GOOD

C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}	Nokia Phone Browser
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\Nokia\(default)	{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\CopyHookHandlers\Nokia\(default)	{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
PX5: 955D6D9400F44D159694089F7513D900A232EE2E
MD5: 600d719d720715b28c3234c624e95bab
Determination: GOOD

C:\Programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: ABA7BB7200052B8D10530A68ACAB8E00BC29112A
MD5: 0e51263ea765f9ab45aa8f04cadb22b9
Determination: GOOD

C:\WINDOWS\system32\OLEPRO32.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 4451C5BD00B67BC2466601954AF9C000130A3600
MD5: cb6b225cc6c85cda0430ef12441ea5b6
Determination: GOOD

C:\WINDOWS\system32\MSVCP71.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
MD5: 561fa2abb31dfa8fab762145f81667c2
Determination: GOOD

C:\WINDOWS\system32\MSVCR71.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
MD5: 86f1895ae8c5e8b17d99ece768a70732
Determination: GOOD

C:\Programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: A8F2BFB500B3228F76E200728CABF700664BAC93
MD5: 968994b0f161cd318c83bbec6907d7f0
Determination: GOOD

C:\Programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 5784310000147B7E4C2C08BC5269A00000BE07D8
MD5: b058e4e76a4524dc13fc44b7829fee5f
Determination: GOOD

C:\WINDOWS\system32\PortableDeviceTypes.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 137E048C00987280949A029AC62EEC004C4E7E48
MD5: 4bdc14b0f6bd56890a94dfced95bf878
Determination: GOOD

C:\WINDOWS\system32\PortableDeviceApi.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 7F4EDD970016C19C463C051E055AF800D47EF69E
MD5: 2ac9726b2ad5d32693819fd4280cf9c6
Determination: GOOD

C:\WINDOWS\system32\ssqpq.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded from: FILE
PX5: EC7194190063065DF42304283A40CA001E1A26EB
MD5: 51f1a6b5b3ae09313873f558bf57afa3
Determination: BAD
Malware Group: Trojan.Vundo

C:\Programmi\Stardock\ObjectDock\DockShellHook.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 8F1C36E700B7EDE65067001FB678A100EEBB979C
MD5: 81132f64df34353c04943d6dd5f37501
Determination: GOOD

C:\WINDOWS\system32\sensapi.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 945479A500423FB71A9A004C020A3B0024ABF6B3
MD5: 344e594bb748d4f828211a7c9cea0829
Determination: GOOD

C:\Programmi\C6 Messenger\KBAbsent.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: B35C5530001A0816182100412CC1B200A5AA3D38
MD5: 07c1b1e59bcc611b72303f42656c6394
Determination: GOOD

C:\WINDOWS\System32\drprov.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: BB8EDCE2008403A638800074FD083400905C26EC
MD5: 4f32c69e05ae35fc609218e94b0df5d9
Determination: GOOD

C:\WINDOWS\System32\ntlanman.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: FCEBCD7A009905FEAA4200960455950080D2A1BD
MD5: d72c81e7f4986beb202813fc743af8d7
Determination: GOOD

C:\WINDOWS\System32\NETUI0.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 074187360063FEE5400A014D6C2C430053ABE349
MD5: 9fe57c0551c88667b8fbde49bd399144
Determination: GOOD

C:\WINDOWS\System32\NETUI1.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: A4DAD8A200850E09C097034C744E770099F86FBA
MD5: a5ca0066df5a68d4a7403f2e32d620d8
Determination: GOOD

C:\WINDOWS\System32\davclnt.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 5E0DDE0C0099E131624800B42D603500DF9BC5AA
MD5: fa5791230a59dcc0f1bb0b0a193375a7
Determination: GOOD

C:\WINDOWS\system32\browselc.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: EA63F88500B471270C9A01309A4A800054BE305C
MD5: 03163d2cd97c11514f29987971f50a13
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: EEECA2A200AE193420E61AFE5130B8009DDBAA0F
MD5: 100136f3c317b3fbffd33b9409aed1c3
Determination: GOOD

C:\WINDOWS\system32\DUSER.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 576588D800DB533AA46504C81FA1F900F6700574
MD5: 0e316ff410e9a5bca1bd1794dece800f
Determination: GOOD

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: D581665A000C981EC0E1044D188D40005CCA75A7
MD5: 25faf84103db2f272835337a4391173c
Determination: GOOD

C:\WINDOWS\system32\mscms.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: 940A8DEF003B85F62032012B04469D0069AD5188
MD5: 2b811f5594ea174b8cb31cedc8141e6c
Determination: GOOD

C:\WINDOWS\system32\shmedia.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}	Audio Media Properties Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}	Video Media Properties Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4B29F9D-D390-480b-92FD-7DDB47101D71}	Wav Properties Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}	Avi Properties Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6FD9E45-6E44-43f9-8644-08598F5A74D9}	Midi Properties Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{c5a40261-cd64-4ccf-84cb-c394da41d590}	Video Thumbnail Extractor
PX5: 6F935BCA00698E3154450276A47BF4000FC59B48
MD5: bf30bb4d33afa9e7e33f82f7de84f18c
Determination: GOOD

C:\WINDOWS\system32\MSVFW32.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 4870710600DDCA90DC7001F6C351A000C502322F
MD5: 35de518c32e4d878a250301a8f2eee08
Determination: GOOD

C:\WINDOWS\system32\AVIFIL32.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 3FE30B9700E394E34E7B016A00BC3A002FF2247D
MD5: 59be4fc08de41953a9dee7b47eecb8cd
Determination: GOOD

C:\WINDOWS\system32\wmvcore.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: BEE5F4F600B9B47D984E25ACB3D2BB008E91C097
MD5: b8fbf90dea0c1aad6d26016ff1cbe615
Determination: GOOD

C:\WINDOWS\system32\WMASF.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 732B24D10053EEFF621803F9386C7B00FAABF061
MD5: 62c043676f177cd957d4a3840121db6b
Determination: GOOD

C:\WINDOWS\system32\mlang.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: A0FB8BA50045A9FEF20208062C04B3005F96B032
MD5: f036bc2525f8701628abb0a550c1c692
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.ita
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: 5C8A921D0036E8AB406705333051C300BDCD1138
MD5: 5a9b0af5c5cda326a12e954c28264296
Determination: GOOD

C:\WINDOWS\system32\wmp.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: F518A42F00B55CD79CDE9E420AE3470054FC3D78
Determination: GOOD

C:\WINDOWS\system32\dbghelp.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: CA15549600DD8409C430096381351D009D50E233
MD5: 87fb429e335a273c6d789377b4c94d39
Determination: GOOD

C:\WINDOWS\system32\wmploc.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 33E0DC9400CEF2E176C1768E62D72900BB8AA0A4
Determination: GOOD

C:\WINDOWS\system32\wmpps.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 25452B52004E4610128502B7667E7500818ACA3A
MD5: e6c1eb8ef77fd8c79089c7b88cd1fe21
Determination: GOOD

C:\WINDOWS\system32\jscript.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 25C224220005C0ADE0CC06D3B6FAB3002AF05B22
MD5: bffc5e126086e5c5d306daa40b81270b
Determination: GOOD

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(default)
PX5: 43FC1F718034B0CAF2E7007A2CAFD0009BF22C42
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a
Determination: GOOD

C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP\InternetExplore	Called
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP\FileExplorer	Called
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP\FileBrowser	Called
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Toolbar\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}	.
PX5: D6BA9E3F006339FCA0A905099A5CD000B0A9EBAA
MD5: 01319cf4030b3740ba8261e7024acad1
Determination: GOOD

C:\WINDOWS\system32\wmpshell.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8DD448E6-C188-4aed-AF92-44956194EB1F}	Windows Media Player Play as Playlist Context Menu Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}	Windows Media Player Burn Audio CD Context Menu Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}	Windows Media Player Add to Playlist Context Menu Handler
PX5: C02F011D0066A2BC7EF501E7B5DA7C001FF766BA
MD5: ba8c78ac39008954338f595163272a70
Determination: GOOD

C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42042206-2D85-11D3-8CFF-005004838597}	Microsoft Office HTML Icon Handler
PX5: 9A454C88383E02BC06ED01134822DA00C01DA356
MD5: 165ae7a443f2139dd2c078ad87699f91
Determination: GOOD

C:\Programmi\a-squared Free\a2freecontmenu.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A155339D-CCCD-4714-85EB-3754B804C9DF}	a-squared Free Shell Extension
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\a-squared Free Shell Extension\(default)	{A155339D-CCCD-4714-85EB-3754B804C9DF}
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\a-squared Free Shell Extension\(default)	{A155339D-CCCD-4714-85EB-3754B804C9DF}
PX5: 2DC32EDD909DF5714C2B03139648A400FFC160C8
MD5: 80bef750167f69aeeeebc229e37fdcc3
Determination: GOOD

C:\Programmi\WinRAR\rarext.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	WinRAR shell extension
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\DragDropHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\DragDropHandlers\WinRAR\(default)	{B41DB860-8EE4-11D2-9906-E49FADC173CA}
PX5: B55F772E0036CB34DC3901BFDAD6690027B33756
MD5: f9a7c44df7e5b5175be294c8f5a5385f
Determination: GOOD

C:\Programmi\Eset\nodshex.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B089FE88-FB52-11D3-BDF1-0050DA34150D}	NOD32 Context Menu Shell Extension
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(default)	{B089FE88-FB52-11d3-BDF1-0050DA34150D}
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(default)	{B089FE88-FB52-11d3-BDF1-0050DA34150D}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(default)	{B089FE88-FB52-11d3-BDF1-0050DA34150D}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(default)	{B089FE88-FB52-11d3-BDF1-0050DA34150D}
PX5: 2617508900DBAF87E02300B1CBAC180009205B8D
MD5: 6822cd15f0d9e3a4e6440d475da44a4d
Determination: GOOD

C:\Programmi\Eset\pr_nod32.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 2C2B552100FD2A555098002DDDE82A005001986F
MD5: 3ef80e5f63fa042b156e9853248564d3
Determination: GOOD

C:\Programmi\Eset\pu_nod32.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 70893260006DA6F760C401AA9A2A300032A8509D
MD5: 770a5082160464b11e779a01b64976ef
Determination: GOOD

C:\WINDOWS\system32\MFC42u.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: D448490300AE99E9A0180FF338297C0015711DB6
MD5: 28179a5e9ec4a0e3a9e5b24982f8403c
Determination: GOOD

C:\WINDOWS\system32\MFC42LOC.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 50EC1EAC0042F609E0B8000596D265006CAB3F5E
MD5: 4e03135c6b43689649293d6ca6c73dd0
Determination: GOOD

C:\Programmi\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\EPPShellEx\(default)	{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\EPPShellEx\(default)	{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
PX5: BE37F92C0092B268109C01D7F1BC1800B9F56F0A
MD5: 5e009cf8cb2ab33e1ba2856cf2231a6d
Determination: GOOD

C:\WINDOWS\system32\MFC42.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: FD5A337B00529124B0D80F421E82790041341A00
MD5: 0ddd564836a87ea1c3232b48ff0e221c
Determination: GOOD

C:\Programmi\File comuni\Autodesk shared\dwf common\DWFShellExtension.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Autodesk.DWF.ContextMenu\(default)	{6C18531F-CA85-45F7-8278-FF33CF0A5964}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Autodesk.DWF.ContextMenu\(default)	{6C18531F-CA85-45F7-8278-FF33CF0A5964}
PX5: 46375EE070CCDA068C941B6ABA5166009CDE7180
MD5: 9dda4705c610d504167d093783161cdd
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}	Adobe.Acrobat.ContextMenu
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu\(default)	{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu\(default)	{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu\(default)	{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu\(default)	{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
PX5: 4B154EAF80495E13564A0A9F949125003FD69BA0
MD5: 3ec94134530bf5dd1f94d2f1206609c7
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: 60CA748D003B366F7CB010284E380400F86D69A3
MD5: 6a9307604579161a739d79ffacf7d31b
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80ITA.DLL
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: C74297D100D4EC3FF0EE006709492A00060E5B2C
MD5: cbfd0a6664880e7a76f0b67181409e66
Determination: GOOD

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(default)	PDF Column Info
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(default)	PDF Column Info
PX5: 8C22B1270080452CB0520538F9A2700042807472
MD5: 2094bc9a0fc9c0e15eea5f4a9581dd14
Determination: GOOD

C:\WINDOWS\system32\wzcdlg.dll
	Loaded into: C:\WINDOWS\Explorer.EXE
PX5: FDC5ABBF00DE72F2C818054EFDC634000861176E
MD5: 362d2868e6c48fbc6581b16af55e2ad1
Determination: GOOD

C:\Programmi\a-squared Free\a2service.exe
	Loaded into: C:\Programmi\a-squared Free\a2service.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\a2free\ImagePath	"C:\Programmi\a-squared Free\a2service.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\a2free\ImagePath	C:\Programmi\a-squared Free\a2service.exe
PX5: 261F85B07012BE24983C05D5921854007AC7A1F6
MD5: ba5e0d7b806c94ec73456754f96263af
Determination: GOOD

C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded into: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Autodesk Licensing Service\ImagePath	"C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Autodesk Licensing Service\ImagePath	C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
PX5: 0175DFD17843BBE930390145719CCE0043DAA6BD
MD5: 32a5defddc3562bf89d73586f5915b34
Determination: GOOD

C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded into: C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Bonjour Service\ImagePath	C:\Programmi\Bonjour\mDNSResponder.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Bonjour Service\ImagePath	C:\Programmi\Bonjour\mDNSResponder.exe
PX5: 2CBE3E9F00938A9E8020038544862100384CBF16
MD5: 73686fe0b2e0469f89fd2075be724704
Determination: GOOD

C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded into: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\mi-raysat_3dsmax8\ImagePath	C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mi-raysat_3dsmax8\ImagePath	C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
PX5: 3C9A2E0C00033CD7007E017873A62000DD647171
MD5: aa0c4a2c33ce075df2c272d678734991
Determination: GOOD

C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NOD32krn\ImagePath	"C:\Programmi\Eset\nod32krn.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NOD32krn\ImagePath	C:\Programmi\Eset\nod32krn.exe
PX5: 0290662D00CD77F4900D07BB4CE52A0040C6D208
MD5: 4f26ea0ac32417a6f364ae55df46ab02
Determination: GOOD

C:\Programmi\Eset\nod32krr.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 2C2B552100FD2A55D098002DDDE82A00E105A98A
MD5: e744f6d492e690df032601750d032e29
Determination: GOOD

C:\Programmi\Eset\ps_amon.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 89057F6600EB7605E06E02B4FC6B1400942648B1
MD5: fbdf047906b3ea6f0c583ba0c028e359
Determination: GOOD

C:\Programmi\Eset\pr_amon.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 2C2B552100FD2A558098002DDDE82A0034C39296
MD5: 7112fe73119b99fc9306a938e961b18a
Determination: GOOD

C:\Programmi\Eset\ps_dmon.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 79F373C2005D773340E1029E88D90B0082BF06A5
MD5: bf79d12cd35868a0a1128673350e8066
Determination: GOOD

C:\Programmi\Eset\pr_dmon.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 2C2B552100FD2A555098002DDDE82A0040F173F1
MD5: 4c4e64addcb06b7602e266dbade8af99
Determination: GOOD

C:\Programmi\Eset\ps_emon.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: C4B6BE7F00AB6627D06E021F36F5BE008A5AD980
MD5: ec94fca2f68ea3a4a939b756bca34970
Determination: GOOD

C:\Programmi\Eset\pr_emon.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 2C2B552100FD2A55F098002DDDE82A009E873256
MD5: 4298e4049064ba38d1e2238d31725d9d
Determination: GOOD

C:\Programmi\Eset\ps_nod32.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 10A803DA003AB6CE70BD0294CAE7A3007479FDB4
MD5: 5c8a084d22057556a6f729c66b0562a3
Determination: GOOD

C:\Programmi\Eset\ps_upd.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
PX5: 95DDDD7A006FD21AC0F704CD0179210045D162D9
MD5: 36b2ed7b327fa956f4b72d7dcfe6a858
Determination: GOOD

C:\Programmi\Eset\pr_upd.dll
	Loaded into: C:\Programmi\Eset\nod32krn.exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 2C2B552100FD2A55C098002DDDE82A00232CA480
MD5: 009cd1fed30f13705868346741ff7aea
Determination: GOOD

C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NVSvc\ImagePath	%SystemRoot%\system32\nvsvc32.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NVSvc\ImagePath	C:\WINDOWS\system32\nvsvc32.exe
PX5: 5FB8B45744AF5F2A90CB020684DF4400CC6480D7
MD5: 91a269db0767ce36c6efd23d118bbb8f
Determination: GOOD

C:\WINDOWS\system32\nvapi.dll
	Loaded into: C:\WINDOWS\system32\nvsvc32.exe
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
PX5: 2DD2F167003C944B306B049C4A45C400B9E5311E
MD5: f89f06f7e8152e592eb6d88759d11767
Determination: GOOD

c:\windows\system32\wiaservc.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: 8513A5980082F62718F005D84CE75600A840A9D9
MD5: 2bb718bb4252909c389b3966492b0f30
Determination: GOOD

c:\windows\system32\CFGMGR32.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
PX5: 74C69D7C00EDC85142F6003C4DC9A1006D7B8195
MD5: 15797c5aa673590064348a025a5f17d9
Determination: GOOD

C:\WINDOWS\system32\wiavusd.dll
	Loaded into: C:\WINDOWS\system32\svchost.exe
PX5: CC2C64DB009D9F813874022307DBEE003E1E8A5C
MD5: dae4e1ad7cf2aa78424bd2b6bf2db366
Determination: GOOD

C:\VEXPLITE\viritsvc.exe
	Loaded into: C:\VEXPLITE\viritsvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\viritsvclite\ImagePath	C:\VEXPLITE\viritsvc.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\viritsvclite\ImagePath	C:\VEXPLITE\viritsvc.exe
PX5: 99B91105000383E1E0E4001DC9D21100AEA06448
MD5: 1b4a565ffc9a7fc4d659ce82199c1f3e
Determination: GOOD

C:\WINDOWS\system32\alg.exe
	Loaded into: C:\WINDOWS\system32\alg.exe
	Loaded into: C:\WINDOWS\System32\alg.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ALG\ImagePath	%SystemRoot%\System32\alg.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ALG\ImagePath	C:\WINDOWS\System32\alg.exe
PX5: A1E5D90F00A84BB2AEC200E087F3A200AB0BF90E
MD5: d4a42bf3c11302aa3ccd857034ef1e54
Determination: GOOD

C:\WINDOWS\RTHDCPL.exe
	Loaded into: C:\WINDOWS\RTHDCPL.exe
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\RTHDCPL	RTHDCPL.EXE
PX5: A4F6625A0086036B12ADF64601750300C934F791
Determination: GOOD

C:\WINDOWS\system32\DSOUND.DLL
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: E5087FD800F9DAEF9CF20543474A2400CFECBDBE
MD5: e99a5df2a937580361d6c698e4620dba
Determination: GOOD

C:\WINDOWS\system32\HHCTRL.OCX
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
PX5: 536E66420094F1290AFC08CDABA689005F36ACA7
MD5: baef0fa3fdadd775961b60e7b467b447
Determination: GOOD

C:\WINDOWS\system32\mui\0010\HHCTRLui.dll
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
PX5: BA28999700DF7F81607B01C7951F4A005B77C7B8
MD5: 126a1b4a38bdeeb1cdf0e06e5a547669
Determination: GOOD

C:\WINDOWS\system32\KsUser.dll
	Loaded into: C:\WINDOWS\RTHDCPL.EXE
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: AAD6D56F00EC2271104D0037883D3E00B79BCD14
MD5: fbbb356a996903ffb831bf72fd2a3e85
Determination: GOOD

C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded into: C:\WINDOWS\system32\rundll32.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet	rundll32 shell32,Control_RunDLL "sysdm.cpl"
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\StubPath	RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\StubPath	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\StubPath	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\StubPath	C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}	Autoplay for SlideShow
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}	Windows Live Photo Gallery Autoplay Drop Target
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}	Windows Live Photo Gallery Viewer Drop Target
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F374B7-B390-4884-B372-2FC349F2172B}	Windows Live Photo Gallery Editor Drop Target
PX5: 797CA9E8007174E38209003396ABA600D9E79205
MD5: f88cdb0ccc416b3778736be74cdebb94
Determination: GOOD

C:\WINDOWS\system32\NvMcTray.dll
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
PX5: 1E5CC24A00673165400101B8A13AB2002FDAD499
MD5: 1e9b75f274424e536a3da9ccf6325a48
Determination: GOOD

C:\WINDOWS\system32\NVRSIT.DLL
	Loaded into: C:\WINDOWS\system32\RUNDLL32.EXE
PX5: 8FE5D3D700157EEA408D04613975E9001BA458CF
MD5: cd26347ea15ee085e761f7137a74f247
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Acrobat Assistant 8.0	"C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
PX5: 34099F5300034EBB928B0EA44C028F00EFC18740
MD5: 6db7532dcdb6322550d0e338de0999b6
Determination: SUSPICIOUS

C:\Programmi\Eset\nod32kui.exe
	Loaded into: C:\Programmi\Eset\nod32kui.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui	"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
PX5: 34099F5300034EBB6E8B13A44C028F00CD08BF07
MD5: 3e272cd707cdebcd5d1fb57c5ba883d9
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\LogitechCommunicationsManager	"C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
PX5: 34099F5300034EBB2C8B0DA44C028F00BAAB095C
MD5: 31db88211ed92ce8aecd9fef0f3466c9
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\LVCOMSX	"C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
PX5: 34099F5300034EBBC48B08A44C028F00627B292D
MD5: 39cf07eb77110e4ff680f0dda2b204a7
Determination: GOOD

C:\Programmi\Eset\nod32kui .exe
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 6D89CE4E00615A0900900EDBDF5C3800128B2253
MD5: 837932d4e6aed69c0dcb2fa73a0da8be
Determination: GOOD

C:\Programmi\Eset\nod32rui.dll
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 2C2B552100FD2A559098012DDDE82A0077E709AC
MD5: 973bc8ebc69c28640b7e430f57ad4612
Determination: GOOD

C:\Programmi\Eset\pu_amon.dll
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 172678A000F99395002A02889D26D400DCEB4DEF
MD5: a3a35abf274d643064e7307f3da709ef
Determination: GOOD

C:\Programmi\Eset\pu_dmon.dll
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 7E1FDD6E008E91B190C3023492C6AB002FE3137F
MD5: fb038d1d67281a31e67a7e237e627f1b
Determination: GOOD

C:\Programmi\Eset\pu_emon.dll
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: F31FED9000F9E4C530DF02F435B7E800CD1C1F5E
MD5: cb07ee2407cba3a0d8c63950cd3b4358
Determination: GOOD

C:\Programmi\Eset\pu_imon.dll
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: 0716CB7C00B27042D0A202F4051E2300B38F5283
MD5: 57eaae4185240d48ac77f20266fa242a
Determination: GOOD

C:\Programmi\Eset\pu_upd.dll
	Loaded into: C:\Programmi\Eset\nod32kui .exe
PX5: CFAAD14B003074BCC05E02AE758D04005D5ABACB
MD5: 320470694642dda5e518e45b9bfef713
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: C7CD22FD78619BB076CB09ABAC8FD50082F11DB4
MD5: a21e70b4f972ca396a80013d0d436350
Determination: GOOD

C:\WINDOWS\system32\OLEACC.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 81D38A4800E8D21B7EF202F4F2585B00DE902D48
MD5: 15a45dca16f54ac02443b4e5cc5b1088
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: 3622C3DB0027182442140E1F04F53D0016F5A06B
MD5: 6f2e09108202e5eb008c69488fafd27c
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\asneu.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: EA7E835D00E41096F06501921A6C3600293FC6DB
MD5: 4b88bd98983a2cd9be90f368b4f59f0a
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: A8B8BBB0004C49F7488605C045AD3400284F93F2
MD5: 3fb0f47b4c0c048ee97b0e2b4ff9c67d
Determination: GOOD

C:\WINDOWS\system32\oledlg.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: 0F4248FC00565555D4D101CBEA69C700971E3F45
MD5: 83a7ef9bd97588857f702f7405ccf03c
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: 2032D5200001C4C0401803B70E434500E8CCCEEE
MD5: de519c164f3300d83f4efb4a23dad2ac
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
	Loaded into: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PX5: C62082F90094DF97300F03709E385B0016DC20C6
MD5: 4970cda5fc955a8a0b6eaee92bbd22ab
Determination: GOOD

C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr.Exe
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr	"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
PX5: 34099F5300034EBB128B5CA44C028F005527E7A4
Determination: GOOD

C:\Programmi\eMule\emule.exe
	Loaded into: C:\Programmi\eMule\emule.exe
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\eMuleAutoStart	C:\Programmi\eMule\emule .exe -AutoStart
PX5: 34099F5300034EBB2C8B5CA44C028F00AA172E7F
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
PX5: A3BEC41E28507EEABB11030799532600650C54D0
MD5: b1a430eea7a9ee2372a93e9414935129
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
PX5: 013BED7228DD30D48B2805794F4A970055D153D9
MD5: 467e8f081607043a624557a031e23403
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\MSVCP71.dll
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
MD5: 561fa2abb31dfa8fab762145f81667c2
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\MSVCR71.dll
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
MD5: 86f1895ae8c5e8b17d99ece768a70732
Determination: GOOD

C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
PX5: C7371E06303DAF271611088239033A00CA05812B
MD5: 903aa37552fc25541bd6ee2e866b8fc1
Determination: GOOD

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL
	Loaded into: C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: 1A71DBF500A2DE1976DB019D79F2A200623A0697
MD5: 16b206229b2a348c8bcd8b5a6102a979
Determination: GOOD

C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded from: FILE
PX5: 8EEF47C5003CE17840B50A9C4D8838009076E3B3
MD5: 1b056eb232dc06d18266cd61cd2bb11d
Determination: GOOD

C:\WINDOWS\system32\KemUtil.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded from: FILE
PX5: 1BDE81E200EA2D6A00F302EC92D6AE0025D52237
MD5: acda593aad0f21fc02b7b2ff87b056aa
Determination: GOOD

C:\Programmi\Logitech\SetPoint\SetPointCOM.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: C1BADC6F00C1A17864D600580A7A3100159DAE87
MD5: 31917532a6f1681b81d758641997cdd4
Determination: GOOD

C:\WINDOWS\system32\kemutb.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded from: FILE
PX5: 9E34FA050081A9F4605A02B7F9EA6700586B3C81
MD5: 3058ef6a8dd40580d4ba15ccf758ae05
Determination: GOOD

C:\WINDOWS\system32\KemWnd.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded from: FILE
PX5: A4EB7BAC0021D28FB079013E7F3D7C00BC6D5449
MD5: 040c228bb2e9a070083cd3c05d1903cc
Determination: GOOD

C:\WINDOWS\system32\KemXML.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded from: FILE
PX5: 6A963074004E773A106D01FDC678730084AED8C4
MD5: 92c6fd91042cce4c89a7d92fe85b93d3
Determination: GOOD

C:\Programmi\Logitech\SetPoint\Macros\MacroCore.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: 41E4E90C005DC79960E70D074D42E600C8184196
MD5: 5f286fbdfea355910f28578cb27f1b33
Determination: GOOD

C:\WINDOWS\system32\IMM32.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: CDBF4DDD001A7574AE3A01510D252400AF18CE5E
MD5: ca38a6091ecac2668ec99afd4b6c0615
Determination: GOOD

C:\Programmi\Logitech\SetPoint\IMHook.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: C7957B5F00FD0D1A282200EE23AF360038954CAC
MD5: 948011bd041b2fac645b9c3c456ab64f
Determination: GOOD

C:\Programmi\File comuni\Logitech\khalshared\KhalApi.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: 848D9006000C90DC20E00629C984C5000D74753A
MD5: fa78325908152a1da44003466525c837
Determination: GOOD

C:\Programmi\Logitech\SetPoint\kgame.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: 6479189000A7A51410C3010592D3CA002AB9136E
MD5: 291e9a2ff3ece8b0f515fa07285bcd17
Determination: GOOD

C:\Programmi\Logitech\SetPoint\GameHook.dll
	Loaded into: C:\Programmi\Logitech\SetPoint\SetPoint.exe
PX5: 4809D9A300B97950E05700D9C0882A0087B903B5
MD5: 9862a16266c5c90eff2f7cd6a8661530
Determination: GOOD

C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded from: FILE
PX5: 2C2D454470C6F41271D512B92EB9C10067AE4980
MD5: 55be1239ee7c7dfb6aa3adfc8bd3d624
Determination: GOOD

C:\Programmi\C6 Messenger\autoupgrade.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 9B163483002211B9D80300610D189500F13B5A48
MD5: a2c297d102bb27ed9defbf2af42c6cd5
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\MFC71.DLL
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 1C538DBD002784B5DE2906CC0AC86D00C5EA8EE8
MD5: 79873002f296c65840eea3654fe259a4
Determination: GOOD

C:\Programmi\C6 Messenger\MSVCR71.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: E0DF14F0006A79A9889502D5D241B2006467E7E1
MD5: 2ee66eac810654f3a7c2889d83866857
Determination: GOOD

C:\Programmi\C6 Messenger\MSVCP71.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 2270B30200F1B258A26604CE3AFCF2003D7366B8
MD5: ffaaa921065e2ca3c98c9e64245cd679
Determination: GOOD

C:\Programmi\C6 Messenger\xmllib.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 8362F86300FBEA48406A003FE8F96200D35D6957
MD5: 0b4c6d50e652c9bab964a8b1f733514a
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\LIBEXPAT.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 4E3F4C1F00DB4801D8140078B0CC50009E628D8B
MD5: 8e932eae41f78424c68849501e623781
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\C6Version.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 1FAA7B9E00BE073F2A110021630B380062D1F500
MD5: 43e4e5f2f582cd08ea2958bba033c624
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\libspeex.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 9690F71C001DBC2758A40128B037E500FFA5FA80
MD5: eb93aab0dc1ad257edce42894f99b680
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\libtheora.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: DA13B92500D830DD107401DC20FD1E00EC138DC1
MD5: 5d294e75813595c8e7b8039f6cd9c4a9
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\libogg.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: A29EDA3F004A5B7490080049AB1CF40050CA4CCF
MD5: b3cdfe2c82bd2f968b147b515277282a
Determination: SUSPICIOUS

C:\Programmi\C6 Messenger\Skin4Win.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: E241DEA300C90ACCE42901B4F2C2810089426257
MD5: 3986a1422c7ee9ef955b475eabfd5ace
Determination: GOOD

C:\WINDOWS\system32\MFC71ITA.DLL
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 8C47BF9900C00236F0DE00B45623C60074094F00
MD5: ba14d19b7c983c5863601d95ea473fd2
Determination: GOOD

C:\WINDOWS\system32\RICHED20.DLL
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: 78A77A26004A717596B506399B8D75004DB2AFC4
MD5: f52bd4c96501f8914264a181beec2bb0
Determination: GOOD

C:\WINDOWS\system32\RICHED32.DLL
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: DC22E964004006F30EC300044BCB3C00B79BCD14
MD5: 0134d2722ec5c822a17bf66963b37231
Determination: GOOD

C:\WINDOWS\system32\shdoclc.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 552F282A005B9932A4DA08FB1D53CE00D5EAFBF4
MD5: 9373e3b36edbb58dcacc106530105954
Determination: GOOD

C:\WINDOWS\system32\mshtml.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: 3A897A7500F535C6D44D2DE390FA8000780C5D97
MD5: b0d7b00d4fdc5bb8203e0a38d15cbaa2
Determination: GOOD

C:\WINDOWS\system32\msls31.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
PX5: EAE4C961000263583C2A020DBFE06E003B95D274
MD5: 29b3675c2d9b2d0e18470a14024df369
Determination: GOOD

C:\WINDOWS\system32\msimtf.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 84310A0800BF02296E1202C6BE073C009D305F2B
MD5: e41d5bbed01edd653dfbe699c8b77fbf
Determination: GOOD

C:\WINDOWS\system32\MSCTF.dll
	Loaded into: C:\Programmi\C6 Messenger\c6Messenger.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 64563C73008EB95E7EDD046B94EDCE00A3D588EB
MD5: 5d2f1beea828b4951f550bade794c1ef
Determination: GOOD

C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
	Loaded from: FILE
PX5: 03F05E4445E9180490C61CBBE441C500EC6CF6BA
MD5: 9dc1724162ae095a57483076e1b8ebaf
Determination: GOOD

C:\Programmi\Stardock\ObjectDock\CrashRpt.dll
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: 16A4E45C00FA4DCD46FA014C53EE0800E04538EE
MD5: e0f93c08ac4f30983690c2932d492fb8
Determination: GOOD

C:\Programmi\Stardock\ObjectDock\dbghelp.dll
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: FAA15C6600D33C547A4D07EAA3EA0500CDC15E3A
MD5: e458d88c71990f545ef941cd16080bad
Determination: GOOD

C:\Programmi\Stardock\ObjectDock\zlib.dll
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: 5F5C7E030015BDCFD24E00574946B7005440541F
MD5: 87eddceb9d22c129e386e652c5cda521
Determination: GOOD

C:\WINDOWS\system32\CRTDLL.dll
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: 4AF300331B8E30AB46670205C5CC50005A157B0E
MD5: 154413b653037d6d75d4e2538c7a2564
Determination: GOOD

C:\Programmi\File comuni\Stardock\ODImg.dll
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: FEFA4389008A18EC2021022C18BB9500EE8E8898
MD5: 8c7e1bc5e4bc5bd0fcb0f57319c44333
Determination: GOOD

C:\Programmi\Stardock\ObjectDock\MSVCR70.dll
	Loaded into: C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PX5: 557F46BF00B8F62240C40522AB7B720047DFA04B
MD5: 9972a6ed4f2388dbfa8e0a96f6f3fdf1
Determination: GOOD

C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded from: FILE
PX5: BFBC700D30953B1A75DB2C6CD92A6200894A9DA3
MD5: 58e4f6d9446969d544a778590e6fe0bc
Determination: GOOD

C:\Programmi\Yahoo!\Widgets\js32.dll
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: 2BF82CCC0055C1FE909F05EB28D0C50091762B81
MD5: 22c73d277c45965d2b94b04f210c7a31
Determination: GOOD

C:\Programmi\Yahoo!\Widgets\sqlite3.dll
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: 926517AFDBF5E0BF53B8051860F6EC009EC69CEF
MD5: ea68aade4c65cde4e6001ed3d2665e50
Determination: GOOD

C:\WINDOWS\system32\snmpapi.dll
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
	Loaded into: C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
PX5: 3C1E6DCB00F469604AC400D41294270018B9F42E
MD5: 4c5db6bcdd95c6cdae11a775d428fced
Determination: GOOD

C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded into: C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\FLEXnet Licensing Service\ImagePath	"C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service\ImagePath	C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PX5: 1DF0F05C001C564AFEAD09E72969BB0036C2AF88
MD5: 227846995afeefa70d328bf5334a86a5
Determination: GOOD

C:\Programmi\eMule\emule .exe
	Loaded into: C:\Programmi\eMule\emule .exe
PX5: 34099F5300034EBB2C8B5CA44C028F00AA172E7F
Determination: GOOD

C:\Programmi\eMule\lang\it_IT.dll
	Loaded into: C:\Programmi\eMule\emule .exe
PX5: D754F46E005DC717B00601D8AC051500081F81D8
MD5: 2f4605e2d0496a03b6d2a57646169bd2
Determination: GOOD

C:\WINDOWS\system32\ICMP.DLL
	Loaded into: C:\Programmi\eMule\emule .exe
PX5: 0B30E5BF00DA4A2E0E4B007E40893D00B79BCD14
MD5: b6087457a1380f8ae1d9355af2a6bf11
Determination: GOOD

C:\WINDOWS\system32\asycfilt.dll
	Loaded into: C:\Programmi\eMule\emule .exe
PX5: 7A835B6A0004AA94FE1200A959A9C8007542FDC8
MD5: db8718c2302ee4ca71d062357a47b154
Determination: GOOD

C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 59E438AB70B0D00595F1567CB8966B00A1C6CF9F
Determination: GOOD

C:\Programmi\MSN Messenger\MSIMG32.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: D916DB3558BB14AC16C101E2D3ACE800F3870B63
MD5: acd754914bba14ac7bda1e93c54b5786
Determination: GOOD

C:\Programmi\MSN Messenger\MSNCore.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: C6F0BE9F70814D2869E60F9C6060FD00FEE58E96
MD5: 2a939976937edb8d4e10a9a04bb0c28c
Determination: GOOD

C:\Programmi\MSN Messenger\WINMM.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 0AA54B8600068F36F0870005A526FD00FFECBA3C
MD5: 0ecf14f8768e68d8538ab981072cc67f
Determination: GOOD

C:\Programmi\MSN Messenger\MSACM32.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 6193C19D00F4001F2881001DE62E2900783966F2
MD5: aa1ec80085d72d3d228dc881ced83325
Determination: GOOD

C:\Programmi\MSN Messenger\msidcrl40.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 0ECDAEE050AF36AA5DE00C7444C5B0003F134AC1
MD5: ef66829b99bbfc465b05dc7411b0dcfa
Determination: GOOD

C:\Programmi\MSN Messenger\ContactsUX.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: C60A3CD570F3FFAD49EE05D0BFC8E00069CCADD1
MD5: 459da306d5a3423b47df0eee34508834
Determination: GOOD

C:\WINDOWS\system32\CRYPTNET.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\DllName	cryptnet.dll
PX5: 7068F9AD00A507EDF8EF0072A0BBE3005197631B
MD5: f8dd2e38ecc275ae94edc7c0492416ef
Determination: GOOD

C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: CDA4A05258EE3372E635272AB3343E003B97816F
MD5: 46916fec5c849bde5c80a813f5e73dad
Determination: GOOD

C:\Programmi\Messenger Plus! Live\Detoured.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: F65954AE00470335105B003B3C2E0700B79BCD14
MD5: 6256684495c499b22dcdba266e4f2494
Determination: GOOD

C:\Programmi\StuffPlug3\StuffPlug3.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 338E6BA400DFF7F840200CC16690040051158C11
MD5: d0a5ff4907b10b17189f5e5995744ad8
Determination: GOOD

C:\Programmi\MSN Messenger\msgslang.8.1.0178.00.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 7E5F283070C0EA4415141CA70AE051002F655617
MD5: 267ec25d565234b4a7225fa8fcded474
Determination: GOOD

C:\Programmi\MSN Messenger\msgsres.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 127A2810700A9D5CE9FF23D8EB656900753CC50B
MD5: fe194a8d2e27aa07c7d6a973bfad6d65
Determination: GOOD

C:\WINDOWS\system32\Msftedit.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: EC3AF7ED0044408F3284087ED8F0E5000E384E68
MD5: cc6fbbceb04502514cfbfe574620b45f
Determination: GOOD

C:\Programmi\Messenger Plus! Live\MsgPlusLiveRes.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: BD3EE9A65849AA08C6001580E639470097C2C25E
MD5: 464b511c90898b20d5117f530133a436
Determination: GOOD

C:\WINDOWS\system32\inetcomm.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 6F7BA8DE0062322F5AD30A718DCC6800D15C0FDF
MD5: 92e3318680ad259925e3cd18bef52b38
Determination: GOOD

C:\WINDOWS\system32\MSOERT2.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 61C8D0CC002EB4989EDF01861BAC8800B0749E11
MD5: cc1156c6c8d3d05460e83054207c4b3d
Determination: GOOD

C:\WINDOWS\system32\inetres.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 01240F3500388EF8C82C000530AB80006440F2E7
MD5: 73e230ad83b0d29cea963a3ab8d7b040
Determination: GOOD

C:\Programmi\MessengerDiscovery\MessengerDiscovery.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: AFB7023C0056040DE04401406E546F00B7286160
MD5: 6463abac767833e203bf790457ec4bdf
Determination: GOOD

C:\Programmi\MSN Messenger\lcapi.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 93ED0E5E08FE1ECA9D471902BAFC7D00E145E124
MD5: ed66972f5deff926f34d542d40c03545
Determination: GOOD

C:\WINDOWS\system32\msdmo.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: E066A32000D3A76538FB009324A8C000E1C6DEBF
MD5: 99a0107bacb5242f42060a06e3d796de
Determination: GOOD

C:\Programmi\MSN Messenger\lcres.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 43E320821871BDC3F1A90571358C560035F5AC95
MD5: 05cce24491fd03c5d25eef65451e689b
Determination: GOOD

C:\Programmi\MSN Messenger\RTMPLTFM.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: C33CBE9110837464C38F3A6C968C48009727C43D
Determination: GOOD

C:\WINDOWS\system32\devenum.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 3F29E6CB00309A3EEA63004DF7AE9F0064C7387B
MD5: c388daf6a91be8e8615dd067bc0f3928
Determination: GOOD

C:\WINDOWS\system32\quartz.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 1209684100B9E6B2BAE11363888F5D00B2DB2704
MD5: c09c7f5b57a7df14effd093d71d47be1
Determination: GOOD

C:\WINDOWS\system32\DDRAW.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 4E606A3E004BFD1E107104ECA94E4700B2873B8F
MD5: 613e66ace3fae6523e6f1a0183af7f2d
Determination: GOOD

C:\WINDOWS\system32\DCIMAN32.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 256E9CF3007B0060223C00722D6B1100E50006BD
MD5: b4135161fbdf6bf676bbfa8eb79cade8
Determination: GOOD

C:\WINDOWS\system32\D3DIM700.DLL
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 79FBA49800AC119098850C1D3F038D00BC563F74
MD5: 72950e68ef37326b57be25f0f6bb4b62
Determination: GOOD

C:\WINDOWS\system32\dpnhupnp.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: D492D17100C41715EE95002FAC684100B3D61EB6
MD5: c130eafb99c408775ba903fd9584754c
Determination: GOOD

C:\Programmi\MSN Messenger\MSGSWCAM.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 7C72C92A7071AEB225E50AD29EC95700D5094AF5
MD5: f6c85aaf74413ea2d431bf1963d72db5
Determination: GOOD

C:\WINDOWS\system32\sirenacm.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.siren	sirenacm.dll
PX5: 92D29F56708DC7D2C7BF005BB97C8A00D5F934F9
MD5: c2bde52e48e668fe6f95c40bba7aa310
Determination: GOOD

C:\WINDOWS\system32\ksproxy.ax
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 147F5932007B7997FC7901F75383A8002F61D38B
MD5: 88f8c4283f5bd70779a4e0aab2354407
Determination: GOOD

C:\WINDOWS\system32\kswdmcap.ax
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: B3C771E000CFF110644001770C26F30015B04AC1
MD5: 20249fab6e667647072daae3fed3d459
Determination: GOOD

C:\Programmi\MSN Messenger\lmcdata.dll
	Loaded into: C:\Programmi\MSN Messenger\MsnMsgr .Exe
PX5: 4F00CE6F703D34A267BD0751C36C8F0077C4E40A
MD5: 07d00b4ab74eaa99ab1abe97fd41512d
Determination: GOOD

C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: 04353B9D00C3885AA02D1E163AC5D00020CADD2C
MD5: 956ee65f9a1952b8022709e4f2f92fcd
Determination: GOOD

C:\WINDOWS\system32\MSVBVM60.DLL
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: 43152D121F42892E40A015B65D130D00E20425D4
MD5: a75904183aa39c975fa4cb8d50b194c5
Determination: GOOD

C:\WINDOWS\system32\VB6IT.DLL
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: 53A10F6B10941A36DD600179248AF200D4639815
MD5: 73e7e5f86f5c4525fae9bc7f2239a591
Determination: GOOD

C:\WINDOWS\system32\MSWINSCK.ocx
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: EB4D40B310A12F4CE70F01789A633C007F725764
MD5: e8a2190a9e8ee5e5d2e0b599bbf9dda6
Determination: GOOD

C:\WINDOWS\system32\MSCOREE.DLL
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: 36CE3DE9006AF1ED225D04AABCCEEE0051676249
MD5: 8256f0e39ad2b2d2c9a9db00242f594a
Determination: GOOD

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: 8784E1E200EB3F242414004AA2356000095FA2A7
MD5: ad23bb6b329c7d5ee8a43b89e2fd4fd2
Determination: GOOD

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: B82EE0A100B23539B00B5531E4979700636D4BAE
Determination: GOOD

C:\WINDOWS\system32\comctl32.ocx
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: B338A671C024B20F48A80970D3818A00AFB0346E
MD5: eb5f811c1f78005b3c147599a0cccf51
Determination: GOOD

C:\WINDOWS\system32\comdlg32.ocx
	Loaded into: C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
PX5: 6B5C63461028265F55E602D4BDA8C7000A811159
MD5: ab412429f1e5fb9708a8cdea07479099
Determination: GOOD

C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8FEE32AE58BBA23ACF080068F5F6DC003A478EA6
MD5: f3e9065eb617a7e3a832a7976bfa021b
Determination: GOOD

C:\WINDOWS\system32\wucltui.dll
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 8A679F0A58AB3095F90D0438786EDD00EE35BF28
MD5: 41685c36447a4d8030c39b287c6f2503
Determination: GOOD

C:\WINDOWS\system32\wuaucpl.cpl
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F327514-6C5E-4d60-8F16-D07FA08A78ED}	Auto Update Property Sheet Extension
PX5: DEC1D60858D0AD974D1603850E3A98002B746A2D
MD5: d7fa9a9750403cc68dc209cde7c50d7a
Determination: GOOD

C:\WINDOWS\system32\mucltui.dll
	Loaded into: C:\WINDOWS\system32\wuauclt.exe
PX5: 0FB1943B78EED05B23D6044931871C00FA81B94F
MD5: 6e156451edb1f43dc2f39b5ef4fdcc8b
Determination: GOOD

C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 93D2EEDD00C43986F6A6009DB1F3AE00D7DA0C82
MD5: e8a8fc71e90080760ab7967d79836508
Determination: GOOD

C:\Programmi\Windows Media Player\mpvis.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 3822E1EE0018480246F405896CE8C700B6688FA4
MD5: 8cefdd71006bf925f56c76478c3b437e
Determination: GOOD

C:\WINDOWS\system32\MFPlat.DLL
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: AA1C6EB9001B12DCD89A059262DA7A002E70C244
MD5: 965d3eab3c0c1f7fc6c16b54e52a15f1
Determination: GOOD

C:\WINDOWS\system32\l3codeca.acm
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm	C:\WINDOWS\system32\l3codeca.acm
PX5: BD6FA9CA00B4F05D702C042DD7B42E003DC5A552
MD5: c5af10fd0a2c5938c4d962537af13ba3
Determination: GOOD

C:\WINDOWS\system32\wmpeffects.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 94DA48B700743DD79CFA06A1A2BB470039B27D55
MD5: fb0db762d8374e2167a6608f4630153c
Determination: GOOD

C:\WINDOWS\system32\MSWMDM.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 447C92A5002815CCAE4404418411E3007041D704
MD5: cacb4d4470722d4da461b996a3d78eea
Determination: GOOD

C:\WINDOWS\system32\WMDMPS.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 8149CF00005719D390D700564C038100CA452AC3
MD5: dd1f63879c013b5b2d51c46bfdce3b3c
Determination: GOOD

C:\WINDOWS\system32\MsPMSP.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 78D80D6500B49CFD862F02CEE80D4300B1C322F0
MD5: 3f74869276bbf936de42c067f2d7850b
Determination: GOOD

C:\WINDOWS\system32\wmnetmgr.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 1C4ACCAF00DE5D8A247C0FF1C56347007B9A7B45
MD5: bc9a0b6fae4d57720c0b6810f72c3316
Determination: GOOD

C:\Programmi\K-Lite Codec Pack\filters\ac3filter.ax
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 738D147B008780D660D706A3AFDDCD0009ED2129
MD5: 5473708a73f6096a043735d2e14676a7
Determination: GOOD

C:\Programmi\K-Lite Codec Pack\filters\vsfilter.dll
	Loaded into: C:\Programmi\Windows Media Player\wmplayer.exe
PX5: 1B0F24BF0067A79FD0720BE21C82350017550824
MD5: f5d44f0810ec447affa7a3ee38ca9bb1
Determination: GOOD

C:\Programmi\Mozilla Firefox\firefox.exe
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 74432CAC70EB96A0BC50745EE4728B00F8FAE799
Determination: GOOD

C:\Programmi\Mozilla Firefox\js3250.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: B105E9BD68A10EB3F6AA06E7AF7B45008426D782
MD5: f0446a6350a104e8610f2783433d41ed
Determination: GOOD

C:\Programmi\Mozilla Firefox\nspr4.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 5263A09E708D072176F602F4E50AA800734584AF
MD5: c0f92c1b333cc74cb1fca6b488ae696d
Determination: GOOD

C:\Programmi\Mozilla Firefox\xpcom_core.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 56A0AA4970779FF870220668872C2300011DB2B0
MD5: efd06b7f9cc2110dce925eb1e461ed22
Determination: GOOD

C:\Programmi\Mozilla Firefox\plc4.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 805ED1397829B78F86F6002DDDE82A006AA03B38
MD5: 9ecf553a8c2fd1be219c83e0547552c6
Determination: GOOD

C:\Programmi\Mozilla Firefox\plds4.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: D89FD48170A74E7D768A00A323AA3300F37DA722
MD5: c20abdcabd0acc690106db5fb6e645e3
Determination: GOOD

C:\Programmi\Mozilla Firefox\smime3.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 89F2D56768AD0AA4B61B014C7B6099008BEC17EF
MD5: 60c4ead6f501fd2e00fe35c0866ba3f2
Determination: GOOD

C:\Programmi\Mozilla Firefox\nss3.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: AA1EDE4568A6A7CAC6F105427FB01100336E7F07
MD5: f3be2a5387e6d3fa52bdb38d67c8e706
Determination: GOOD

C:\Programmi\Mozilla Firefox\softokn3.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 8542B9B86C54271FE0A2030F4DD1D900F862BBAB
MD5: 97290c004317f20f160b38cc9a95c7de
Determination: GOOD

C:\Programmi\Mozilla Firefox\ssl3.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: CD745CC168357AF9062E021B815ED000D6F224BD
MD5: 320d538153c55542ee8503e614f2e420
Determination: GOOD

C:\Programmi\Mozilla Firefox\xpcom_compat.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 5CA5D7C57880F7BB20DF01B3C467780096264167
MD5: ade544222ab3e1cf6b3d8691adce97d5
Determination: GOOD

C:\Programmi\Mozilla Firefox\components\myspell.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 17BCE6718838929888B7000AF9F43C002806CA27
MD5: 129a1488a99936e0bd1e4f38fdc4b561
Determination: GOOD

C:\Programmi\Mozilla Firefox\components\jar50.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 06BDA4A17082363308290105538FE40039D39FB3
MD5: 0445d627eeb9279509bc546bc5c906c2
Determination: GOOD

C:\Programmi\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: C5773AB178A9E80E382B0069B9484F009B3FAFFB
MD5: 65137ab3339ce93c3acf790a701c105a
Determination: GOOD

C:\Programmi\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: FFC387D180252DA263B0026E692A290058BB0366
MD5: 8ae8f6fa6963551f1c488c76baa5949c
Determination: GOOD

C:\Programmi\Mozilla Firefox\freebl3.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 656849DF7D6F8DBF10880339B8136100F30602B9
MD5: f29c455e465e129f30dc21a1960b201f
Determination: GOOD

C:\Programmi\Mozilla Firefox\nssckbi.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 48E2FA29701572B72617045B5051070012CD2532
MD5: 69e4eadfd29783481f939d4ad02b67e5
Determination: GOOD

C:\Programmi\Mozilla Firefox\components\spellchk.dll
	Loaded into: C:\Programmi\Mozilla Firefox\firefox.exe
PX5: 19A3215780980EB3B663002D24DAF100D83FF695
MD5: d9719ad74a6427df3e56ae93daa501b8
Determination: GOOD

c:\windows\system32\w3ssl.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: A6B700D7003E7B103E9200F3DAA15600D1CE535A
MD5: 730374dcf08df00178d190f9ebd0058a
Determination: GOOD

C:\WINDOWS\System32\strmfilt.dll
	Loaded into: C:\WINDOWS\System32\svchost.exe
PX5: 066E28230096601228B701DD5C8350004BCC7182
MD5: 4befaab581fcfec0a658c704d416f571
Determination: GOOD

C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
	Loaded into: C:\Documents and Settings\utente\Documenti\Antivirus Utility\PREVXCSIFREE.EXE
PX5: 3043F13238834E375CDF093924CA3700BC43F30C
MD5: 6b49f60ffb733cd56766951954052f94
Determination: GOOD

C:\WINDOWS\system32\NvCpl.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A70C977A-BF00-412C-90B7-034C51DA2439}	NvCpl DesktopContext Class
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFB699E0-306A-11d3-8BD1-00104B6F7516}	Play on my TV helper
PX5: E6F7AE0B005284A8A01276A9BEC67300B33174C8
Determination: GOOD

C:\WINDOWS\system32\nwiz.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\nwiz	nwiz.exe /install
PX5: 6D64FDF000E7A6F2C02518CF198A7400871CBBBB
MD5: f07dc9379a618584e958b2fcfe8d313f
Determination: GOOD

C:\WINDOWS\KHALMNPR.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Kernel and Hardware Abstraction Layer	KHALMNPR.EXE
	Loaded from: FILE
PX5: 1C82D9A300A4CD42707801C70B938500977EBEA9
MD5: cacd213e5a959fdf4f8232a6b34fad43
Determination: GOOD

C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Hardware Abstraction Layer	"C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE"
PX5: 34099F5300034EBB788B06A44C028F00CA2CC6C3
MD5: 291b5b579561b5bbe53e4343806562b4
Determination: GOOD

C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
	Loaded from: \REGISTRY\User\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Nokia.PCSync	C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
	Loaded from: \REGISTRY\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\Nokia.PCSync	C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
PX5: 946201B200D3FA32F0B4124B0A8FDC00E00B4EA4
MD5: 9d7eee677b52a04a536481ad2cbeaa61
Determination: GOOD

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\LDM	C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PX5: 34099F5300034EBBA48B05A44C028F008B7B8A43
MD5: 476055b2ab978261f89773c6b8f75b32
Determination: SUSPICIOUS

C:\WINDOWS\system32\DRIVERS\ACPI.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ACPI\ImagePath	system32\DRIVERS\ACPI.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ACPI\ImagePath	C:\WINDOWS\system32\DRIVERS\ACPI.sys
	Loaded from: FILE
PX5: 6EB7D724001F4D96E0A8029EF0BB700070C5BA93
MD5: ad825cb3397c837d1fb91d566d78de04
Determination: GOOD

C:\WINDOWS\system32\drivers\aec.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\aec\ImagePath	system32\drivers\aec.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aec\ImagePath	C:\WINDOWS\system32\drivers\aec.sys
	Loaded from: FILE
PX5: 0D5CE55C80399AC42C5E023AA9E661007F4C2597
MD5: 841f385c6cfaf66b58fbd898722bb4f0
Determination: GOOD

C:\WINDOWS\System32\drivers\afd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AFD\ImagePath	\SystemRoot\System32\drivers\afd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AFD\ImagePath	C:\WINDOWS\System32\drivers\afd.sys
	Loaded from: FILE
PX5: EE224F5C0089E9241DEF0273688B740025971F4C
MD5: 5ac495f4cb807b2b98ad2ad591e6d92e
Determination: GOOD

C:\WINDOWS\system32\drivers\amon.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AMON\ImagePath	\??\C:\WINDOWS\system32\drivers\amon.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AMON\ImagePath	C:\WINDOWS\system32\drivers\amon.sys
	Loaded from: FILE
PX5: 8F01E046C088FE82A9A307CE7E023D0032CDEFA8
MD5: ad65f551d2edd1cfdea0be8f1084e493
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\arp1394.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Arp1394\ImagePath	system32\DRIVERS\arp1394.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Arp1394\ImagePath	C:\WINDOWS\system32\DRIVERS\arp1394.sys
	Loaded from: FILE
PX5: E79B803D809043E9ED9C00655C5EAE00E1E46E49
MD5: f0d692b0bffb46e30eb3cea168bbc49f
Determination: GOOD

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\aspnet_state\ImagePath	%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\aspnet_state\ImagePath	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
PX5: BB434D07C8741D51745900F3E3CC0F00ED8F1C59
MD5: d33c507942299753868204cc7642fa27
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\AsyncMac\ImagePath	system32\DRIVERS\asyncmac.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AsyncMac\ImagePath	C:\WINDOWS\system32\DRIVERS\asyncmac.sys
	Loaded from: FILE
PX5: 8BD45D2B002F3B40389D007E91CC59004B62F8E9
MD5: 02000abf34af4c218c35d257024807d6
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\atapi.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\atapi\ImagePath	system32\DRIVERS\atapi.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\atapi\ImagePath	C:\WINDOWS\system32\DRIVERS\atapi.sys
	Loaded from: FILE
PX5: 9D6081B280209DE174C2011395153C00E47C5A8D
MD5: cdfe4411a69c224bd1d11b2da92dac51
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Atmarpc\ImagePath	system32\DRIVERS\atmarpc.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Atmarpc\ImagePath	C:\WINDOWS\system32\DRIVERS\atmarpc.sys
	Loaded from: FILE
PX5: C41A09F600246E0AEA81009B2DE4BF0073057136
MD5: ec88da854ab7d7752ec8be11a741bb7f
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\audstub.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\audstub\ImagePath	system32\DRIVERS\audstub.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\audstub\ImagePath	C:\WINDOWS\system32\DRIVERS\audstub.sys
	Loaded from: FILE
PX5: C910D030000E35B30CDC00441BDEF300B79BCD14
MD5: d9f724aa26c010a217c97606b160ed68
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CCDECODE\ImagePath	system32\DRIVERS\CCDECODE.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CCDECODE\ImagePath	C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
	Loaded from: FILE
PX5: 4E4CADF380552430426F00BC05FF9D0038FB5853
MD5: 6163ed60b684bab19d3352ab22fc48b2
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\cdrom.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Cdrom\ImagePath	system32\DRIVERS\cdrom.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Cdrom\ImagePath	C:\WINDOWS\system32\DRIVERS\cdrom.sys
	Loaded from: FILE
PX5: B3CE44DD80DABE80C1400031E25C450069663A5F
MD5: af9c19b3100fe010496b1a27181fbf72
Determination: GOOD

C:\WINDOWS\system32\cisvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\CiSvc\ImagePath	%SystemRoot%\system32\cisvc.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CiSvc\ImagePath	C:\WINDOWS\system32\cisvc.exe
PX5: B03833B20005A59D1629005665669D00201F0525
MD5: c4e84243292e37ca3b6faf4a1855b8a7
Determination: GOOD

C:\WINDOWS\system32\clipsrv.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ClipSrv\ImagePath	%SystemRoot%\system32\clipsrv.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ClipSrv\ImagePath	C:\WINDOWS\system32\clipsrv.exe
PX5: 50E35C41004F616D823700EBB15ECF008A4FA87F
MD5: 0a215e4bac9a1a9381d88c67517c850b
Determination: GOOD

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\clr_optimization_v2.0.50727_32\ImagePath	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32\ImagePath	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PX5: F17A6501C07AD2CE023301EE2109B000FDD5AFC3
MD5: 3c4d595e7f9b747325aef28b4adcaae5
Determination: GOOD

C:\WINDOWS\system32\dllhost.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\COMSysApp\ImagePath	C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SwPrv\ImagePath	C:\WINDOWS\system32\dllhost.exe /Processid:{9DCAC7F5-4A49-4917-8DA1-92B22A753B92}
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\COMSysApp\ImagePath	C:\WINDOWS\system32\dllhost.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SwPrv\ImagePath	C:\WINDOWS\system32\dllhost.exe
PX5: 6EA1D06F0041EB21141900B4A32FF2002F6B8881
MD5: f4b3c65e2a3406f32d220019deb522f8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\disk.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Disk\ImagePath	system32\DRIVERS\disk.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Disk\ImagePath	C:\WINDOWS\system32\DRIVERS\disk.sys
	Loaded from: FILE
PX5: 61E4E34300C80A908E6D00C10934AF006F571071
MD5: 00ca44e4534865f8a3b64f7c0984bff0
Determination: GOOD

C:\WINDOWS\System32\dmadmin.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmadmin\ImagePath	%SystemRoot%\System32\dmadmin.exe /com
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmadmin\ImagePath	C:\WINDOWS\System32\dmadmin.exe
PX5: CB8A3D6900018319702703238C5916001DF268F6
MD5: 6c9aaa1aa9bf1699d23dec4d4113226f
Determination: GOOD

C:\WINDOWS\System32\drivers\dmboot.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmboot\ImagePath	System32\drivers\dmboot.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmboot\ImagePath	C:\WINDOWS\System32\drivers\dmboot.sys
	Loaded from: FILE
PX5: 917F152000320DE9366A0C362239380089D45879
MD5: 6570b4c952f0d8fee4c6ef2ff5e10c08
Determination: GOOD

C:\WINDOWS\System32\drivers\dmio.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmio\ImagePath	System32\drivers\dmio.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmio\ImagePath	C:\WINDOWS\System32\drivers\dmio.sys
	Loaded from: FILE
PX5: 33A7916180B2EE7E5AC702A49AA6DC00E6795F14
MD5: c57d35621782c7f40770f3e5ca20a182
Determination: GOOD

C:\WINDOWS\System32\drivers\dmload.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\dmload\ImagePath	System32\drivers\dmload.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmload\ImagePath	C:\WINDOWS\System32\drivers\dmload.sys
	Loaded from: FILE
PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4
MD5: e9317282a63ca4d188c0df5e09c6ac5f
Determination: GOOD

C:\WINDOWS\system32\drivers\DMusic.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\DMusic\ImagePath	system32\drivers\DMusic.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DMusic\ImagePath	C:\WINDOWS\system32\drivers\DMusic.sys
	Loaded from: FILE
PX5: 64B493018066E6FACEE6008D21636D008F236B03
MD5: a6f881284ac1150e37d9ae47ff601267
Determination: GOOD

C:\WINDOWS\system32\drivers\drmkaud.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\drmkaud\ImagePath	system32\drivers\drmkaud.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\drmkaud\ImagePath	C:\WINDOWS\system32\drivers\drmkaud.sys
	Loaded from: FILE
PX5: FA93CCC9802BA0DD0B8800D3A4C66500B79BCD14
MD5: 1ed4dbbae9f5d558dbba4cc450e3eb2e
Determination: GOOD

C:\WINDOWS\system32\mnmsrvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Eventlog\Application\(default)	mnmsrvc
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\mnmsrvc\ImagePath	C:\WINDOWS\system32\mnmsrvc.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mnmsrvc\ImagePath	C:\WINDOWS\system32\mnmsrvc.exe
PX5: F2F6E69800D71BFC80AE00AF40E07800F93A911A
MD5: 940a4e02b7f03c2592a52e16dddb3e46
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\fdc.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Fdc\ImagePath	system32\DRIVERS\fdc.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Fdc\ImagePath	C:\WINDOWS\system32\DRIVERS\fdc.sys
	Loaded from: FILE
PX5: 030113CC009ED3836B77000B64308F0030511E66
MD5: ced2e8396a8838e59d8fd529c680e02c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\flpydisk.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Flpydisk\ImagePath	system32\DRIVERS\flpydisk.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Flpydisk\ImagePath	C:\WINDOWS\system32\DRIVERS\flpydisk.sys
	Loaded from: FILE
PX5: 60E1171000EEA79E50BF00391F7EE000F2860CEC
MD5: 0dd1de43115b93f4d85e889d7a86f548
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\fltMgr.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\FltMgr\ImagePath	system32\DRIVERS\fltMgr.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FltMgr\ImagePath	C:\WINDOWS\system32\DRIVERS\fltMgr.sys
	Loaded from: FILE
PX5: C07EAE2780FF0E5FE76C019FEA2ECE0003150577
MD5: 157754f0df355a9e0a6f54721914f9c6
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ftdisk\ImagePath	system32\DRIVERS\ftdisk.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ftdisk\ImagePath	C:\WINDOWS\system32\DRIVERS\ftdisk.sys
	Loaded from: FILE
PX5: D543638280F1FAF5EBA30154BD3E7700D3ED2EEC
MD5: f3269a6ee547ea87b949a1cea4816b38
Determination: GOOD

C:\WINDOWS\gdrv.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\gdrv\ImagePath	\??\C:\WINDOWS\gdrv.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gdrv\ImagePath	C:\WINDOWS\gdrv.sys
	Loaded from: FILE
PX5: A3AE4F0CF06E2B3E3C3D0000B83AA6000E2F2AB0
MD5: 54789f9ba0d59072cdd4e7c200e122c4
Determination: GOOD

C:\WINDOWS\System32\DRIVERS\gmer.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\gmer\ImagePath	System32\DRIVERS\gmer.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\gmer\ImagePath	C:\WINDOWS\System32\DRIVERS\gmer.sys
	Loaded from: FILE
PX5: 2363898871BA3A5C11ED011C6BB8A400275AD21D
MD5: 35b24c17f8aea65cabc4a4e63e88ac45
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\msgpc.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Gpc\ImagePath	system32\DRIVERS\msgpc.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Gpc\ImagePath	C:\WINDOWS\system32\DRIVERS\msgpc.sys
	Loaded from: FILE
PX5: A6DC8C520088C979894600B57B2B1A00363C4157
MD5: c0f1d4a21de5a415df8170616703debf
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HDAudBus\ImagePath	system32\DRIVERS\HDAudBus.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HDAudBus\ImagePath	C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
	Loaded from: FILE
PX5: 0BF29F2900ECCC301EAB02F054A1A700522B006C
MD5: 3fcc124b6e08ee0e9351f717dd136939
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\hidusb.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HidUsb\ImagePath	system32\DRIVERS\hidusb.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidUsb\ImagePath	C:\WINDOWS\system32\DRIVERS\hidusb.sys
	Loaded from: FILE
PX5: 1484F98A807906C3258400E49D6D650019C14BBC
MD5: 1de6783b918f540149aa69943bdfeba8
Determination: GOOD

C:\WINDOWS\System32\Drivers\HTTP.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\HTTP\ImagePath	System32\Drivers\HTTP.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTP\ImagePath	C:\WINDOWS\System32\Drivers\HTTP.sys
	Loaded from: FILE
PX5: 7D54A2AA80AC9B3F039704DAED61AB008C70BD34
MD5: c19b522a9ae0bbc3293397f3055e80a1
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\i8042prt\ImagePath	system32\DRIVERS\i8042prt.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\i8042prt\ImagePath	C:\WINDOWS\system32\DRIVERS\i8042prt.sys
	Loaded from: FILE
PX5: 5176B379805D75ECD1900002BF9BC2003FF0C0D5
MD5: 30e64dfa4efaacc8142ea07766181fb4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\imapi.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Imapi\ImagePath	system32\DRIVERS\imapi.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Imapi\ImagePath	C:\WINDOWS\system32\DRIVERS\imapi.sys
	Loaded from: FILE
PX5: A6DE19768012C7FDA37F00B5535D7900050612BF
MD5: f8aa320c6a0409c0380e5d8a99d76ec6
Determination: GOOD

C:\WINDOWS\system32\imapi.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ImapiService\ImagePath	C:\WINDOWS\system32\imapi.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ImapiService\ImagePath	C:\WINDOWS\system32\imapi.exe
PX5: 74CFCD09009BDDD14A8402202B1E530034B0D214
MD5: ed7abb35c81709fb41972d30fe15311e
Determination: GOOD

C:\WINDOWS\system32\drivers\RtkHDAud.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IntcAzAudAddService\ImagePath	system32\drivers\RtkHDAud.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IntcAzAudAddService\ImagePath	C:\WINDOWS\system32\drivers\RtkHDAud.sys
	Loaded from: FILE
PX5: 26A4AD5600D4D6B810DF436472AD13009AB69A45
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\intelppm.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\intelppm\ImagePath	system32\DRIVERS\intelppm.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\intelppm\ImagePath	C:\WINDOWS\system32\DRIVERS\intelppm.sys
	Loaded from: FILE
PX5: 308DA7E000DC5FE09D58006BABC91A0052CD17AF
MD5: ebc07787034bbe312020d30198a9f362
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ip6Fw\ImagePath	system32\DRIVERS\Ip6Fw.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ip6Fw\ImagePath	C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
	Loaded from: FILE
PX5: 554B18088049820E711F003BBA86E4005B660DCC
MD5: 4448006b6bc60e6c027932cfc38d6855
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IpFilterDriver\ImagePath	system32\DRIVERS\ipfltdrv.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpFilterDriver\ImagePath	C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
	Loaded from: FILE
PX5: E130718C809C039180F700DA0AC8EE00F2B31814
MD5: 731f22ba402ee4b62748adaf6363c182
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipinip.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IpInIp\ImagePath	system32\DRIVERS\ipinip.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpInIp\ImagePath	C:\WINDOWS\system32\DRIVERS\ipinip.sys
	Loaded from: FILE
PX5: 9655BFAF0030F62E523A00C352D248003081C413
MD5: e1ec7f5da720b640cd8fb8424f1b14bb
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipnat.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IpNat\ImagePath	system32\DRIVERS\ipnat.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IpNat\ImagePath	C:\WINDOWS\system32\DRIVERS\ipnat.sys
	Loaded from: FILE
PX5: 16BC903800541BF40F8E022F0693810084706928
MD5: b5a8e215ac29d24d60b4d1250ef05ace
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ipsec.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IPSec\ImagePath	system32\DRIVERS\ipsec.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IPSec\ImagePath	C:\WINDOWS\system32\DRIVERS\ipsec.sys
	Loaded from: FILE
PX5: 84ED89D600412A2C245201A3F8A740006B772EC6
MD5: 64537aa5c003a6afeee1df819062d0d1
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\irenum.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\IRENUM\ImagePath	system32\DRIVERS\irenum.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\IRENUM\ImagePath	C:\WINDOWS\system32\DRIVERS\irenum.sys
	Loaded from: FILE
PX5: 42D7DCAC001BE9A12C7B00EF915041002AED16BC
MD5: 50708daa1b1cbb7d6ac1cf8f56a24410
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\isapnp.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\isapnp\ImagePath	system32\DRIVERS\isapnp.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\isapnp\ImagePath	C:\WINDOWS\system32\DRIVERS\isapnp.sys
	Loaded from: FILE
PX5: 8A87001A0002BFB48D1F0066402D8A00BD468997
MD5: ea3245a8e8758d6b84de189a5caaa75e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\JGOGO.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\JGOGO\ImagePath	system32\DRIVERS\JGOGO.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\JGOGO\ImagePath	C:\WINDOWS\system32\DRIVERS\JGOGO.sys
	Loaded from: FILE
PX5: 50F09B0E00F8108E1B2000B1B094310006768514
MD5: c995c0e8b4503fac38793bb0236ad246
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\jraid.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\JRAID\ImagePath	system32\DRIVERS\jraid.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\JRAID\ImagePath	C:\WINDOWS\system32\DRIVERS\jraid.sys
	Loaded from: FILE
PX5: 91E77DFF80FABEA5AF4F00D9DEB2DF00045E9AED
MD5: f90a4e8657319a652e04c5362926cfea
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Kbdclass\ImagePath	system32\DRIVERS\kbdclass.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Kbdclass\ImagePath	C:\WINDOWS\system32\DRIVERS\kbdclass.sys
	Loaded from: FILE
PX5: 11013D51001BA498620F00A282D06D00135D5A16
MD5: e883ae6ea0b313e659225aa32e449ce9
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\kbdhid.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\kbdhid\ImagePath	system32\DRIVERS\kbdhid.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kbdhid\ImagePath	C:\WINDOWS\system32\DRIVERS\kbdhid.sys
	Loaded from: FILE
PX5: BFEF19AB007A27B83AD2001F22115F00DD6CF6D0
MD5: 24f4d51e89822c349044c28be255c8a5
Determination: GOOD

C:\WINDOWS\system32\drivers\kmixer.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\kmixer\ImagePath	system32\drivers\kmixer.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\kmixer\ImagePath	C:\WINDOWS\system32\drivers\kmixer.sys
	Loaded from: FILE
PX5: 13330EA9009A68969FC70268A04877008F11DB17
MD5: d93cad07c5683db066b0b2d2d3790ead
Determination: GOOD

C:\WINDOWS\System32\Drivers\L8042Kbd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\L8042Kbd\ImagePath	System32\Drivers\L8042Kbd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\L8042Kbd\ImagePath	C:\WINDOWS\System32\Drivers\L8042Kbd.sys
	Loaded from: FILE
PX5: 039ED9840084E8253582003CDCDCCF0055CC8A6F
MD5: 0f5ae6805ef05dbbe205e5b196cadf31
Determination: GOOD

C:\WINDOWS\System32\Drivers\L8042mou.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\L8042mou\ImagePath	System32\Drivers\L8042mou.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\L8042mou\ImagePath	C:\WINDOWS\System32\Drivers\L8042mou.sys
	Loaded from: FILE
PX5: CBA646A080F3CC17DA6000DCAA390B00945EA455
MD5: ee1c6c057a83f93ad9ae7cdf12f0baa0
Determination: GOOD

C:\WINDOWS\System32\Drivers\LBeepKE.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LBeepKE\ImagePath	System32\Drivers\LBeepKE.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LBeepKE\ImagePath	C:\WINDOWS\System32\Drivers\LBeepKE.sys
	Loaded from: FILE
PX5: EBB85D20809157230E0400F347F4CE00B79BCD14
MD5: 8a46225365a3e9d55cb8a7f27f016ba4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LHidKe\ImagePath	system32\DRIVERS\LHidKE.Sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LHidKe\ImagePath	C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
	Loaded from: FILE
PX5: 0D2053BB006DF4BC6A8300B08D48B000C617DD67
MD5: eaed22460dad9ccd9c9a58c78e717497
Determination: GOOD

C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LHidUsbK\ImagePath	System32\Drivers\LHidUsbK.Sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LHidUsbK\ImagePath	C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
	Loaded from: FILE
PX5: B1932A3A80334F1A8FAE0069CE10EA00BFC4DF78
MD5: f99fddb71da6a66ee2ebcc49f5bfadbb
Determination: GOOD

C:\WINDOWS\System32\Drivers\LMouKE.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LMouKE\ImagePath	System32\Drivers\LMouKE.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LMouKE\ImagePath	C:\WINDOWS\System32\Drivers\LMouKE.sys
	Loaded from: FILE
PX5: D9AC26DF00B4F303194601630F7D2C00B099B026
MD5: d1fd76ea56cd653d7b55a0fac96ee416
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\LVcKap.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LVcKap\ImagePath	system32\DRIVERS\LVcKap.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LVcKap\ImagePath	C:\WINDOWS\system32\DRIVERS\LVcKap.sys
	Loaded from: FILE
PX5: 2115905DA89448193E07186A89F669002CF03195
MD5: be26c16a7119385dbc875475c5b8dce4
Determination: GOOD

C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\LVSrvLauncher\ImagePath	C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LVSrvLauncher\ImagePath	C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
PX5: 0364C0B7288D1E026BB3016CD72AFB008D0FB3B8
MD5: 41a6800b3de184ea411efe8da02cc697
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mouclass.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Mouclass\ImagePath	system32\DRIVERS\mouclass.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Mouclass\ImagePath	C:\WINDOWS\system32\DRIVERS\mouclass.sys
	Loaded from: FILE
PX5: 7E80CA6A0038C59C5C6F0047F0E35500920EB276
MD5: c458e314b8722253897c94a714c2e0c0
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mouhid.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\mouhid\ImagePath	system32\DRIVERS\mouhid.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mouhid\ImagePath	C:\WINDOWS\system32\DRIVERS\mouhid.sys
	Loaded from: FILE
PX5: 2301F35080287EAB2F80000FDBBFFD00349EAF96
MD5: d7662f0cf5b77bbbe3202716f5bd5318
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MRxDAV\ImagePath	system32\DRIVERS\mrxdav.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxDAV\ImagePath	C:\WINDOWS\system32\DRIVERS\mrxdav.sys
	Loaded from: FILE
PX5: 2A28D206005617C9C4F8026FCC47BD006A62BA75
MD5: 46edcc8f2db2f322c24f48785cb46366
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MRxSmb\ImagePath	system32\DRIVERS\mrxsmb.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MRxSmb\ImagePath	C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
	Loaded from: FILE
PX5: 65A2AA0080B21F17E300065044F4DC004CE9A2A9
MD5: 1fd607fc67f7f7c633c3da65bfc53d18
Determination: GOOD

C:\WINDOWS\system32\msdtc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSDTC\ImagePath	C:\WINDOWS\system32\msdtc.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSDTC\ImagePath	C:\WINDOWS\system32\msdtc.exe
PX5: 3A5257C800292C38184B000639E3D800639539E0
MD5: 3124662b40761a3ef8f4254d2f32e3f4
Determination: GOOD

C:\WINDOWS\system32\msiexec.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSIServer\ImagePath	%systemroot%\system32\msiexec.exe /V
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSIServer\ImagePath	C:\WINDOWS\system32\msiexec.exe
PX5: 2199A4A600D88009341401C8D9AE0A004C78202A
MD5: f5f0146580e7023adb963879840777f8
Determination: GOOD

C:\WINDOWS\system32\drivers\MSKSSRV.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSKSSRV\ImagePath	system32\drivers\MSKSSRV.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSKSSRV\ImagePath	C:\WINDOWS\system32\drivers\MSKSSRV.sys
	Loaded from: FILE
PX5: 441E162B80A429811D1500CB9CEDF700CED69BEA
MD5: ae431a8dd3c1d0d0610cdbac16057ad0
Determination: GOOD

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSPCLOCK\ImagePath	system32\drivers\MSPCLOCK.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPCLOCK\ImagePath	C:\WINDOWS\system32\drivers\MSPCLOCK.sys
	Loaded from: FILE
PX5: 3656535900693AA115D1001337247B009D5BCE4B
MD5: 13e75fef9dfeb08eeded9d0246e1f448
Determination: GOOD

C:\WINDOWS\system32\drivers\MSPQM.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSPQM\ImagePath	system32\drivers\MSPQM.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSPQM\ImagePath	C:\WINDOWS\system32\drivers\MSPQM.sys
	Loaded from: FILE
PX5: 5D7EA63E804A637C13CA0078C414AC000E912E93
MD5: 1988a33ff19242576c3d0ef9ce785da7
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\mssmbios\ImagePath	system32\DRIVERS\mssmbios.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\mssmbios\ImagePath	C:\WINDOWS\system32\DRIVERS\mssmbios.sys
	Loaded from: FILE
PX5: 5C75220680F731D03C3D001BD399CC00D7DBED29
MD5: 469541f8bfd2b32659d5d463a6714bce
Determination: GOOD

C:\WINDOWS\system32\drivers\MSTEE.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\MSTEE\ImagePath	system32\drivers\MSTEE.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MSTEE\ImagePath	C:\WINDOWS\system32\drivers\MSTEE.sys
	Loaded from: FILE
PX5: EF9F4FE18003FE44154E00AC0DDE6800FF407119
MD5: bf13612142995096ab084f2db7f40f77
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NABTSFEC\ImagePath	system32\DRIVERS\NABTSFEC.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NABTSFEC\ImagePath	C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
	Loaded from: FILE
PX5: 37E661E8803A144B4DFD01732787D600D94FD14F
MD5: 5c8dc6429c43dc6177c1fa5b76290d1a
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\NdisIP.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NdisIP\ImagePath	system32\DRIVERS\NdisIP.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisIP\ImagePath	C:\WINDOWS\system32\DRIVERS\NdisIP.sys
	Loaded from: FILE
PX5: 92D82929807F4CDE2A6000D7EF7E8C008BDE37E2
MD5: 520ce427a8b298f54112857bcf6bde15
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NdisTapi\ImagePath	system32\DRIVERS\ndistapi.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisTapi\ImagePath	C:\WINDOWS\system32\DRIVERS\ndistapi.sys
	Loaded from: FILE
PX5: 25AEC9EA809D4D4825A500A2A9E22F00CCB1FFC8
MD5: 08d43bbdacdf23f34d79e44ed35c1b4c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ndisuio\ImagePath	system32\DRIVERS\ndisuio.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ndisuio\ImagePath	C:\WINDOWS\system32\DRIVERS\ndisuio.sys
	Loaded from: FILE
PX5: 0BF3AB388038D73732EB00A9A855ED006D3C0384
MD5: 34d6cd56409da9a7ed573e1c90a308bf
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NdisWan\ImagePath	system32\DRIVERS\ndiswan.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NdisWan\ImagePath	C:\WINDOWS\system32\DRIVERS\ndiswan.sys
	Loaded from: FILE
PX5: 304E26E9803B344266FF0104DAA0B500E6B358BD
MD5: 0b90e255a9490166ab368cd55a529893
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\netbios.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetBIOS\ImagePath	system32\DRIVERS\netbios.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBIOS\ImagePath	C:\WINDOWS\system32\DRIVERS\netbios.sys
	Loaded from: FILE
PX5: 6F5EDA40008AE18787EB007972CAB100F174D35C
MD5: 3a2aca8fc1d7786902ca434998d7ceb4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\netbt.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetBT\ImagePath	system32\DRIVERS\netbt.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetBT\ImagePath	C:\WINDOWS\system32\DRIVERS\netbt.sys
	Loaded from: FILE
PX5: 7D3B6A2A0069D5737CDE020A47DE6F00F472D659
MD5: 0c80e410cd2f47134407ee7dd19cc86b
Determination: GOOD

C:\WINDOWS\system32\netdde.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetDDE\ImagePath	%SystemRoot%\system32\netdde.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NetDDEdsdm\ImagePath	%SystemRoot%\system32\netdde.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDE\ImagePath	C:\WINDOWS\system32\netdde.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NetDDEdsdm\ImagePath	C:\WINDOWS\system32\netdde.exe
PX5: AAA3C89900BB76ABBADC01BFB3AC1B00E2E8A55F
MD5: de62ee316fab09de3d7a5180f0775abf
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\nic1394.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NIC1394\ImagePath	system32\DRIVERS\nic1394.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NIC1394\ImagePath	C:\WINDOWS\system32\DRIVERS\nic1394.sys
	Loaded from: FILE
PX5: 720917AF800A6EE8F12400F5E9C6E000F750E215
MD5: 5c5c53db4fef16cf87b9911c7e8c6fbc
Determination: GOOD

C:\WINDOWS\system32\drivers\nmwcd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\nmwcd\ImagePath	system32\drivers\nmwcd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nmwcd\ImagePath	C:\WINDOWS\system32\drivers\nmwcd.sys
	Loaded from: FILE
PX5: 01E5F55E00B5EC1F18E902A53CBC6D008D784DAC
MD5: 696b37ea78f9d9767a2f18ba0304a51a
Determination: GOOD

C:\WINDOWS\system32\drivers\nmwcdc.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\nmwcdc\ImagePath	system32\drivers\nmwcdc.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nmwcdc\ImagePath	C:\WINDOWS\system32\drivers\nmwcdc.sys
	Loaded from: FILE
PX5: 1200695E80C76BA420DC0093EE400500655EC61D
MD5: bbb6010fc01d9239d88fcdf133e03ff0
Determination: GOOD

C:\WINDOWS\system32\drivers\nmwcdcj.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\nmwcdcj\ImagePath	system32\drivers\nmwcdcj.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nmwcdcj\ImagePath	C:\WINDOWS\system32\drivers\nmwcdcj.sys
	Loaded from: FILE
PX5: A78A4A5400169D09308900CFF28935002A920FB4
MD5: 4c3726467d67483f054c88f058e9c153
Determination: GOOD

C:\WINDOWS\system32\drivers\nmwcdcm.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\nmwcdcm\ImagePath	system32\drivers\nmwcdcm.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nmwcdcm\ImagePath	C:\WINDOWS\system32\drivers\nmwcdcm.sys
	Loaded from: FILE
PX5: A78A4A5400169D09308900CFF28935002A920FB4
MD5: 4c3726467d67483f054c88f058e9c153
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\nv\ImagePath	system32\DRIVERS\nv4_mini.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\nv\ImagePath	C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
	Loaded from: FILE
PX5: 93F08891205D8DCBB34D57DF3BF863002AA1D997
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NwlnkFlt\ImagePath	system32\DRIVERS\nwlnkflt.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFlt\ImagePath	C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
	Loaded from: FILE
PX5: A826BA3A803B83AE30C000488911C200DC3CA878
MD5: b305f3fad35083837ef46a0bbce2fc57
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\NwlnkFwd\ImagePath	system32\DRIVERS\nwlnkfwd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NwlnkFwd\ImagePath	C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
	Loaded from: FILE
PX5: B9B73139006979BB7FBC0031EA7E320032D237D0
MD5: c99b3415198d1aab7227f2c88fd664b9
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ohci1394.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ohci1394\ImagePath	system32\DRIVERS\ohci1394.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ohci1394\ImagePath	C:\WINDOWS\system32\DRIVERS\ohci1394.sys
	Loaded from: FILE
PX5: 4A6E8F7F8033FF34EE4200E871B4F300047CEC38
MD5: 0951db8e5823ea366b0e408d71e1ba2a
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ose\ImagePath	"C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ose\ImagePath	C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
PX5: F61B8D0330B79FF65C6601A611B00C00EFE13B0C
MD5: 7a56cf3e3f12e8af599963b16f50fb6a
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\parport.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Parport\ImagePath	system32\DRIVERS\parport.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Parport\ImagePath	C:\WINDOWS\system32\DRIVERS\parport.sys
	Loaded from: FILE
PX5: 4A82394D8019443A393C017F618C1500973C174B
MD5: 3490ead0612bfd0e7c1b864ee24e6a4a
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\pci.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PCI\ImagePath	system32\DRIVERS\pci.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCI\ImagePath	C:\WINDOWS\system32\DRIVERS\pci.sys
	Loaded from: FILE
PX5: 9DA3602E807459480C5D01595A918400CA482387
MD5: 91fc1d483d900b1c0600a08b871c39d5
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\pciide.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PCIIde\ImagePath	system32\DRIVERS\pciide.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PCIIde\ImagePath	C:\WINDOWS\system32\DRIVERS\pciide.sys
	Loaded from: FILE
PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14
MD5: b2df00d650fd6c4ee781740ed3c8e67f
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\raspptp.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PptpMiniport\ImagePath	system32\DRIVERS\raspptp.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PptpMiniport\ImagePath	C:\WINDOWS\system32\DRIVERS\raspptp.sys
	Loaded from: FILE
PX5: F406FA260016D348BD2800EFDBDF52003203F53C
MD5: 1c5cc65aac0783c344f16353e60b72ac
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\psched.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PSched\ImagePath	system32\DRIVERS\psched.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PSched\ImagePath	C:\WINDOWS\system32\DRIVERS\psched.sys
	Loaded from: FILE
PX5: C7C1320E008655110E77011715C66E0009C5AE75
MD5: 48671f327553dcf1d27f6197f622a668
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\ptilink.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Ptilink\ImagePath	system32\DRIVERS\ptilink.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ptilink\ImagePath	C:\WINDOWS\system32\DRIVERS\ptilink.sys
	Loaded from: FILE
PX5: F96F182D805891FA452B007EBD870E004C25BA07
MD5: 80d317bd1c3dbc5d4fe7b1678c60cadd
Determination: GOOD

C:\WINDOWS\system32\drivers\pxark.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\pxark\ImagePath	\??\C:\WINDOWS\system32\drivers\pxark.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\pxark\ImagePath	C:\WINDOWS\system32\drivers\pxark.sys
	Loaded from: FILE
PX5: 87296EB280D7F1DA296B00CB462B950061E4FEFB
MD5: d2b5e899d78c0fb0dd290d62b36f333e
Determination: GOOD

C:\WINDOWS\System32\Drivers\PxHelp20.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\PxHelp20\ImagePath	System32\Drivers\PxHelp20.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PxHelp20\ImagePath	C:\WINDOWS\System32\Drivers\PxHelp20.sys
	Loaded from: FILE
PX5: CEED5A5408FE9DE2AA3300585AD0A300BEEAAC3B
MD5: d86b4a68565e444d76457f14172c875a
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\OVCD.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\QCDonner\ImagePath	system32\DRIVERS\OVCD.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\QCDonner\ImagePath	C:\WINDOWS\system32\DRIVERS\OVCD.sys
	Loaded from: FILE
PX5: 12A839AB800374FA6D1300F7CE461F00391FF9A0
MD5: fddd1aeb9f81ef1e6e48ae1edc2a97d6
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rasacd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasAcd\ImagePath	system32\DRIVERS\rasacd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAcd\ImagePath	C:\WINDOWS\system32\DRIVERS\rasacd.sys
	Loaded from: FILE
PX5: EF519CA180B540A42200002C4F06E3005372DD33
MD5: fe0d99d6f31e4fad8159f690d68ded9c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Rasl2tp\ImagePath	system32\DRIVERS\rasl2tp.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rasl2tp\ImagePath	C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
	Loaded from: FILE
PX5: C15C1546804EC8E6C8410037F34FAD00B1FBF6DF
MD5: 98faeb4a4dcf812ba1c6fca4aa3e115c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RasPppoe\ImagePath	system32\DRIVERS\raspppoe.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasPppoe\ImagePath	C:\WINDOWS\system32\DRIVERS\raspppoe.sys
	Loaded from: FILE
PX5: A8F2C94800B2E031A21A00F0EC682E009B5794D5
MD5: 7306eeed8895454cbed4669be9f79faa
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\raspti.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Raspti\ImagePath	system32\DRIVERS\raspti.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Raspti\ImagePath	C:\WINDOWS\system32\DRIVERS\raspti.sys
	Loaded from: FILE
PX5: 506F10F380FEE57C406900BE351741009F00F0DE
MD5: fdbb1d60066fcfbb7452fd8f9829b242
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rdbss.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Rdbss\ImagePath	system32\DRIVERS\rdbss.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Rdbss\ImagePath	C:\WINDOWS\system32\DRIVERS\rdbss.sys
	Loaded from: FILE
PX5: 5F844D0780EA8079B1FB02785D7F63004D612A18
MD5: 29d66245adba878fff574cd66abd2884
Determination: GOOD

C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RDPCDD\ImagePath	System32\DRIVERS\RDPCDD.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDPCDD\ImagePath	C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
	Loaded from: FILE
PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74
MD5: 4912d5b403614ce99c28420f75353332
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\rdpdr\ImagePath	system32\DRIVERS\rdpdr.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\rdpdr\ImagePath	C:\WINDOWS\system32\DRIVERS\rdpdr.sys
	Loaded from: FILE
PX5: 02477783007980B5019E03607F7E03003B692115
MD5: a2cae2c60bc37e0751ef9dda7ceaf4ad
Determination: GOOD

C:\WINDOWS\system32\sessmgr.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RDSessMgr\ImagePath	C:\WINDOWS\system32\sessmgr.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RDSessMgr\ImagePath	C:\WINDOWS\system32\sessmgr.exe
PX5: 2C67C68B0020C05D2C3E02893D0F09005D1CF7F5
MD5: cc0693c481502844a24ef71b90a7195e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\redbook.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\redbook\ImagePath	system32\DRIVERS\redbook.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\redbook\ImagePath	C:\WINDOWS\system32\DRIVERS\redbook.sys
	Loaded from: FILE
PX5: AEF2FC7D804F986FE3C7004FF2D91D0029FD0FC2
MD5: a8eee004a16af1d583d9de9f6de250e0
Determination: GOOD

C:\WINDOWS\system32\locator.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RpcLocator\ImagePath	%SystemRoot%\system32\locator.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcLocator\ImagePath	C:\WINDOWS\system32\locator.exe
PX5: C3C0A8550045DDC726E601EBB10B83000E4A4556
MD5: 33a8f0fe0005b2d79df53441679f5149
Determination: GOOD

C:\WINDOWS\system32\rsvp.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RSVP\ImagePath	%SystemRoot%\system32\rsvp.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RSVP\ImagePath	C:\WINDOWS\system32\rsvp.exe
PX5: 2057508700E163D906880231F30F2D00E5519440
MD5: dce0d20f8fb66df41d53734bff9d66f0
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\RTLE8023xp\ImagePath	system32\DRIVERS\Rtenicxp.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RTLE8023xp\ImagePath	C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
	Loaded from: FILE
PX5: 5D0CB79580FA7B97618D01CD7C74DB000F6CE944
MD5: 098de621085d7f922871a99b0ec7ddd6
Determination: GOOD

C:\WINDOWS\System32\SCardSvr.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SCardSvr\ImagePath	%SystemRoot%\System32\SCardSvr.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SCardSvr\ImagePath	C:\WINDOWS\System32\SCardSvr.exe
PX5: FFC6D19800BAA7847E46014ECC3CD200949D4E12
MD5: 74b1e7fcfca9a3a23871aa014144013e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\secdrv.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Secdrv\ImagePath	system32\DRIVERS\secdrv.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Secdrv\ImagePath	C:\WINDOWS\system32\DRIVERS\secdrv.sys
	Loaded from: FILE
PX5: 6C1F33AD30B48B8F6BBC0037A0F8A400F11BD786
MD5: d26e26ea516450af9d072635c60387f4
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\serenum.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\serenum\ImagePath	system32\DRIVERS\serenum.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\serenum\ImagePath	C:\WINDOWS\system32\DRIVERS\serenum.sys
	Loaded from: FILE
PX5: 4F3C7EAD801665B83CEF00E324D68C009966C2DD
MD5: a2d868aeeff612e70e213c451a70cafb
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\serial.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Serial\ImagePath	system32\DRIVERS\serial.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Serial\ImagePath	C:\WINDOWS\system32\DRIVERS\serial.sys
	Loaded from: FILE
PX5: 84269A0C80DA4AE9020E01315B99420097A96A32
MD5: dbab3260e7eb3398cb87267d1410fad4
Determination: GOOD

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\ServiceLayer\ImagePath	"C:\Programmi\PC Connectivity Solution\ServiceLayer.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ServiceLayer\ImagePath	C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
PX5: B5994D6E0065BB8796F304CE0A911000AFA4AE5D
MD5: 019ab047b932ad277a4da2673e5cc19c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\sfloppy.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Sfloppy\ImagePath	system32\DRIVERS\sfloppy.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Sfloppy\ImagePath	C:\WINDOWS\system32\DRIVERS\sfloppy.sys
	Loaded from: FILE
PX5: 6884E1AE807AAB872CD300DC197E0C00B015D834
MD5: 0d13b6df6e9e101013a7afb0ce629fe0
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\SLIP.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SLIP\ImagePath	system32\DRIVERS\SLIP.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SLIP\ImagePath	C:\WINDOWS\system32\DRIVERS\SLIP.sys
	Loaded from: FILE
PX5: C05453A580D50DE62B1A00E6C96F380022C2D117
MD5: 5caeed86821fa2c6139e32e9e05ccdc9
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SONYPVU1\ImagePath	system32\DRIVERS\SONYPVU1.SYS
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SONYPVU1\ImagePath	C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
	Loaded from: FILE
PX5: 49228A1D80759C6F1DA00083AB639C0054C27DB1
MD5: a1eceeaa5c5e74b2499eb51d38185b84
Determination: GOOD

C:\WINDOWS\system32\drivers\splitter.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\splitter\ImagePath	system32\drivers\splitter.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\splitter\ImagePath	C:\WINDOWS\system32\drivers\splitter.sys
	Loaded from: FILE
PX5: 7680ED1C00E4BEB7199C001CC7BB00005C1626B5
MD5: 8e186b8f23295d1e42c573b82b80d548
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\sr.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\sr\ImagePath	system32\DRIVERS\sr.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sr\ImagePath	C:\WINDOWS\system32\DRIVERS\sr.sys
	Loaded from: FILE
PX5: 4D90659E00D8A4771F1A013E6E421F00F36027A5
MD5: 896f566afc498077172eae8a50e8baf8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\srv.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Srv\ImagePath	system32\DRIVERS\srv.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Srv\ImagePath	C:\WINDOWS\system32\DRIVERS\srv.sys
	Loaded from: FILE
PX5: 78EFCD908068AB1521EF0590A8538B00DBC84A4F
MD5: 20b7e396720353e4117d64d9dcb926ca
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\StreamIP.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\streamip\ImagePath	system32\DRIVERS\StreamIP.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\streamip\ImagePath	C:\WINDOWS\system32\DRIVERS\StreamIP.sys
	Loaded from: FILE
PX5: 37C869AE00A1D1423CD000F9D66948002AC47A8D
MD5: 284c57df5dc7abca656bc2b96a667afb
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\swenum.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\swenum\ImagePath	system32\DRIVERS\swenum.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swenum\ImagePath	C:\WINDOWS\system32\DRIVERS\swenum.sys
	Loaded from: FILE
PX5: FDB253C8004ADC8E110200CB82EF3C003BACCEF1
MD5: 03c1bae4766e2450219d20b993d6e046
Determination: GOOD

C:\WINDOWS\system32\drivers\swmidi.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\swmidi\ImagePath	system32\drivers\swmidi.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\swmidi\ImagePath	C:\WINDOWS\system32\drivers\swmidi.sys
	Loaded from: FILE
PX5: D73823E800EBA9D4D48400057CBBEE004EA1E5C8
MD5: 94abc808fc4b6d7d2bbf42b85e25bb4d
Determination: GOOD

C:\WINDOWS\system32\drivers\sysaudio.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\sysaudio\ImagePath	system32\drivers\sysaudio.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\sysaudio\ImagePath	C:\WINDOWS\system32\drivers\sysaudio.sys
	Loaded from: FILE
PX5: 23CF2276806778A5EDCF00D9512FDE00BB195FEF
MD5: 650ad082d46bac0e64c9c0e0928492fd
Determination: GOOD

C:\WINDOWS\system32\smlogsvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\SysmonLog\ImagePath	%SystemRoot%\system32\smlogsvc.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SysmonLog\ImagePath	C:\WINDOWS\system32\smlogsvc.exe
PX5: C0E6801A0095AB606A660128541E440050C06325
MD5: bc8b8694def74b4e6c626322d4321a54
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\tcpip.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Tcpip\ImagePath	system32\DRIVERS\tcpip.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Tcpip\ImagePath	C:\WINDOWS\system32\DRIVERS\tcpip.sys
	Loaded from: FILE
PX5: 9B98417C80D576637AFA05B3DB10C5007C1B8E5D
MD5: 9f4b36614a0fc234525ba224957de55c
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\termdd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TermDD\ImagePath	system32\DRIVERS\termdd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermDD\ImagePath	C:\WINDOWS\system32\DRIVERS\termdd.sys
	Loaded from: FILE
PX5: 3111E3EA882052CE9F39002D38F46900A7415306
MD5: a540a99c281d933f3d69d55e48727f47
Determination: GOOD

C:\WINDOWS\system32\tlntsvr.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\TlntSvr\ImagePath	C:\WINDOWS\system32\tlntsvr.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TlntSvr\ImagePath	C:\WINDOWS\system32\tlntsvr.exe
PX5: F869AF89008EB51B24EC0113A0DCBB001FBDD7D2
MD5: 2a9daaef2cc0333db6f129f2f8b3d3fd
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\update.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Update\ImagePath	system32\DRIVERS\update.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Update\ImagePath	C:\WINDOWS\system32\DRIVERS\update.sys
	Loaded from: FILE
PX5: B35240AB00E3291D321603412D8E98007B007A17
MD5: aff2e5045961bbc0a602bb6f95eb1345
Determination: GOOD

C:\WINDOWS\System32\ups.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\UPS\ImagePath	%SystemRoot%\System32\ups.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\UPS\ImagePath	C:\WINDOWS\System32\ups.exe
PX5: B1B748F7000750CB484000B4D1F04D00484BD2C2
MD5: e4896f38a3f8dacea6ea8d7ec9889d91
Determination: GOOD

C:\WINDOWS\system32\drivers\usbaudio.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbaudio\ImagePath	system32\drivers\usbaudio.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbaudio\ImagePath	C:\WINDOWS\system32\drivers\usbaudio.sys
	Loaded from: FILE
PX5: FF94AD3180F83D9CE71F009B89049300D8E6B2BA
MD5: 45a0d14b26c35497ad93bce7e15c9941
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbccgp.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbccgp\ImagePath	system32\DRIVERS\usbccgp.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbccgp\ImagePath	C:\WINDOWS\system32\DRIVERS\usbccgp.sys
	Loaded from: FILE
PX5: 3051DD5F80B0E02D7BC400CFE2D7F10086CC5663
MD5: bffd9f120cc63bcbaa3d840f3eef9f79
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbehci.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbehci\ImagePath	system32\DRIVERS\usbehci.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbehci\ImagePath	C:\WINDOWS\system32\DRIVERS\usbehci.sys
	Loaded from: FILE
PX5: 42E57CAC00DC4FAF684000867EE93C003087E4F7
MD5: 15e993ba2f6946b2bfbbfcd30398621e
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbhub.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbhub\ImagePath	system32\DRIVERS\usbhub.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbhub\ImagePath	C:\WINDOWS\system32\DRIVERS\usbhub.sys
	Loaded from: FILE
PX5: 1972CD35009EF197E1E10053A918EE0090181966
MD5: c72f40947f92cea56a8fb532edf025f1
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbprint.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbprint\ImagePath	system32\DRIVERS\usbprint.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbprint\ImagePath	C:\WINDOWS\system32\DRIVERS\usbprint.sys
	Loaded from: FILE
PX5: C449F0710094064A6580004CDAAF0B00CAA1349A
MD5: a42369b7cd8886cd7c70f33da6fcbcf5
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbscan.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbscan\ImagePath	system32\DRIVERS\usbscan.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbscan\ImagePath	C:\WINDOWS\system32\DRIVERS\usbscan.sys
	Loaded from: FILE
PX5: A345B33E004758873B29000DE02C9B00A6455141
MD5: a6bc71402f4f7dd5b77fd7f4a8ddba85
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbstor\ImagePath	system32\DRIVERS\USBSTOR.SYS
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbstor\ImagePath	C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
	Loaded from: FILE
PX5: 6135CAAA80509344675C002A218295006093CEAA
MD5: 6cd7b22193718f1d17a47a1cd6d37e75
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usbuhci\ImagePath	system32\DRIVERS\usbuhci.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usbuhci\ImagePath	C:\WINDOWS\system32\DRIVERS\usbuhci.sys
	Loaded from: FILE
PX5: 4756F37D00016D8B5030004DF844F10054C11836
MD5: f8fd1400092e23c8f2f31406ef06167b
Determination: GOOD

C:\Programmi\MSN Messenger\usnsvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\usnjsvc\ImagePath	"C:\Programmi\MSN Messenger\usnsvc.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usnjsvc\ImagePath	C:\Programmi\MSN Messenger\usnsvc.exe
PX5: 5ADE8CB4702068007B8E0103793683003D23EE98
MD5: c5b70a6aa947667ce0e5fc84a05ec8b6
Determination: GOOD

C:\WINDOWS\System32\drivers\vga.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VgaSave\ImagePath	\SystemRoot\System32\drivers\vga.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VgaSave\ImagePath	C:\WINDOWS\System32\drivers\vga.sys
	Loaded from: FILE
PX5: 14B18202007EA0B752C8003693833D00BCED634F
MD5: 8a60edd72b4ea5aea8202daf0e427925
Determination: GOOD

C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VIRAGTLT\ImagePath	system32\drivers\VIRAGTLT.SYS
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VIRAGTLT\ImagePath	C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
	Loaded from: FILE
PX5: C2B259410067E6FB8D7C0079F01FA60004D4401F
MD5: 534605704173f98a601bea7938fcb43d
Determination: GOOD

C:\WINDOWS\system32\Shadow.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\(default)	MS Software Shadow Copy provider 1.0
PX5: 44E2E9FB00305E993C75009C1FBF8F00D582F681
MD5: f67f896ba60045fa0b5663a7f2003dce
Determination: GOOD

C:\WINDOWS\System32\vssvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\VSS\ImagePath	%SystemRoot%\System32\vssvc.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\VSS\ImagePath	C:\WINDOWS\System32\vssvc.exe
PX5: F8FD01E1006746AE7C9C04ADE2180F00B254A617
MD5: 147c653ad61bd01556723b3c8c4fafc8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\wanarp.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\Wanarp\ImagePath	system32\DRIVERS\wanarp.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Wanarp\ImagePath	C:\WINDOWS\system32\DRIVERS\wanarp.sys
	Loaded from: FILE
PX5: D61BDDFF00BF41D487E5002B87E94900EE92AF43
MD5: 984ef0b9788abf89974cfed4bfbaacbc
Determination: GOOD

C:\WINDOWS\system32\drivers\wdmaud.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\wdmaud\ImagePath	system32\drivers\wdmaud.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wdmaud\ImagePath	C:\WINDOWS\system32\drivers\wdmaud.sys
	Loaded from: FILE
PX5: D07DA58400362D6244D2017E5C98E200FC9762AC
MD5: 2797f33ebf50466020c430ee4f037933
Determination: GOOD

C:\Programmi\Windows Live\installer\WLSetupSvc.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WLSetupSvc\ImagePath	"C:\Programmi\Windows Live\installer\WLSetupSvc.exe"
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WLSetupSvc\ImagePath	C:\Programmi\Windows Live\installer\WLSetupSvc.exe
PX5: 2D572DB3008F010D10110431BDE6C6002A62A0E0
MD5: 94a85e956a065e23e0010a6a7826243b
Determination: GOOD

C:\WINDOWS\system32\wbem\wmiapsrv.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WmiApSrv\ImagePath	C:\WINDOWS\system32\wbem\wmiapsrv.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmiApSrv\ImagePath	C:\WINDOWS\system32\wbem\wmiapsrv.exe
PX5: A8EB9B0C007C19C1EE9501FD1D31580061EB57F5
MD5: 0ee2a2754039b13a632489726689dad0
Determination: GOOD

C:\Programmi\Windows Media Player\WMPNetwk.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WMPNetworkSvc\ImagePath	C:\Programmi\Windows Media Player\WMPNetwk.exe
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WMPNetworkSvc\ImagePath	C:\Programmi\Windows Media Player\WMPNetwk.exe
PX5: FC73B38200A9D610A0180C715584630040C97B3F
MD5: 445b34acbe9bbbe5572882eecfd7e95d
Determination: GOOD

C:\WINDOWS\System32\drivers\ws2ifsl.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WS2IFSL\ImagePath	\SystemRoot\System32\drivers\ws2ifsl.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WS2IFSL\ImagePath	C:\WINDOWS\System32\drivers\ws2ifsl.sys
	Loaded from: FILE
PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545
MD5: 6abe6e225adb5a751622a9cc3bc19ce8
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WSTCODEC\ImagePath	system32\DRIVERS\WSTCODEC.SYS
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WSTCODEC\ImagePath	C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
	Loaded from: FILE
PX5: B2CFBF068074D4084BB4001A2B9A35007D8AF7A1
MD5: d5842484f05e12121c511aa93f6439ec
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WudfPf\ImagePath	system32\DRIVERS\WudfPf.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfPf\ImagePath	C:\WINDOWS\system32\DRIVERS\WudfPf.sys
	Loaded from: FILE
PX5: 36AA88DB0089F0502B3E0152E1D2DD00614F0BA1
MD5: 50eb9e21963b4f06fd010d007d54351b
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Services\WudfRd\ImagePath	system32\DRIVERS\wudfrd.sys
	Loaded from: \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfRd\ImagePath	C:\WINDOWS\system32\DRIVERS\wudfrd.sys
	Loaded from: FILE
PX5: 8A8F30350082CC51434301D0F97D39008AC35FC3
MD5: 6e209664bdea8a15b5e8e480d6c607c2
Determination: GOOD

C:\WINDOWS\system32\userinit.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit	C:\WINDOWS\system32\userinit.exe
PX5: 33A4BB2F001DA1EB620B00510674AE00F15A5361
MD5: c1e7fe19f98a877bf8f941bf48148695
Determination: GOOD

C:\WINDOWS\system32\logonui.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost	logonui.exe
PX5: 6B3184960083D65DDE0B0761A134100078FE806C
MD5: 43bdf167ce792a5639d99ad7f1eabc1c
Determination: GOOD

C:\WINDOWS\system32\sysdm.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet	rundll32 shell32,Control_RunDLL "sysdm.cpl"
PX5: 77D613BF00DD23AB9A92044AE70A3A00F8BE273E
MD5: ab25117d8498730753b25bf32d7836d6
Determination: GOOD

C:\WINDOWS\system32\autochk.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Session Manager\BootExecute	autocheck
PX5: 38890F3300760B775A86096430A56A00DB68AE82
MD5: 779768a0a8091edb749dcb8fe60213e1
Determination: GOOD

C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\KeyFileName	C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll
PX5: 18FDF0650029FF2F9067038B74E5FB00E6236711
MD5: 1fc79cf17eca1f4e0fc784abb8d72c31
Determination: GOOD

C:\WINDOWS\system32\msieftp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}\KeyFileName	C:\WINDOWS\system32\msieftp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63da6ec0-2e98-11cf-8d82-444553540000}	FTP Folders Webview
PX5: 44133DFB00C5C1B9D64903B9EB9B6E00A95E5477
MD5: 9ba0424bf46a751e9f68829a9afbe680
Determination: GOOD

C:\WINDOWS\inf\unregmp2.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath	C:\WINDOWS\inf\unregmp2.exe /ShowWMP
PX5: 8B58A3C900CA5785C6200262AB98A6000F3733D8
MD5: 91dd11541d708b8bab5aad80c71b202d
Determination: GOOD

C:\WINDOWS\system32\shmgrate.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\StubPath	%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\StubPath	%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
PX5: 20602ECB00AD0F89A6D6007CC62E8E00FE74C13B
MD5: f8cbcdaa8c509f6a424834fe51956e21
Determination: GOOD

C:\WINDOWS\system32\IEDKCS32.DLL
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\StubPath	RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}\DllName	iedkcs32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\DllName	iedkcs32.dll
PX5: FE6CE44B003461A1F06E045F06C65A008605BA00
MD5: d99df44836fd20faa6b608a9cee60f5f
Determination: GOOD

C:\WINDOWS\system32\regsvr32.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\StubPath	%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\StubPath	regsvr32.exe /s /n /i:U shell32.dll
PX5: 9F2DE48F0086912530FD001A3E083800D58E0872
MD5: da9623d7e0ca24dd3e08523287e05a4c
Determination: GOOD

C:\Programmi\Outlook Express\setup50.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\StubPath	"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}\StubPath	"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
PX5: 990052A900467F972069015D0AA93E00C6116D6B
MD5: 5565e7539564f955441de6fdcbe447a9
Determination: GOOD

C:\WINDOWS\system32\ie4uinit.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\StubPath	%SystemRoot%\system32\ie4uinit.exe
PX5: 77DF5E7B005FEC32864A001224995700729F5FAF
MD5: 452fa07dd74200ad8bdadd145487f653
Determination: GOOD

C:\WINDOWS\system32\mscories.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\StubPath	C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
PX5: 652959240095250822A60140F37F47001792531A
MD5: 46e55aea48bad9297df685c722619bd6
Determination: GOOD

C:\WINDOWS\system32\logon.scr
	Loaded from: \REGISTRY\User\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE	logon.scr
	Loaded from: \REGISTRY\User\S-1-5-19\Control Panel\Desktop\SCRNSAVE.EXE	%SystemRoot%\System32\logon.scr
	Loaded from: \REGISTRY\User\S-1-5-20\Control Panel\Desktop\SCRNSAVE.EXE	%SystemRoot%\System32\logon.scr
	Loaded from: \REGISTRY\User\S-1-5-18\Control Panel\Desktop\SCRNSAVE.EXE	logon.scr
PX5: 509D0B6F00114C175E1803F3B4819D004996445C
MD5: 6fa8411d60c4faee5102eee1367ab34d
Determination: GOOD

C:\WINDOWS\system32\gptext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}\DllName	gptext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}\DllName	gptext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\DllName	gptext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}\DllName	gptext.dll
PX5: 3937BBDB001CF5150EDE03108010A6002700AFB6
MD5: f286c70f59f434b6ddbab5738b6b029b
Determination: GOOD

C:\WINDOWS\system32\fdeploy.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}\DllName	fdeploy.dll
PX5: 4B245433003392E32A140131FF3EF30000999A70
MD5: b4767457d286ebb4767c5ec1df9a7424
Determination: GOOD

C:\WINDOWS\system32\dskquota.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\DllName	dskquota.dll
PX5: 67A29FF30003BFCF6E3801450DA1040095E8819B
MD5: 78b72d69ee065560a89b7ece65ed7e2c
Determination: GOOD

C:\WINDOWS\system32\appmgmts.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\DllName	appmgmts.dll
PX5: D38F92810065B7EDAC840228F23E3C004E625C37
MD5: 00e50cd4d9247cb56efc1360c32ab755
Determination: GOOD

C:\WINDOWS\system32\sclgntfy.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\DllName	sclgntfy.dll
PX5: 164435B300B5B4E0548400AA1F6E0800C2CDD06A
MD5: 5ff2551a3d740476f06b20f59cd7f0be
Determination: GOOD

C:\WINDOWS\system32\comm.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\comm.drv	comm.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 0D8B262B3068553F296F004B25B4F300F3172575
MD5: 01b656374912d7ccf7465a3893f18982
Determination: GOOD

C:\WINDOWS\system32\vga.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\display.drv	vga.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14
MD5: 9c86bbb80450af95b6a4ea8ebda93d76
Determination: GOOD

C:\WINDOWS\system32\mmsystem.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\drivers	mmsystem.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: B7018ADE208113FC103101C8EB6DD700B1D99765
MD5: 7b3633a771ffad1cfb8d999fb5fc2687
Determination: GOOD

C:\WINDOWS\system32\keyboard.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\keyboard.drv	keyboard.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14
MD5: ed4bf709aad8b665075de06a0945b030
Determination: GOOD

C:\WINDOWS\system32\mouse.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\mouse.drv	mouse.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14
MD5: 7d29780ac88bb7292cdcff71ba67433d
Determination: GOOD

C:\WINDOWS\system32\wfwnet.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\network.drv	wfwnet.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: E9641F0220200734353000D28FC59A003BEC664C
MD5: 5302ada9b0793c84151fc463dd65d7bf
Determination: GOOD

C:\WINDOWS\system32\progman.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\shell	progman.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: C0D0815600445D69AC3B01B2DAB067005DE0E11A
MD5: df0960f73f899d517ffe5a96f8715e0e
Determination: GOOD

C:\WINDOWS\system32\sound.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\sound.drv	sound.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: E70CAE91D00DCE52067C00647C846400B79BCD14
MD5: 028a1f74926dc3df2d9629edc9aebafb
Determination: GOOD

C:\WINDOWS\system32\system.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot\system.drv	system.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14
MD5: 4a00d59ae6d75bdfc2c8e5182c4b1376
Determination: GOOD

C:\WINDOWS\system32\ntvdm.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\cmdline	%SystemRoot%\system32\ntvdm.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\wowcmdline	%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
PX5: DFD881F400018F016A4F06473E7EAA001AE7779E
MD5: 0fea136cc628c6182e91598f7990229c
Determination: GOOD

C:\WINDOWS\system32\krnl386.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\wowcmdline	%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
PX5: 01F6A66B6040DCB569EA013E85A2EE004745F621
MD5: 5400c4565b1b7f811b7010a92134476b
Determination: GOOD

C:\WINDOWS\system32\commdlg.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1
MD5: 282c6a1e0565458ce162c907a84043f4
Determination: GOOD

C:\WINDOWS\system32\ctl3dv2.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: C84734B440655DC66A4D00304EF8AC0014627D07
MD5: 637d88e7a1bedc4457c80dbc8ba9f135
Determination: GOOD

C:\WINDOWS\system32\ddeml.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C
MD5: bf6529de6619c4970e727f58e0ad48d1
Determination: GOOD

C:\WINDOWS\system32\lanman.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2
MD5: e9d142feaa02e867c8dcddfe84e29e20
Determination: GOOD

C:\WINDOWS\system32\netapi.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9
MD5: 0f4ad2e828a6cb0f100cb36f3ac6faee
Determination: GOOD

C:\WINDOWS\system32\olecli.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD
MD5: ca0305757c0648715f6d92ba0c43992f
Determination: GOOD

C:\WINDOWS\system32\olesvr.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F
MD5: 16bf834a84a7dc0d24edc8e924c90637
Determination: GOOD

C:\WINDOWS\system32\pmspl.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93
MD5: 57f8a50513e43aaf6a7b23389e389bbc
Determination: GOOD

C:\WINDOWS\system32\shell.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E
MD5: dc8a8c47542edd026ad8f4ac3d6c2292
Determination: GOOD

C:\WINDOWS\system32\toolhelp.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 87219368400265353643009B30E21C003936EBD7
MD5: c86363c599e5d6836c21a3a3fd21c388
Determination: GOOD

C:\WINDOWS\system32\win87em.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F
MD5: c980c971ad4ff3ca5cefdef40932d3a1
Determination: GOOD

C:\WINDOWS\system32\winoldap.mod
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: E19A53B2202676D208C7002132DA8800B79BCD14
MD5: 0ddfd6315da4b29d09d09b6873ea460b
Determination: GOOD

C:\WINDOWS\system32\winsock.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14
MD5: 68485c5ef0e2efcebf21bbb1042b823b
Determination: GOOD

C:\WINDOWS\system32\winspool.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: F5BB157440E5748C08D600021F9AD300B79BCD14
MD5: 0b4b94b78123e8035b84105bc024f9f8
Determination: GOOD

C:\WINDOWS\system32\wowdeb.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: C1613D5DB0A80A260ABB006471357400B79BCD14
MD5: a7b82d6b38a2acd3b2684e7371c6ce93
Determination: GOOD

C:\WINDOWS\system32\timer.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 01DC5380F09B29550F040024FDB8830045F6872C
MD5: 01dc53809b29550424fdb88345f6872c
Determination: GOOD

C:\WINDOWS\system32\compobj.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F
MD5: 40f9fc896b2ba69fdc04d75e9d00dd01
Determination: GOOD

C:\WINDOWS\system32\storage.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292
MD5: 3a5cd674ada85bcc1ff26b81b4cdefb5
Determination: GOOD

C:\WINDOWS\system32\ole2.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31
MD5: 145aa8ecf0526c093f71117c181694ab
Determination: GOOD

C:\WINDOWS\system32\ole2disp.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7
MD5: eb38be7d7cf9ec15442a9d24cb39a2ac
Determination: GOOD

C:\WINDOWS\system32\ole2nls.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 09B13294B021FA9E558F026E08072F00900228B5
MD5: 32cfcc848a57f87638e31e8735515f80
Determination: GOOD

C:\WINDOWS\system32\typelib.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: C0620321C004C14EB60D020DCCE16200701F9AEA
MD5: 7161255dfa81e67b66b746d2504d2f2b
Determination: GOOD

C:\WINDOWS\system32\msvideo.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3
MD5: 0fec57467004486cf202ed7bdfa5dcee
Determination: GOOD

C:\WINDOWS\system32\avifile.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 23078576D07C879BAB0E016052733100CC123BD6
MD5: 92fbb472d13a6cc283529301810922fb
Determination: GOOD

C:\WINDOWS\system32\msacm.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 9509859960B48961EF3C0048E192C7002EB67DBB
MD5: b3e0e6c925d333fdca47808ebf787cb2
Determination: GOOD

C:\WINDOWS\system32\mciavi.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8
MD5: e6a1bb6f039486bceb825b365aa5548d
Determination: GOOD

C:\WINDOWS\system32\mciseq.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 6F3561B8D089079262B000F61C353D001FC85F9C
MD5: 6f3561b8890792b0f61c353d1fc85f9c
Determination: GOOD

C:\WINDOWS\system32\mciwave.drv
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 2D1A8D9600222A826E980084C50D45003B805765
MD5: 2d1a8d96222a829884c50d453b805765
Determination: GOOD

C:\WINDOWS\system32\avicap.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\WOW\KnownDlls	comm.drv
PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8
MD5: 4a78d6c08d90bde538d5b538a082c1c9
Determination: GOOD

C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ClsidExtension	{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
PX5: BEEC7CE7903A1989A51C07665627A3001B1EF486
MD5: d787e3123fad2bd58ab45b9a5c360acd
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93}	
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(default)
PX5: 839AB93C603CE6D1E69104D5C222F400B82BE7EE
MD5: f4729ccbe7d63e5e02070d59fb79d893
Determination: GOOD

C:\Programmi\Windows Live Toolbar\msntb.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(default)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Toolbar\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
	Loaded from: \REGISTRY\User\S-1-5-21-789336058-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}	..
PX5: 8CCCCDCB70B39EC8576708D11036D1004BAE3D3C
MD5: 0faf0281cbc1f5b8293a2a03745c0acb
Determination: GOOD

C:\WINDOWS\system32\ntsd.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\Debugger	ntsd -d
PX5: 834FBBDD002D211C7C10004432E9BD00FC3D4F55
MD5: 3ecffb9259462acccaf0063841e85e9b
Determination: GOOD

C:\WINDOWS\system32\mmsys.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00022613-0000-0000-C000-000000000046}	Propriet. dei file Multimedia
PX5: 22BCF726009533B384CD093581FB0B00BBF55E93
MD5: b9e3764a67f8d272e88a74e0bdfa1bd0
Determination: GOOD

C:\WINDOWS\system32\icmui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{176d6597-26d3-11d1-b350-080036a75b03}	Gestore scanner ICM
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DB2625A-54DF-11D0-B6C4-0800091AA605}	Gestore monitor ICM
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{675F097E-4C4D-11D0-B6C1-0800091AA605}	Gestore stampante ICM
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DBCE2480-C732-101B-BE72-BA78E9AD5B27}	Profilo ICC
PX5: 79852F4F004FA70AD8870036A8B3F300BFB6CC72
MD5: cc61775dd0099c04c1c464d2e838e0a3
Determination: GOOD

C:\WINDOWS\system32\rshx32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F2E5C40-9550-11CE-99D2-00AA006E086C}	Pagina di protezione NTFS
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}	Pagina di protezione della stampante
PX5: 8E3D69C300B1B3BBA05400C01998E00021B13B08
MD5: 96dbc8f1582fe95b299cd3d6cdba10a2
Determination: GOOD

C:\WINDOWS\system32\docprop.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}	Pagina di propriet. di Docfile OLE
PX5: 4D155A630014F006B8E7003E1F6CD600C0918C31
MD5: 33cf28feac3984edea3b8672a0d7f46a
Determination: GOOD

C:\WINDOWS\system32\deskadp.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071712-76d4-11d1-8b24-00a0c9068ff3}	Estensione scheda video del Pannello di controllo
PX5: 1FEBC52C0075696A427B005EACC72200AF70D61C
MD5: 77dd733136353761750b2258ad368a7e
Determination: GOOD

C:\WINDOWS\system32\deskmon.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071713-76d4-11d1-8b24-00a0c9068ff3}	Estensione monitor del Pannello di controllo
PX5: E6AC7E1B00B4347342D70033642CB1001FC78895
MD5: b4d9f35f49b9e5b03c45bebd96486fe4
Determination: GOOD

C:\WINDOWS\system32\dssec.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E40F770-369C-11d0-8922-00A024AB2DBB}	Pagina di protezione DS
PX5: BF365090005B6ECFCC56008F370997000EDC51ED
MD5: fba19f60318c5e62cc531f7265e64899
Determination: GOOD

C:\WINDOWS\system32\SlayerXP.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}	Pagina compatibilit.
PX5: 071E70380069307964410011CDEF880004B79666
MD5: 92e3c0617dda6f19a7b0f680c94c9b6f
Determination: GOOD

C:\WINDOWS\system32\shscrap.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56117100-C0CD-101B-81E2-00AA004AE837}	Gestore dati dei ritagli di shell
PX5: CEE438A6004ACC126CE400DA76EA3300F6FBD343
MD5: 886e25758e76f75b62955e031eaaa7e5
Determination: GOOD

C:\WINDOWS\system32\diskcopy.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59099400-57FF-11CE-BD94-0020AF85B590}	Estensione copia dischi
PX5: 74FF218D0092AEB8EC3016F62F9A37009BC24342
MD5: 18ac1727a4fdd1012974ad76580d0c74
Determination: GOOD

C:\WINDOWS\system32\ntlanui2.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59be4990-f85c-11ce-aff7-00aa003ca9f6}	Estensioni shell per oggetti Rete Microsoft Windows
PX5: 0FBD6225003D84B73AA5000A7557EF00532B5590
MD5: 75ac93bb0eda95a6b928c7949e60b98b
Determination: GOOD

C:\WINDOWS\system32\printui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77597368-7b15-11d0-a0c2-080036af3f03}	Estensione shell per la stampante Web
PX5: CFC465B500331E10BE8C08062B62D70065070AFA
MD5: ca104d6e9428ba00346cd615a1ee2e31
Determination: GOOD

C:\WINDOWS\system32\dskquoui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7988B573-EC89-11cf-9C00-00AA00A14F56}	Disk Quota UI
PX5: 22C011F30068927142C902641380E9009CE9DCD6
MD5: beca74d3e444b46fa22300b26a46b67d
Determination: GOOD

C:\WINDOWS\system32\syncui.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85BBD920-42A0-1069-A2E4-08002B30309D}	Sincronia file
PX5: 32CB8DAC001BF20AF6D60250E1D558008C7994BA
MD5: ad552fcc0582ea9d1a8f7ab38fb53393
Determination: GOOD

C:\WINDOWS\system32\hticons.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}	Estensione di icona di HyperTerminal
PX5: FDDAAC340069DC70AEDE004813C9AE00464F204F
MD5: 487b70d88ae51825e90c98e067205e60
Determination: GOOD

C:\WINDOWS\system32\fontext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD84B380-8CA2-1069-AB1D-08000948F534}	Tipi di carattere
PX5: A9B1E4F600762191E233053033E9D8001908E1DB
MD5: 71a69eee673b5d15ebc8479be12d65c7
Determination: GOOD

C:\WINDOWS\system32\deskperf.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f92e8c40-3d33-11d2-b1aa-080036a75b03}	Display TroubleShoot CPL Extension
PX5: DEBA621400871F794A8D0005514927006E3B795A
MD5: 584dac27268a6a1892062380b1582494
Determination: GOOD

C:\WINDOWS\system32\cryptext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7444C717-39BF-11D1-8CD9-00C04FC29D45}	Estensione Crypto PKO
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7444C719-39BF-11D1-8CD9-00C04FC29D45}	Estensione firma crittografata
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu\(default)	{7444C719-39BF-11D1-8CD9-00C04FC29D45}
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu\(default)	{7444C719-39BF-11D1-8CD9-00C04FC29D45}
PX5: 144B846200DE013DD4E800E6AFBAF700F56839D9
MD5: d8340d897ad5cf76e359d3ebbabb5a03
Determination: GOOD

C:\WINDOWS\system32\wiashext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E211B736-43FD-11D1-9EFB-0000F8757FCD}	Scanner e fotocamere digitali
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}	Scanner e fotocamere digitali
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{905667aa-acd6-11d2-8080-00805f6596d2}	Scanner e fotocamere digitali
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F953603-1008-4f6e-A73A-04AAC7A992F1}	Scanner e fotocamere digitali
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83bbcbf3-b28a-4919-a5aa-73027445d672}	Scanner e fotocamere digitali
PX5: C96A74CF00663EB10AB209D765C2F9007A08BE3F
MD5: c1f811f1edc12130f9842b93b588957f
Determination: GOOD

C:\WINDOWS\system32\remotepg.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0152790-D56E-4445-850E-4F3117DB740C}	Remote Sessions CPL Extension
PX5: B276FC4B0072F7D1EE38004C043BDE00E8D7EAE4
MD5: 248afc0c31e60bbbfaceac5fd66b4f3d
Determination: GOOD

C:\WINDOWS\system32\wshext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60254CA5-953B-11CF-8C96-00AA00B8708C}	Estensione shell per Windows Script Host
PX5: 66026A8D0045E4F800BE0104F649E900B9F8B8B3
MD5: 2a7ce0d301ed72a88b5ede591ac7c51a
Determination: GOOD

C:\Programmi\File comuni\System\Ole DB\oledb32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2206CDB2-19C1-11D1-89E0-00C04FD7A829}	Microsoft Data Link
PX5: 722A7F0200065713701D079CB9F9D70095D47802
MD5: a2033e5a2b7fc1874cacd6d70a7a7095
Determination: GOOD

C:\WINDOWS\system32\mstask.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}	Tasks Folder Icon Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}	Tasks Folder Shell Extension
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}	Operazioni pianificate
PX5: 28BAE091003DDB7248B2048CE9759F0060145387
MD5: ec25a03ff0624969d508c6f1e25cd664
Determination: GOOD

C:\WINDOWS\system32\twext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{596AB062-B4D2-4215-9F74-E9109B0A8153}	Pagina propriet. versioni precedenti
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DB7A13C-F208-4981-8353-73CC61AE2783}	Versioni precedenti
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}\(default)
PX5: 83D6D2D5007A7A78AC5A00555BE37F0060757F73
MD5: 9c0305df90319693b0b8025976de5c66
Determination: GOOD

C:\WINDOWS\system32\sendmail.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}	Sendmail service
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}	Sendmail service
PX5: 89815E52001B0148D88B0081AF133A006B487C42
MD5: 2e2cf126e0c68ee3954d4033035ca78e
Determination: GOOD

C:\WINDOWS\system32\occache.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88C6C381-2E85-11D0-94DE-444553540000}	Cartella cache ActiveX
PX5: 214F9BB100EDD7C47CF8015D8AF0380096C50712
MD5: eaa6d95c930615b37d2846778480b3e7
Determination: GOOD

C:\WINDOWS\system32\appwiz.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{352EC2B7-8B9A-11D1-B8AE-006008059382}	Gestione applicazioni shell
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B124F8F-91F0-11D1-B8B5-006008059382}	Enumeratore applicazioni installate
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFCCC7A0-A282-11D1-9082-006008059382}	Darwin App Publisher
PX5: 7BF23A6100E0F96772F20888CE0D3F00288DF318
MD5: 5811931252689335b915135f40af5ef1
Determination: GOOD

C:\WINDOWS\system32\shimgvw.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e84fda7c-1d6a-45f6-b725-cb260c236066}	Shell Image Verbs
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}	Shell Image Data Factory
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F30C968-480A-4C6C-862D-EFC0897BB84B}	GDI + programma di estrazione file in anteprima
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBD2C50-62AD-11d0-B806-00C04FD706EC}	Summary Info Thumbnail handler (DOCFILES)
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAB841A0-9550-11cf-8C16-00805F1408F3}	Programma di estrazione pagine HTML in anteprima
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}	Shell Image Property Handler
PX5: BF42E4FC005BE16EB66806F7E01C32002F436309
MD5: 3528c993453ca6aec6ab684ff1189950
Determination: GOOD

C:\WINDOWS\system32\netplwiz.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC6EEFFB-43F6-46c5-9619-51D571967F7D}	Pubblicazione guidata sul Web
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{add36aa8-751a-4579-a266-d66f5202ccbb}	Ordinazione di stampe tramite Web
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6b33163c-76a5-4b6c-bf21-45de9cd503a1}	Oggetto Pubblicazione guidata sul Web
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58f1f272-9240-4f51-b6d4-fd63d1618591}	Creazione guidata profilo Passport
PX5: C0B90A180022DF616EE40D61CC92200055AE5438
MD5: 497a6c557821b002c784437591ff731b
Determination: GOOD

C:\WINDOWS\system32\zipfldr.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}	Cartella compressa
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD472F60-27FA-11cf-B8B4-444553540000}	Compressed (zipped) Folder Right Drag Handler
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}	Compressed (zipped) Folder SendTo Target
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\{BD472F60-27FA-11cf-B8B4-444553540000}\(default)
	Loaded from: \REGISTRY\Machine\Software\Classes\Folder\shellex\DragDropHandlers\{BD472F60-27FA-11cf-B8B4-444553540000}\(default)
PX5: ED969ADB00D5666D2CF80569EB9E87007A803837
MD5: 84dc2b97ae10dea7b265a74971634131
Determination: GOOD

C:\WINDOWS\system32\cdfview.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f39a0dc0-9cc8-11d0-a599-00c04fd64433}	File del canale
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}	Collegamento al canale
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}	Channel Handler Object
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f3da0dc0-9cc8-11d0-a599-00c04fd64437}	Channel Menu
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}	Channel Properties
PX5: 078C0056008184D44E1F02922B0F0300CF4E3686
MD5: e44a7ac9a918fe6d8b29c3223d563545
Determination: GOOD

C:\WINDOWS\system32\extmgr.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{692F0339-CBAA-47e6-B5B5-3B84DB604E87}	Extensions Manager Folder
PX5: 29CD981900B2AB34DAC8005A8DC7D40002F9966B
MD5: 77989a1fc504e58f198a3990b4115c6d
Determination: GOOD

C:\WINDOWS\system32\docprop2.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{883373C3-BF89-11D1-BE35-080036B11A03}	Microsoft DocProp Shell Ext
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9CF0EAE-901A-4739-A481-E35B73E47F6D}	Microsoft DocProp Inplace Edit Box Control
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8EE97210-FD1F-4B19-91DA-67914005F020}	Microsoft DocProp Inplace ML Edit Box Control
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}	Microsoft DocProp Inplace Droplist Combo Control
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A205B57-2567-4A2C-B881-F787FAB579A3}	Microsoft DocProp Inplace Calendar Control
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}	Microsoft DocProp Inplace Time Control
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\(default)	Summary Properties Page
	Loaded from: \REGISTRY\Machine\Software\Classes\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\(default)	Summary Properties Page
PX5: BAD4E96E0064F346BC36008E2891DB0060D308D0
MD5: 886ba5db0a87b5a0d5f85c39424fc2ac
Determination: GOOD

C:\WINDOWS\system32\dsquery.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A23E65E-31C2-11d0-891C-00A024AB2DBB}	Directory Query UI
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}	Shell properties for a DS object
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}	Directory Object Find
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F020E586-5264-11d1-A532-0000F8757D7E}	Directory Start/Search Find
PX5: 97CEB5F9000C9E25AA2703A3E1CE88000E6ADB1E
MD5: 3241be7fa4e0191ae13d80b605ac980e
Determination: GOOD

C:\WINDOWS\system32\dsuiext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D45D530-764B-11d0-A1CA-00AA00C16E65}	Directory Property UI
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{62AE1F9A-126A-11D0-A14B-0800361B1103}	Directory Context Menu Verbs
PX5: 6A192EC500170EFDBCEB0145A96D9300BCCCF2CE
MD5: ca33e221efa6c8bc9081f62fb81c4f46
Determination: GOOD

C:\WINDOWS\msagent\agentpsh.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{143A62C8-C33B-11D1-84FE-00C04FA34A14}	Microsoft Agent Character Property Sheet Handler
PX5: 7469413C00931FFF5E8700E559045400C1A9DC6C
MD5: 43e7c7538d4fd053d19758dd758a2842
Determination: GOOD

C:\WINDOWS\system32\dfsshlex.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}	DfsShell
PX5: C56F8BCC000B5CE570B200C57894E100F757413D
MD5: 41f6a64eb0d0c8b6fdff7c376f4cec17
Determination: GOOD

C:\WINDOWS\system32\photowiz.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{60fd46de-f830-4894-a628-6fa81bc0190d}	%DESC_PublishDropTarget%
PX5: B7418C4500E88487A00C02F731B52500E7F273D2
MD5: 06cfb5ce176f60aa715635a291960acc
Determination: GOOD

C:\WINDOWS\System32\mmcshext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A80E4A8-8005-11D2-BCF8-00C04F72C717}	MMC Icon Handler
PX5: 8A0ADE010092153AC6C80087DEA97400BEB13B83
MD5: d1c8ed56d0db39e432eddc5bfca6dbe5
Determination: GOOD

C:\WINDOWS\system32\cabview.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}	.CAB file viewer
PX5: 3D37E41700A8F7F74C2701763FA52300CB1B48CD
MD5: b6bf125d2c37cd7df340b255a07134e8
Determination: GOOD

C:\Programmi\Outlook Express\wabfind.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32714800-2E5F-11d0-8B85-00AA0044F941}	&Contatti...
PX5: 4FBC213F00A9A845805300462EEB2700C79BF84F
MD5: 64ecedd4e261443874cad4d66fe9fe44
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}	Cartelle Web
PX5: 0F1AFB4348440729BAFF1329BEE4AB0046B37CB1
MD5: bdbf48d13c5343cced93e675effdb72c
Determination: GOOD

C:\Programmi\Microsoft Office\OFFICE11\MLSHEXT.DLL
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00020D75-0000-0000-C000-000000000046}	Microsoft Office Outlook Desktop Icon Handler
PX5: 9B2D4CB3588A5EDB6A2600A1D5BF7900111D2336
MD5: 1b085e6b3ad4c110fbb9c6be353e913b
Determination: GOOD

C:\Programmi\Microsoft Office\OFFICE11\OLKFSTUB.DLL
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0006F045-0000-0000-C000-000000000046}	Microsoft Office Outlook Custom Icon Handler
PX5: 19E651CC58314F6F8A2003BC4AFAA0001C166509
MD5: 36daa15e14c55d2a2f1a7c7674e4deb3
Determination: GOOD

C:\WINDOWS\system32\nvshell.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1CDB2949-8F65-4355-8456-263E7C208A5D}	Desktop Explorer
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A47}	Desktop Explorer Menu
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A48}	nView Desktop Context Menu
PX5: 2371381B0051C449206907CC2BD46700DABA8D7F
MD5: 45c10dd1359f46384a672bac60ce5186
Determination: GOOD

C:\WINDOWS\system32\Audiodev.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{640167b4-59b0-47a6-b335-a6b3c0695aea}	Portable Media Devices
PX5: CCC4601300C6A5E81CE50462A2841900CA6C0AEF
MD5: 3a7736c77696f6c489721851c61f9558
Determination: GOOD

C:\WINDOWS\system32\wpdshext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35786D3C-B075-49b9-88DD-029876E11C01}	Portable Devices
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}	Portable Devices Menu
PX5: E97B47E9008439EE34BD39D2506C3B0047F4B00B
Determination: GOOD

C:\Programmi\Real\RealPlayer\rpshell.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}	Shell Extensions for RealOne Player
PX5: D590B4B8382D0EFDD5F0002875470100B3AB3C0B
MD5: 98d96a612e826294506b4db4519a88bc
Determination: GOOD

C:\WINDOWS\system32\dfshim.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e82a2d71-5b2f-43a0-97b8-81be15854de8}	ShellLink for Application References
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}	Shell Icon Handler for Application References
PX5: 494A923700854E7646D901138F98BF001434DC1A
MD5: b3511383c8be3a8c5b88a78971fc1141
Determination: GOOD

C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}	Autodesk Drawing Preview
PX5: D4B2983968D1A5D22A1301F4E893C6006E8CE4FB
MD5: 7c0073cc1f2e67fbbd91a62ddab4752b
Determination: GOOD

C:\Programmi\File comuni\Autodesk Shared\AcDwfThmbPrxy16.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6DEA92E9-8682-4b6a-97DE-354772FE5727}	Autodesk DWF Preview
PX5: C6FA699C7822E9CE9803009C9A04CA003A045FCB
MD5: eaac64645a6162ee9ce5ad870f958d17
Determination: GOOD

C:\Programmi\Windows Live\Mail\mailcomm.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0563DB41-F538-4B37-A92D-4659049B7766}	WLMD Message Handler
PX5: 8E7FD43818A0C9F218470DCC85515C00A8833415
MD5: 6a69beddd514f21b8a216b85eaf330b5
Determination: GOOD

C:\Programmi\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{06A2568A-CED6-4187-BB20-400B8C02BE5A}
PX5: 90A7DF1C20A0F92A823903770E959E00C7C85AFF
MD5: 6be9c13981922712998fdd6cff9a6377
Determination: GOOD

C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F33137-EE26-412F-8D71-F84E4C2C6625}
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}	Windows Live Photo Gallery Viewer Drop Target Shim
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}	Windows Live Photo Gallery Editor Drop Target Shim
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00F30F90-3E96-453B-AFCD-D71989ECC2C7}	Windows Live Photo Gallery Autoplay Drop Target Shim
PX5: 8689D7DB205A5A26B4B400DBE30ED000D327D807
MD5: 04f15118776e528c065cdef9c339ca3d
Determination: GOOD

C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}	Messenger Sharing Folders
PX5: 8843DBEC703CE08BE7AC042B1C39BD0022FB3418
MD5: 9cb1085b64b2426a0640f2dc126a96b5
Determination: GOOD

C:\Programmi\File comuni\onOne Software Shared\lt_lib_gf_iconShellEx.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE337094-9F50-4B8C-9B53-C00F52A3289B}	GF Shell Extension
PX5: 181AC61000939D5060F00A7E9693490014F3E9DC
MD5: df7ead25a5cffebad0e3491ca3a7bc92
Determination: GOOD

C:\Programmi\Logitech\SetPoint\kbcplext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}	Logitech Setpoint Extension
PX5: 0944F3E5008C481F9006013B4744D900F90046E5
MD5: d459dbc64d8f06320dc7cd11117ee774
Determination: GOOD

C:\Programmi\Logitech\SetPoint\mcplext.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9B9F083-2B04-452A-8691-83694AC1037B}	Logitech Setpoint Extension
PX5: 5804A356005EE66C90D301AAF215CD005BA1681E
MD5: 29c700a6c7e65406992ff3e80543ff48
Determination: GOOD

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
PX5: EF54F26D0008E1F238C20CD47ED58E00B5718750
MD5: ab2895b99611a536b18b1ab8f8c55bbe
Determination: GOOD

C:\WINDOWS\system32\msapsspc.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders	msapsspc.dll
PX5: 8C479BBA0065475850000105207F00002CA02E51
MD5: 9b6e96f4ec4104bcb180c5bea2787b3f
Determination: GOOD

C:\WINDOWS\system32\digest.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders	msapsspc.dll
PX5: 2283761F0087EB020C9B01CC3CCBC600B4AB6B96
MD5: 9b4cd31081f2ce1d69d2580d015c82ea
Determination: GOOD

C:\WINDOWS\system32\msnsspc.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders	msapsspc.dll
PX5: 5FC3C3D6008FE4D0702D042D3521CB003038EB19
MD5: a99939bae7757437683f4d6b1021a499
Determination: GOOD

C:\Programmi\Adobe\Reader 8.0\Reader\pdfprevhndlrshim.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\{49400A7C-81A8-4F52-8CCE-D54739EE87EC}	Adobe PDF Preview Handler
PX5: 623D7460882DBAFD90910060B8205E0036350873
MD5: 54caaebac648af1ba1f943046a824356
Determination: GOOD

C:\Programmi\Adobe\Reader 8.0\Reader\pdfprevhndlr.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\{DC6EFB56-9CFA-464D-8880-44885D7DC193}	Adobe PDF Preview Handler for Vista
PX5: 3BD592F470063CF846ED01556DDA8700DCEF7EC5
MD5: ea24a77157a310f434144a9d71ba05aa
Determination: GOOD

C:\WINDOWS\Resources\themes\Luna\Luna.msstyles
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Themes\InstallVisualStyle	%SystemRoot%\Resources\themes\Luna\Luna.msstyles
PX5: D4AC08E190E1815FF0763FFB772E82003759142D
Determination: GOOD

C:\WINDOWS\system32\rdpclip.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms	rdpclip
PX5: 3129DB34009CADCFF4300018D68AB90013FA4372
MD5: 456e33d8a5b34b0b9b5de1270e13c7a3
Determination: GOOD

C:\WINDOWS\system32\rdpwsx.dll
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\WsxDll	rdpwsx
PX5: 2D4F90888862EA65546401DF11DAFF009FB4CACF
MD5: 98b543037e34c640622fa61e895326c4
Determination: GOOD

C:\WINDOWS\system32\RDPCFGEX.DLL
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\CfgDll	RDPCFGEX.DLL
PX5: 648184F200AE0568123C00C1F661D900A8042FB8
MD5: 0f6f4433f47441c14f17d5348cf609b0
Determination: GOOD

C:\WINDOWS\System32\cmd.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\TelnetServer\1.0\DefaultShell	%SYSTEMROOT%\System32\cmd.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\TelnetServer\Defaults\DefaultShell	%SYSTEMROOT%\System32\cmd.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\TelnetServer\1.0\DefaultShell	%SYSTEMROOT%\System32\cmd.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\TelnetServer\Defaults\DefaultShell	%SYSTEMROOT%\System32\cmd.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\SafeBoot\AlternateShell	cmd.exe
PX5: 174F65020044C14C121406F23AA7F300C65DE81F
MD5: 94744851b6a9bdcefcd26cc61a6afd12
Determination: GOOD

C:\WINDOWS\system32\ssqpq.exe
	Loaded from: \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\Authentication Packages	msv1_0
	Loaded from: FILE
PX5: 34099F5300034EBB028B05A44C028F005983D852
MD5: 97a0ca8d599f9eccc854ec6e71030ef3
Determination: BAD
Malware Group: Trojan.Vundo

C:\WINDOWS\system32\rdpsnd.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\wave	rdpsnd.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP\mixer	rdpsnd.dll
PX5: 34FBA65500CFB6AF4EE7003742BB470065937B12
MD5: 1c5c414cc29d507b89e355e1733a7491
Determination: GOOD

C:\WINDOWS\system32\imaadp32.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm	imaadp32.acm
PX5: 528D926A00EB3B4A408A0067B777E0007219DE4B
MD5: 316f81b3ec381c1c76e07ca43fc12bfc
Determination: GOOD

C:\WINDOWS\system32\msadp32.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm	msadp32.acm
PX5: 9896734D003A7B4A3AD6001B2D129300C6CAD27F
MD5: 147ba07670fa18d112d631b9eec2ca21
Determination: GOOD

C:\WINDOWS\system32\msg711.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711	msg711.acm
PX5: 98836843004ECD5624170012D62AF300ADA7FDE1
MD5: d609edecb9692217bca166c09a8aa6d0
Determination: GOOD

C:\WINDOWS\system32\msgsm32.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610	msgsm32.acm
PX5: 7715C6930008610D4E5300A5AC1D5400348AB758
MD5: dbb6c6dba7c404bf266e064889c45907
Determination: GOOD

C:\WINDOWS\system32\tssoft32.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch	tssoft32.acm
PX5: 9DB260C30072F5C620530046E6B0DC000EF1898D
MD5: 49445261ffaab7f8b915c4d3041aa7f4
Determination: GOOD

C:\WINDOWS\system32\iccvid.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.cvid	iccvid.dll
PX5: 0CEE20B80002FE623A80014E667E0900EDC97E34
MD5: be4de2539b3db9d31d75fe0d323c52ee
Determination: GOOD

C:\WINDOWS\system32\msh263.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.I420	msh263.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M263	msh263.drv
PX5: D1EBECF00092F1C390AB04548720B200A8771D55
MD5: b2e67e6045966c14a746627dccf3f67d
Determination: GOOD

C:\WINDOWS\system32\ir32_32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv31	ir32_32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv32	ir32_32.dll
PX5: 48C6FD2800CF7D770AB40340E9EE0B00336C0935
MD5: cde3aeaeeff57dbb43133f46e96ad8c5
Determination: GOOD

C:\WINDOWS\system32\ir41_32.ax
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv41	ir41_32.ax
PX5: 88C1844600D60C2BF2960C06110E8900D716354E
MD5: 757c7944eb0d518020bb59a1a3ae9826
Determination: GOOD

C:\WINDOWS\system32\iyuv_32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.IYUV	iyuv_32.dll
PX5: 8D2F485A000F6953BA8B00EF89F3AE0028DCEE98
MD5: 193315b73270bad33a3c2f527c8380f6
Determination: GOOD

C:\WINDOWS\system32\msrle32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mrle	msrle32.dll
PX5: 6AD29AC5008293D12C2D00B216F74700B26503F0
MD5: 7b999ca58c6276d885f17abc73982009
Determination: GOOD

C:\WINDOWS\system32\msvidc32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.msvc	msvidc32.dll
PX5: CE4E524C0073A8EC64FF00E1300C68000D8D97A8
MD5: d648edba85278839e30979ce627e5c81
Determination: GOOD

C:\WINDOWS\system32\msyuv.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.UYVY	msyuv.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.YUY2	msyuv.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.YVYU	msyuv.dll
PX5: 92EC75E800DB9BE5440C000A47ABC3009642377A
MD5: b35e1e08bf94e68daf5d9f52485ea368
Determination: GOOD

C:\WINDOWS\system32\tsbyuv.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.YVU9	tsbyuv.dll
PX5: 86646A040019522320A100B4BB4D900094B11477
MD5: a892ec07dffc3d8bf879102982f08721
Determination: GOOD

C:\WINDOWS\system32\msg723.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723	msg723.acm
PX5: 11020CC8008FB79ED00601EAD6C03900AA679A83
MD5: d53bde174ad076ae58c8245a524cfb85
Determination: GOOD

C:\WINDOWS\system32\msh261.drv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M261	msh261.drv
PX5: A41AA5420008DA3EF0B402388EE55600B25D24F8
MD5: 35f5338123495c871c4c7cc9fce784f6
Determination: GOOD

C:\WINDOWS\system32\msaud32.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1	msaud32.acm
PX5: C38F33CC0026C9E080B10460DFC46F004CE633B9
MD5: 9efca60a4bdcf77fc5e2337e3ab61b1e
Determination: GOOD

C:\WINDOWS\system32\sl_anet.acm
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet	sl_anet.acm
PX5: 3DA8D952002B67BF508D01A57E615F00B2B2EA92
MD5: c2e1907dde505f02585e7c85f927333a
Determination: GOOD

C:\WINDOWS\system32\iac25_32.ax
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2	C:\WINDOWS\system32\iac25_32.ax
PX5: D062C8E7003B5A390C1703C014BB9700CE1BED53
MD5: 60b88c336ef385eb0ed77b73852712f3
Determination: GOOD

C:\WINDOWS\system32\ir50_32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv50	ir50_32.dll
PX5: 8FA030FE0030B5D3865F0B4087D0420068F6854C
MD5: b11fb596034932dc55a7638911f482c2
Determination: GOOD

C:\WINDOWS\system32\wmv9vcm.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\VIDC.wmv3	wmv9vcm.dll
PX5: C4DDA01B0064BC149AC81571BE5FE000F8792E9C
MD5: 8c8981584b4db033bfead7acc34c27af
Determination: GOOD

C:\WINDOWS\system32\VfWWDM32.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\MSVideo8	VfWWDM32.dll
PX5: 50A7CDEB00FEFE76D6A800E76B929700EFCC0032
MD5: 148b5330921c365fa4a2db6c431a9b2c
Determination: GOOD

C:\WINDOWS\system32\DivX.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yv12	DivX.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.DIVX	DivX.dll
PX5: 156A4B49002F040AF0F80A5121CFEA00587380F2
MD5: 9b76cfec2236efbd731b65155f24a7a0
Determination: GOOD

C:\WINDOWS\system32\ipxrip.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXRIP\DllName	ipxrip.dll
PX5: 859821B9009D40A9548200AD83A363008B36EF0D
MD5: 2dac54a61b837fac36ffd92b7e39b3ff
Determination: GOOD

C:\WINDOWS\system32\ipxsap.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\IPXSAP\DllName	ipxsap.dll
PX5: 85797B9500D099280499015DBB948C00AAAAF548
MD5: 3eea6d343b3d6fcf500db1837c07df06
Determination: GOOD

C:\WINDOWS\System32\iprtrmgr.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DllPath	%SystemRoot%\System32\iprtrmgr.dll
PX5: D40494A6008ED12A98FE023AAD1857000DD8C7B5
MD5: 30584106b1e3c4f836d35c92ba38b184
Determination: GOOD

C:\WINDOWS\System32\ipxrtmgr.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ipx\DllPath	%SystemRoot%\System32\ipxrtmgr.dll
PX5: 4718448E00AA1CC09C1B00C6E262700012078A35
MD5: 7ff943a30ba413c3f43e8441a28b7aa7
Determination: GOOD

C:\WINDOWS\system32\Firewall.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\Internet Connection Firewall	Firewall.cpl
PX5: C6AD4E5900619E5B3AA801566FFF65004318E0B5
MD5: 486c95d7867757ef75946cdc7fa547dd
Determination: GOOD

C:\WINDOWS\system32\NetSetup.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\NetSetupWizard	NetSetup.cpl
PX5: 1727E2B500CA6EDF648A0091303FF7003D7EE312
MD5: 6c00e8b5734cd98456e36a1919393597
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\Speech	C:\Programmi\File comuni\Microsoft Shared\Speech\sapi.cpl
PX5: 4B95DF2F0028608F7026024663B5470081E40772
MD5: b281e4e0c7de6016f067191aa0b10047
Determination: GOOD

C:\Programmi\Nokia\Nokia PC Suite 6\ConnectionManager.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\NokiaConnectionManager	C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
PX5: 31DFEC5200A5B5EC802600953A1DFE00D58F12A6
MD5: 51df47d00331fe3dc14ccf9686a305ed
Determination: GOOD

C:\Programmi\QuickTime\QTSystem\QuickTime.cpl
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\QuickTime	C:\Programmi\QuickTime\QTSystem\QuickTime.cpl
PX5: 34BA02B2002A5C0FC048100E747F06005EE604D2
MD5: a2e7c43d2c111ea2dd69f7eee1ea2a53
Determination: GOOD

C:\WINDOWS\system32\Magnify.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier\Application path	Magnify.exe
PX5: 8FD0DD1200F1CC211E520147693D72005CC20F83
MD5: b8485b1b335c0c00397dd7abc041475d
Determination: GOOD

C:\WINDOWS\system32\osk.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard\Application path	osk.exe
PX5: 865A974F008F100B4EF6035F16FFB2007D13E899
MD5: 7d5b9dd2d397e5d323c5de2d0b4caeb6
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\GIF\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\GIF\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\GIFIMP32.FLT
PX5: 1AFC15B7586A5DF9BCF2022DB710D4008D512047
MD5: fbc40188cbc315f8a8dfacd0d2b90b59
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\JPEG\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\JPEG\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\JPEGIM32.FLT
PX5: 561D8D31584B04827C1102EBE625B600DEC6EAF4
MD5: 60434b6daaaa5bf3813e2205b87ccbf8
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\PNG32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Export\PNG\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PNG\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PNG32.FLT
PX5: 41F3277C587D0DCC802F02C1B6DDD100D7B2F136
MD5: 55ae5da2cace64e3077eb2bdc3da10eb
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\EPSIMP32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\EPS\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\EPSIMP32.FLT
PX5: 32EC21B05869C5577E1F0662DE1C0A0072491BA6
MD5: 304134597c6b01b7ad92992c19ca197e
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\GRPHFLT\PICTIM32.FLT
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Graphics Filters\Import\PICT\Path	C:\PROGRA~1\FILECO~1\MICROS~1\GRPHFLT\PICTIM32.FLT
PX5: 2B3FBA5458C98F78F08400114D3B6600CE83D717
MD5: 176459a49103c6c3e21e0f0cc5de64c6
Determination: GOOD

C:\Programmi\Autodesk\backburner\Server.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Categories\Applications11\Environment\ServerExtensions\(default)	Web Server Extensions locali
PX5: 99B560ED00E5511CB06901DEB444320068DCCF26
MD5: 7242888a21cd70cabc79749708d86950
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\ieinfo5\(default)	C:\Programmi\File comuni\Microsoft Shared\MSInfo\ieinfo5.ocx
PX5: D9CCCE7600AE330472C5014263EDAE006E08A176
MD5: 7cfdd7f54c64bff62f64665a7e567896
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\MSInfo\OINFO11.OCX
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Templates\OInfo11\(default)	C:\PROGRA~1\FILECO~1\MICROS~1\MSINFO\OINFO11.OCX
PX5: FB9F0DC45862323C4A580BB65E7AC000AC09EC29
MD5: 79713a682824e689082d8cc4c0d1d6bd
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Path	C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\MSInfo\Path	C:\Programmi\File comuni\Microsoft Shared\MSInfo\MSInfo32.exe
PX5: DCC20BBB0036A3BB9EFA00953DF8F200E6CDE36A
MD5: 12644a48270558aec35230e476534f48
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\HTML\Path	C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\HTML\Path	C:\Programmi\File comuni\Microsoft Shared\TextConv\html32.cnv
PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF
MD5: 20b2a413befa1b0d309416bf8228dc95
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\WRD6ER32.CNV
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Export\MSWord6RTFExp\Path	C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\WRD6ER32.CNV
PX5: C3C71C92400AE19A461E003B3C2E07005391A6FD
MD5: e53620bef06b224fe7a67388b0becff2
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWinWrite.wpc\Path	C:\Programmi\File comuni\Microsoft Shared\TextConv\write32.wpc
PX5: 71A6A3C449C4AC08B01A01656F55D100B9B2E691
MD5: afd63ca25e43793fd7c42c5f74961559
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc\Path	C:\Programmi\File comuni\Microsoft Shared\TextConv\mswrd632.wpc
PX5: 255241CE4A8E0D0D40E903D813E15E00D95525A3
MD5: da91b90d37135534d061b7e3480fc11c
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\MSWRD832.CNV
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\MSWord8\Path	C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\MSWRD832.CNV
PX5: 6C2F7F9458015FF64E040324CD763100F5986932
MD5: 8015f47e6d0e7eeef6f29bf3cb946638
Determination: GOOD

C:\Programmi\File comuni\Microsoft Shared\TextConv\RECOVR32.CNV
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Shared Tools\Text Converters\Import\Recover\Path	C:\PROGRA~1\FILECO~1\MICROS~1\TEXTCONV\RECOVR32.CNV
PX5: A0E75DBF5869DD1778C700BCF0A48A00305991ED
MD5: da4e955d7542ba7b9cead34b48f6ae24
Determination: GOOD

C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ClsidExtension	{5F7B1267-94A9-47F5-98DB-E99415F33AEC}
PX5: E976291210AB89335C4C02A35457A4000E35BD6B
MD5: e0444668bba2ddf1cc43466997d8dbf0
Determination: GOOD

C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\BandCLSID	{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
PX5: A83FCF6640922AC79E180079D56A39000F46AC8A
MD5: 0fa0bdaa2ff4ed7e5a2fa2ec1b536712
Determination: GOOD

C:\WINDOWS\system32\DRIVERS\UMDF\PCCSWpdDriver.dll
	Loaded from: \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\PCCSWpdDriver\ImagePath	C:\WINDOWS\system32\DRIVERS\UMDF\PCCSWpdDriver.dll
PX5: F557CD2500B492DA100108FE4B875900517C2A40
MD5: 1834e1099ced4af712f50cba7769916e
Determination: GOOD

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
	Loaded from: FILE
PX5: D0A0E0A298B6664C36F30BF361D13B0043D4A4DA
MD5: 169c293ce9460a05646d17dc6aa2fb2c
Determination: GOOD

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
	Loaded from: FILE
PX5: 9BCE5C5200A775A200D00372428C6500A3F54C1A
MD5: 6f2e5108667bf1149d884e3cbeb9cdd1
Determination: GOOD

C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
	Loaded from: FILE
PX5: 725F23FAF83D0FB02A02008D1A3BFE005C92B115
MD5: ad61c37e1d1e56fafc5ff7e3cb2d3efa
Determination: GOOD

C:\WINDOWS\system32\ctfmon .exe
	Loaded from: FILE
PX5: 7BE460C100E5509F3C0D00F14B5A510097B91217
MD5: 5b33b4265966ee063c7fbea28958d9c2
Determination: GOOD

C:\WINDOWS\system32\DartSock.dll
	Loaded from: FILE
PX5: DD91AA48002D07BE506B030760FF480038C69B4F
MD5: 7e400d392eb35965251c2ea2450f91df
Determination: GOOD

C:\WINDOWS\system32\DartWeb.dll
	Loaded from: FILE
PX5: 5DA84FF70006D6E2D02F016FD63A0A00DAB2AAC3
MD5: d6483e33d9c5d40fe1d9d057ad7a4159
Determination: GOOD

C:\WINDOWS\system32\DartWeb.oca
	Loaded from: FILE
PX5: 70B4BBCD00A0AA4670D1003B3C2E0700B55A3E19
MD5: f26b3593589ced64f36b60e38fce47e4
Determination: GOOD

C:\WINDOWS\system32\Deco_32.dll
	Loaded from: FILE
PX5: C08E3DA9000A0BE87AD703DAA8679100366035F5
MD5: 9932706e9fc0d6fd80d0158bc975ea10
Determination: GOOD

C:\WINDOWS\system32\EPPicMgr.dll
	Loaded from: FILE
PX5: E92D2ED7A0BA34FD18CD0120A0D14C002C5FE803
MD5: 8c1013eaf95ff2cec2391eb0e8b04b31
Determination: GOOD

C:\WINDOWS\system32\EpPicPrt.dll
	Loaded from: FILE
PX5: 6A522E0DA03BA1D7D8DC018947BA3B008AD94C78
MD5: 2e409416d32024870a2d841b157a8e19
Determination: GOOD

C:\WINDOWS\system32\escwiad.dll
	Loaded from: FILE
PX5: 35D10818007AE94E06B801CB67034300EE9DDDAB
MD5: b35dbb90fa79be79956e481d1af9e7e7
Determination: GOOD

C:\WINDOWS\system32\E_DCINST.DLL
	Loaded from: FILE
PX5: 9E16DDD10091D6EAC01B00D4EE1BF000A48CA9CC
MD5: 1129871724a26b1dd6678de88b7fe941
Determination: GOOD

C:\WINDOWS\system32\E_FD4BCDE.DLL
	Loaded from: FILE
PX5: D26F5D1400389082F68600D47BFDB5002931C966
MD5: 8eb50eb111d161708b899a6af6a8f860
Determination: GOOD

C:\WINDOWS\system32\Gif89.dll
	Loaded from: FILE
PX5: 39E55BFE00994004AE7900CA40204A00B15649CF
MD5: fb00273cf7ce639c136853f3fc04b10c
Determination: GOOD

C:\WINDOWS\system32\mucltui.dll.mui
	Loaded from: FILE
PX5: A5CEE5C07828FA91754700AE8244D0004ACFFC69
MD5: 0b4f08d15caf75a5c75120b1fde1e1aa
Determination: GOOD

C:\WINDOWS\system32\PICEntry.dll
	Loaded from: FILE
PX5: 41593566A06569EEA889013DCD27AF00146B0798
MD5: 68d2de06776bec0409af80d26c2fd42e
Determination: GOOD

C:\WINDOWS\system32\PICSDK.dll
	Loaded from: FILE
PX5: 41C3D04998FCD36338A001CFCEC9F10044D8B6D9
MD5: 93c3e9ee30280a8ed2d56dceda0faf3f
Determination: GOOD

C:\WINDOWS\system32\PICSDK2.dll
	Loaded from: FILE
PX5: 94E4C7AD9827F46AA8230761A7BEA700534C7A7A
MD5: 17152a7f21c9802e7826de63d2df184c
Determination: GOOD

C:\WINDOWS\system32\pxwma.dll
	Loaded from: FILE
PX5: 59F52D81F849173D6A4B02EC9E8C280023FC4DB5
MD5: 6fca6470d8fd499d97aa330ad887ab7d
Determination: GOOD

C:\WINDOWS\system32\swreg.exe
	Loaded from: FILE
PX5: DC83A50300D400CB628F02FBC3D90A00524E74AA
MD5: 02cbae32057dbdc17168f0392f5f22be
Determination: GOOD

C:\WINDOWS\system32\swsc.exe
	Loaded from: FILE
PX5: 9AD6007400EF58FB16FD02C93D5A11007C587A2D
MD5: b7517db073b28f5696a1e5528abeb5d0
Determination: GOOD

C:\WINDOWS\system32\swxcacls.exe
	Loaded from: FILE
PX5: A88EC77C004D09AD3EAD03886C024100562C6F9B
MD5: b1a9cf0b6f80611d31987c247ec630b4
Determination: GOOD

C:\WINDOWS\system32\updater.dll
	Loaded from: FILE
PX5: 506C1668C3CBF90D2BF10F6205931900169473A6
MD5: 55e0443fe675e8948c8c935ae09e97c7
Determination: GOOD

C:\WINDOWS\system32\VB5DB.DLL
	Loaded from: FILE
PX5: 32D5A3CC101F07995DD801EBCA1270009B8898E2
MD5: 4c6f2d2ce86330335801f2982b26223e
Determination: GOOD

C:\WINDOWS\system32\VFind.exe
	Loaded from: FILE
PX5: 68A93FE80065CBB0C08A00C62063DC00FC32EEE3
MD5: ab44ccd0fa8e55ef88db941eef95560a
Determination: GOOD

C:\WINDOWS\system32\watchdog.sys
	Loaded from: FILE
PX5: A5490EC7005C2AF84570001E79455E0011553B7B
MD5: c9bf2f12c4e6c12f8a85fba4b6bc6208
Determination: GOOD

C:\WINDOWS\system32\win32k.sys
	Loaded from: FILE
PX5: B61A5CF40006DE0604901CFDDD44000019AAB650
MD5: 152d48f5d41cb4aebdf187755d315a4a
Determination: GOOD

C:\WINDOWS\system32\wuapi.dll.mui
	Loaded from: FILE
PX5: 92E0CC095853C0C1753300650DDDAD00C0399BC2
MD5: b7b1ebd53c9e861db7a8ab7d13d8e1d8
Determination: GOOD

C:\WINDOWS\system32\wuaucpl.cpl.mui
	Loaded from: FILE
PX5: FD92C06C58084CD4759C00E6600FAC0065A26BA6
MD5: 5271dcc72118b26619d1f8f4b3372a06
Determination: GOOD

C:\WINDOWS\system32\wuaueng.dll.mui
	Loaded from: FILE
PX5: 8F87ECF5583D62C253DE00AB7F3D51002C1F4DC0
MD5: a9875e8f8a1852e0e325a02ce421ed36
Determination: GOOD

C:\WINDOWS\system32\wucltui.dll.mui
	Loaded from: FILE
PX5: 70241DA158CC4AF1959400D2361A37006066AE07
MD5: 7a5740c5a55447e88a760322334244d5
Determination: GOOD

C:\WINDOWS\system32\XceedCry.dll
	Loaded from: FILE
PX5: 8A5C3BB6B0F4B572E283077290F365000113C07C
MD5: 0317aa56fadcb4671a736ee524b6047c
Determination: GOOD

C:\WINDOWS\17PHolmes572.exe
	Loaded from: FILE
PX5: 2B3B223CFC4643247F2200CB97C1F500B05E0C52
MD5: d4bdccbd81a5c7e99657ae24b0ed9d46
Determination: GOOD

C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
	Loaded from: FILE
PX5: A4DD5F6200D95AB5D06F014893629000BFE2751F
MD5: f5d25b90c2cf002aeba544a5e5507cb6
Determination: GOOD

C:\WINDOWS\CDE DX7400DEFGIPS.ini
	Loaded from: FILE
PX5: 2B30ED7519CF6159005A00A60A059400CEA1FBD0

C:\WINDOWS\gmer.dll
	Loaded from: FILE
PX5: F0C918D83FF21742F072081E53B72400AB278D28
MD5: 53e4edef3f73670fbd693e7d727d5519
Determination: GOOD

C:\WINDOWS\gmer.exe
	Loaded from: FILE
PX5: 72FF4713003F55FAE08E0806436EB300BA0F5943
MD5: 6dd2d8708876be4e76c04567af1b2cef
Determination: GOOD

C:\WINDOWS\NirCmd.exe
	Loaded from: FILE
PX5: 0B3C1B20004F5906C8C90059DB861D009E07DDDA
MD5: c1c4f864edf67dfda95b9819263e2939
Determination: GOOD

C:\WINDOWS\PCDLIB32.DLL
	Loaded from: FILE
PX5: A722C04E0055EABE3E2903EE54537C00E6644ECF
MD5: 7ed438c44b90af7b01609a942c7e7196
Determination: GOOD

C:\WINDOWS\PMK_setup.ini
	Loaded from: FILE
PX5: 1B2C7EFB1519614000F8001412A30800E7F507FA

C:\WINDOWS\QTFont.for
	Loaded from: FILE
PX5: E1034D75817709F3057F002D1EBD9600D5EAD02B
MD5: e1034d757709f37f2d1ebd96d5ead02b
Determination: GOOD

C:\WINDOWS\unvise32.exe
	Loaded from: FILE
PX5: D3E7D9FD00F9729F60F601C45321A2000A8B804C
MD5: 8ce5266f0bbb73c95886cb72b0063cb8
Determination: GOOD

C:\WINDOWS\wiaservc.log
	Loaded from: FILE
PX5: 1036E8D132A57C15007F009276DF6700DC7D3086
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\IadHide5.dll
	Loaded from: FILE
PX5: 2E2F839325F834E1602500048CA8DF0098ABE541
MD5: 072d68762b0380bc8651332ebc504f02
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX13.tmp
	Loaded from: FILE
PX5: 34099F5300034EBB788B06A44C028F00CA2CC6C3
MD5: 291b5b579561b5bbe53e4343806562b4
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX16.tmp
	Loaded from: FILE
PX5: 34099F5300034EBB2C8B0DA44C028F00BAAB095C
MD5: 31db88211ed92ce8aecd9fef0f3466c9
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX19.tmp
	Loaded from: FILE
PX5: 34099F5300034EBBC48B08A44C028F00627B292D
MD5: 39cf07eb77110e4ff680f0dda2b204a7
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX3.tmp
	Loaded from: FILE
PX5: 34099F5300034EBB128B5CA44C028F005527E7A4
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\RCXC.tmp
	Loaded from: FILE
PX5: 34099F5300034EBB928B0EA44C028F00EFC18740
MD5: 6db7532dcdb6322550d0e338de0999b6
Determination: SUSPICIOUS

C:\Documents and Settings\utente\Impostazioni locali\Temp\RCXF.tmp
	Loaded from: FILE
PX5: 34099F5300034EBB6E8B13A44C028F00CD08BF07
MD5: 3e272cd707cdebcd5d1fb57c5ba883d9
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP10.tmp
	Loaded from: FILE
PX5: 59E438AB70B0D00595F1567CB8966B00A1C6CF9F
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP13.tmp
	Loaded from: FILE
PX5: D2F36D7700DB63ED9016002DDDE82A00B1380C0A
MD5: 94782c50f682ccc02c1ff4360976a5c8
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP16.tmp
	Loaded from: FILE
PX5: B1CA91AE0062159D20164A1FADE3C000FA0E624E
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP19.tmp
	Loaded from: FILE
PX5: C7CD22FD78619BB076CB09ABAC8FD50082F11DB4
MD5: a21e70b4f972ca396a80013d0d436350
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP1C.tmp
	Loaded from: FILE
PX5: 6D89CE4E00615A0900900EDBDF5C3800128B2253
MD5: 837932d4e6aed69c0dcb2fa73a0da8be
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP1F.tmp
	Loaded from: FILE
PX5: 1C82D9A300A4CD42707801C70B938500977EBEA9
MD5: cacd213e5a959fdf4f8232a6b34fad43
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP22.tmp
	Loaded from: FILE
PX5: C7371E06303DAF271611088239033A00CA05812B
MD5: 903aa37552fc25541bd6ee2e866b8fc1
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP25.tmp
	Loaded from: FILE
PX5: A3BEC41E28507EEABB11030799532600650C54D0
MD5: b1a430eea7a9ee2372a93e9414935129
Determination: GOOD

C:\Documents and Settings\utente\Impostazioni locali\Temp\TMP7.tmp
	Loaded from: FILE
PX5: B1CA91AE0062159D20164A1FADE3C000FA0E624E
Determination: GOOD

C:\WINDOWS\system32\drivers\1394bus.sys
	Loaded from: FILE
PX5: A01D29000095FDD3D05B00D74275E7003170E933
MD5: 009927db8019c54477dabf6f9d795053
Determination: GOOD

C:\WINDOWS\system32\drivers\acpiec.sys
	Loaded from: FILE
PX5: F21BE3DC800E8A0A2F3C009238A73C008905B399
MD5: 49ac5cd87fbdda62f3e25190019e7627
Determination: GOOD

C:\WINDOWS\system32\drivers\amdk6.sys
	Loaded from: FILE
PX5: 4242D904806C60F8A08300740C09B400A99A704A
MD5: 03bbca770830a6ffc5a57b697d150f2f
Determination: GOOD

C:\WINDOWS\system32\drivers\amdk7.sys
	Loaded from: FILE
PX5: EABF85AE00CF7D2BA2F600B95331A000E92CF98B
MD5: a4ff6cfcd83941b3628779cb32959c2b
Determination: GOOD

C:\WINDOWS\system32\drivers\atmepvc.sys
	Loaded from: FILE
PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B
MD5: 39a0a59180f19946374275745b21aeba
Determination: GOOD

C:\WINDOWS\system32\drivers\atmlane.sys
	Loaded from: FILE
PX5: 823332B380717184DAFD00B035ED9500F95C0458
MD5: 0128e78fe835f074e469f03db681ca9e
Determination: GOOD

C:\WINDOWS\system32\drivers\atmuni.sys
	Loaded from: FILE
PX5: 92E7BF650082565E607E05AD216E0900953642D5
MD5: e7ef69b38d17ba01f914ae8f66216a38
Determination: GOOD

C:\WINDOWS\system32\drivers\beep.sys
	Loaded from: FILE
PX5: F62FA4F780D77A5110B2005CD7507900637E04C1
MD5: da1f27d85e0d1525f6621372e7b685e9
Determination: GOOD

C:\WINDOWS\system32\drivers\bridge.sys
	Loaded from: FILE
PX5: 69CABDC3803104ED17D001BEA902E2004A7836B0
MD5: e4e6a0922e3d983728c9ad4e8d466954
Determination: GOOD

C:\WINDOWS\system32\drivers\cbidf2k.sys
	Loaded from: FILE
PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7
MD5: 90a673fc8e12a79afbed2576f6a7aaf9
Determination: GOOD

C:\WINDOWS\system32\drivers\cdaudio.sys
	Loaded from: FILE
PX5: 7D0D30B9001A5352491B006D9C79D000079079B1
MD5: c1b486a7658353d33a10cc15211a873b
Determination: GOOD

C:\WINDOWS\system32\drivers\cdfs.sys
	Loaded from: FILE
PX5: 0225C13D004CC9CDF93000922132D000BA57D976
MD5: cd7d5152df32b47f4e36f710b35aae02
Determination: GOOD

C:\WINDOWS\system32\drivers\cdr4_xp.sys
	Loaded from: FILE
PX5: AA25D71B78C8E829247500E1DF1CD700586B4A7B
MD5: 837eef65af62d4e8a37c41d3879f7274
Determination: GOOD

C:\WINDOWS\system32\drivers\cdralw2k.sys
	Loaded from: FILE
PX5: 4518F26FF8DED74324DE0027365E6D0072F3B365
MD5: 579da2f9f5401f55dae2cf8779d61dfc
Determination: GOOD

C:\WINDOWS\system32\drivers\cinemst2.sys
	Loaded from: FILE
PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424
MD5: 0cccbd6ef94910804921bf04a2107ef8
Determination: GOOD

C:\WINDOWS\system32\drivers\classpnp.sys
	Loaded from: FILE
PX5: 61280642007AE0BEC20400D8EC4D8200079FF3CE
MD5: d86173b401470f06d9810f7962969ddf
Determination: GOOD

C:\WINDOWS\system32\drivers\cpqdap01.sys
	Loaded from: FILE
PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3
MD5: 9624293e55ad405415862b504ca95b73
Determination: GOOD

C:\WINDOWS\system32\drivers\crusoe.sys
	Loaded from: FILE
PX5: E4FE1A7080AF31429EBC00A2612936006E0D7B97
MD5: f8c288d89ad71bf1aff0f9e4db5d3a10
Determination: GOOD

C:\WINDOWS\system32\drivers\diskdump.sys
	Loaded from: FILE
PX5: 6D7A5F848072A37B37EB00C342763700264F9014
MD5: d16c81677a9be399c63cd2ea486472a5
Determination: GOOD

C:\WINDOWS\system32\drivers\drmk.sys
	Loaded from: FILE
PX5: 73B664558055CFD9EB9800CC44976A00031F37A9
MD5: ff86422268de771d571e123eb7092c6a
Determination: GOOD

C:\WINDOWS\system32\drivers\dxapi.sys
	Loaded from: FILE
PX5: D0E069F50027643C29470029619BD400B7B7054A
MD5: fe97d0343acfdebdd578fc67cc91fa87
Determination: GOOD

C:\WINDOWS\system32\drivers\dxg.sys
	Loaded from: FILE
PX5: 3F54B7A780F0ED98157C011AE18D4A00EE6485EB
MD5: d3dac8432110aad0b02a58b4459ab835
Determination: GOOD

C:\WINDOWS\system32\drivers\dxgthk.sys
	Loaded from: FILE
PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14
MD5: a73f5d6705b1d820c19b18782e176efd
Determination: GOOD

C:\WINDOWS\system32\drivers\enum1394.sys
	Loaded from: FILE
PX5: 4E7FF71200A58CFF197100D1CCE6B600C8D9E0FF
MD5: 80d1b490b60e74e002dc116ec5d41748
Determination: GOOD

C:\WINDOWS\system32\drivers\fastfat.sys
	Loaded from: FILE
PX5: 1E68B78D00BA4E2F30E102605EF38B00BED2E67D
MD5: 3117f595e9615e04f05a54fc15a03b20
Determination: GOOD

C:\WINDOWS\system32\drivers\fips.sys
	Loaded from: FILE
PX5: 1007D8C50089CEC889D600EFFDE6B800D02A5DA9
MD5: 333fbbc71bdcbb46c58a3b51b3d51184
Determination: GOOD

C:\WINDOWS\system32\drivers\fsvga.sys
	Loaded from: FILE
PX5: 78ACD409008333CF30C90046F776F800BAB458CE
MD5: 25a7f5539209be062d4bb3f9cd84bd16
Determination: GOOD

C:\WINDOWS\system32\drivers\fs_rec.sys
	Loaded from: FILE
PX5: 2E3179C900CB71741FBA004F645EEB00865149D3
MD5: 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a
Determination: GOOD

C:\WINDOWS\system32\drivers\Hdaudio.sys
	Loaded from: FILE
PX5: B7BDAA0200E26E383AB10225F4727C00EB8C3B5A
MD5: 2a013e7530beab6e569faa83f517e836
Determination: GOOD

C:\WINDOWS\system32\drivers\hidclass.sys
	Loaded from: FILE
PX5: 800EAA28801FAC928DC800F3F0296600134890AF
MD5: 378055ab8dda86228683c697c4e11685
Determination: GOOD

C:\WINDOWS\system32\drivers\hidparse.sys
	Loaded from: FILE
PX5: 202AE5AF805FDB4161470039E900C0009EB401B0
MD5: 5fff41cd5108e9051d255c37825af697
Determination: GOOD

C:\WINDOWS\system32\drivers\imagedrv.sys
	Loaded from: FILE
PX5: E383C2F480AFC2491541008E40C3620095FC446B
MD5: 0a7c49b48c772591a2d362daa00246c8
Determination: GOOD

C:\WINDOWS\system32\drivers\imagesrv.sys
	Loaded from: FILE
PX5: 765B695900F122C8E91A01E15C4A6300587F7CC0
MD5: 549ba4f539e7b8d8129500b96dd7b27a
Determination: GOOD

C:\WINDOWS\system32\drivers\ks.sys
	Loaded from: FILE
PX5: 78D9F49380D52F3B2603022FFE8CE100B4CA1585
MD5: b9540e258f952650de8dec68719a5c97
Determination: GOOD

C:\WINDOWS\system32\drivers\ksecdd.sys
	Loaded from: FILE
PX5: 774C935980F76922670D01959D71E6009D9267E6
MD5: eb7ffe87fd367ea8fca0506f74a87fbb
Determination: GOOD

C:\WINDOWS\system32\drivers\mcd.sys
	Loaded from: FILE
PX5: 874B185900D5916B1EF900C2FE181D00136FAB22
MD5: d1f8be91ed4ddb671d42e473e3fe71ab
Determination: GOOD

C:\WINDOWS\system32\drivers\mf.sys
	Loaded from: FILE
PX5: F49C56310087ADB9F998009652109C00BB35FCB1
MD5: 729d83e56c29c510258a6e9e79ffddc3
Determination: GOOD

C:\WINDOWS\system32\drivers\mnmdd.sys
	Loaded from: FILE
PX5: 33A41DEC8064684210700001C4EA1400320E2D4F
MD5: 4ae068242760a1fb6e1a44bf4e16afa6
Determination: GOOD

C:\WINDOWS\system32\drivers\modem.sys
	Loaded from: FILE
PX5: F22F2ACE0067686F7617004AA04CD400DCD5102E
MD5: b30d2db351e3191bd71232036cfe711a
Determination: GOOD

C:\WINDOWS\system32\drivers\mountmgr.sys
	Loaded from: FILE
PX5: 7309084F00AE944FA5B9001585E15200FF872CDC
MD5: 65653f3b4477f3c63e68a9659f85ee2e
Determination: GOOD

C:\WINDOWS\system32\drivers\mqac.sys
	Loaded from: FILE
PX5: A4B93ADE00A3CC201DAC01B48E57ED0024CEA9D4
MD5: db07b0088cdfd20c2a22e675120ede34
Determination: GOOD

C:\WINDOWS\system32\drivers\msfs.sys
	Loaded from: FILE
PX5: 075BA4B3803111464A9700E6E20263008B5F85A4
MD5: 561b3a4333ca2dbdba28b5b956822519
Determination: GOOD

C:\WINDOWS\system32\drivers\mup.sys
	Loaded from: FILE
PX5: 488AE40380446D0EA57D014A890CCF00C681450A
MD5: 82035e0f41c2dd05ae41d27fe6cf7de1
Determination: GOOD

C:\WINDOWS\system32\drivers\ndis.sys
	Loaded from: FILE
PX5: D3D6286080F2E0F0CA7A02249DEC7F001D734284
MD5: 558635d3af1c7546d26067d5d9b6959e
Determination: GOOD

C:\WINDOWS\system32\drivers\ndproxy.sys
	Loaded from: FILE
PX5: FB8873A080F72F00942D005DFF5068001A60ED1C
MD5: 59fc3fb44d2669bc144fd87826bb571f
Determination: GOOD

C:\WINDOWS\system32\drivers\nikedrv.sys
	Loaded from: FILE
PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9
MD5: be984d604d91c217355cdd3737aad25d
Determination: GOOD

C:\WINDOWS\system32\drivers\nmnt.sys
	Loaded from: FILE
PX5: 4F6E51DE803D5E299DD30090E39024009FB3BD94
MD5: 60cf8c7192b3614f240838ddbaa4a245
Determination: GOOD

C:\WINDOWS\system32\drivers\npfs.sys
	Loaded from: FILE
PX5: 20DA5FD280719B5A789A008E44C90300CCA72CD2
MD5: 4f601bcb8f64ea3ac0994f98fed03f8e
Determination: GOOD

C:\WINDOWS\system32\drivers\ntfs.sys
	Loaded from: FILE
PX5: 66DDEA8480FFB1BBC4F70843EE9A6E00F3167B2F
MD5: b78be402c3f63dd55521f73876951cdd
Determination: GOOD

C:\WINDOWS\system32\drivers\null.sys
	Loaded from: FILE
PX5: 7047032880E19D2B0B4300F23A496700B79BCD14
MD5: 73c1e1f395918bc2c6dd67af7591a3ad
Determination: GOOD

C:\WINDOWS\system32\drivers\nwlnkipx.sys
	Loaded from: FILE
PX5: B455E8AE80D2C31959AC01662F7EE7009B9C1B54
MD5: 79ea3fcda7067977625b3363a2657c80
Determination: GOOD

C:\WINDOWS\system32\drivers\nwlnknb.sys
	Loaded from: FILE
PX5: 04BB889700AAB944F73D0096D8122400A0912260
MD5: 56d34a67c05e94e16377c60609741ff8
Determination: GOOD

C:\WINDOWS\system32\drivers\nwlnkspx.sys
	Loaded from: FILE
PX5: 38D410228045AB3DDA820098A4E752008EA9780C
MD5: c0bb7d1615e1acbdc99757f6ceaf8cf0
Determination: GOOD

C:\WINDOWS\system32\drivers\nwrdr.sys
	Loaded from: FILE
PX5: B0D1753100E533537F3C02D47C98B30050AB7A8C
MD5: 03373a79440473062c6f3aedec6a49c8
Determination: GOOD

C:\WINDOWS\system32\drivers\oprghdlr.sys
	Loaded from: FILE
PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14
MD5: 4bb30ddc53ebc76895e38694580cdfe9
Determination: GOOD

C:\WINDOWS\system32\drivers\OVCam2.sys
	Loaded from: FILE
PX5: 65F10B098013A185BBF40066306FAA0078D619B0
MD5: 803715cf245d5308c2644925ceaf275d
Determination: GOOD

C:\WINDOWS\system32\drivers\OVCodek2.sys
	Loaded from: FILE
PX5: 378F3AB280A03B2A5DC20529ED57110096614A6A
MD5: 6e07c71e89c17c96d206a6a91d247f3b
Determination: GOOD

C:\WINDOWS\system32\drivers\p3.sys
	Loaded from: FILE
PX5: BC6A682380C862C2B56A0022A0FE9B00ED93F9A1
MD5: acf18d9f903b29790b8f8e01535f37d4
Determination: GOOD

C:\WINDOWS\system32\drivers\partmgr.sys
	Loaded from: FILE
PX5: CD5C0D6C00BC0D35496D00DCA66DE800E5B26EF9
MD5: 3334430c29dc338092f79c38ef7b4cd0
Determination: GOOD

C:\WINDOWS\system32\drivers\parvdm.sys
	Loaded from: FILE
PX5: D78233F200E873FD1B40001BF0D2FD00501E1542
MD5: 0dabef655a444cb1e193626fb1d24b9f
Determination: GOOD

C:\WINDOWS\system32\drivers\pciidex.sys
	Loaded from: FILE
PX5: DD4713DB00668128625F00A6F0879B00FA781103
MD5: 520b91ab011456b940d9b05fc91108ff
Determination: GOOD

C:\WINDOWS\system32\drivers\pcmcia.sys
	Loaded from: FILE
PX5: 1E5E2DAE80A234A7D5E1011E8065A7000BABC19F
MD5: 28f3538a2091993a03506311a05053e8
Determination: GOOD

C:\WINDOWS\system32\drivers\portcls.sys
	Loaded from: FILE
PX5: 4C3FDB6000983D64179702C05212D30014AEE1A4
MD5: bc6b2bc69c1e009443e8b1fe2db96101
Determination: GOOD

C:\WINDOWS\system32\drivers\processr.sys
	Loaded from: FILE
PX5: AF0FBDFA005416189A000040A9FF7600B2B78287
MD5: 2be7f01e46970e946aa18cba3de019eb
Determination: GOOD

C:\WINDOWS\system32\drivers\rawwan.sys
	Loaded from: FILE
PX5: 3623B25780ED679386B1006F511AA700A8DBED63
MD5: 01524cd237223b18adbb48f70083f101
Determination: GOOD

C:\WINDOWS\system32\drivers\rdpwd.sys
	Loaded from: FILE
PX5: 58B1048788D70AE7203D02788FCE5900DFC3CF12
MD5: d4f5643d7714ef499ae9527fdcd50894
Determination: GOOD

C:\WINDOWS\system32\drivers\rio8drv.sys
	Loaded from: FILE
PX5: 689BF8B80051228F2F8000540597A5009049C8B5
MD5: a56fe08ec7473e8580a390bb1081cdd7
Determination: GOOD

C:\WINDOWS\system32\drivers\riodrv.sys
	Loaded from: FILE
PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7
MD5: 0a854df84c77a0be205bfeab2ae4f0ec
Determination: GOOD

C:\WINDOWS\system32\drivers\RMCast.sys
	Loaded from: FILE
PX5: 3F78954280F868910DA803F8FC6F1400E3565A6B
MD5: 35e81b908ae4e97fc7bdf4607c516ff4
Determination: GOOD

C:\WINDOWS\system32\drivers\rndismp.sys
	Loaded from: FILE
PX5: F5E4CD0480C828137517005714D7F1002CA246EF
MD5: 7ce8b277f3207ea82d7d22ad348befc6
Determination: GOOD

C:\WINDOWS\system32\drivers\rootmdm.sys
	Loaded from: FILE
PX5: F3E7979300A8EEA3177100743639FF0080591A18
MD5: d8b0b4ade32574b2d9c5cc34dc0dbbe7
Determination: GOOD

C:\WINDOWS\system32\drivers\scsiport.sys
	Loaded from: FILE
PX5: BAEDAB6C00163F8D78C6012DFF6A240038CAB5E8
MD5: d7fd0ff761e28ac0ea35ad71e0cd67e9
Determination: GOOD

C:\WINDOWS\system32\drivers\sdbus.sys
	Loaded from: FILE
PX5: BA494C87000D7A4F08B4013D43118E00EBAF0531
MD5: 02fc71b020ec8700ee8a46c58bc6f276
Determination: GOOD

C:\WINDOWS\system32\drivers\sffdisk.sys
	Loaded from: FILE
PX5: AF380F15808E7A972B3D001ABF251400652E930D
MD5: 1d9f1bec651815741f088a8fb88e17ee
Determination: GOOD

C:\WINDOWS\system32\drivers\sffp_sd.sys
	Loaded from: FILE
PX5: 35A841FC0030CAF028AD002AAB39F600184DF1C4
MD5: 586499fd312ffd7f78553f408e71682e
Determination: GOOD

C:\WINDOWS\system32\drivers\smclib.sys
	Loaded from: FILE
PX5: 8A9722BD003AC63939580092009AC20088FC78D8
MD5: 017daecf0ed3aa731313433601ec40fa
Determination: GOOD

C:\WINDOWS\system32\drivers\sonydcam.sys
	Loaded from: FILE
PX5: 0B9EAE4180F27A6F636900C11EF4E3002F2E7423
MD5: addc9e4757a68ab60562ad3cb9c288d6
Determination: GOOD

C:\WINDOWS\system32\drivers\stream.sys
	Loaded from: FILE
PX5: E9758E5F00F11219BE3300252F112F00F38A6C5B
MD5: c43356072eb3e88cd62958db10cead47
Determination: GOOD

C:\WINDOWS\system32\drivers\tape.sys
	Loaded from: FILE
PX5: 1278B1EF80B32A683A3F0096934CD200746C2998
MD5: a2a9ca0d1a9ac1ff54220aa0789fe5cf
Determination: GOOD

C:\WINDOWS\system32\drivers\tcpip6.sys
	Loaded from: FILE
PX5: 32CF71DE80C22838693903AC6683F600681C92FD
MD5: 4d58bb1ae8841aafd8790ad7e1e3b8ea
Determination: GOOD

C:\WINDOWS\system32\drivers\tdi.sys
	Loaded from: FILE
PX5: D2E197368059988748C500010EF1F2006AC8B3D9
MD5: 6891b74ab9a016064e82a419388d0601
Determination: GOOD

C:\WINDOWS\system32\drivers\tdpipe.sys
	Loaded from: FILE
PX5: 3FCBC6C1086354332FFD003DE3512D00CB438F2A
MD5: 38d437cf2d98965f239b0abcd66dcb0f
Determination: GOOD

C:\WINDOWS\system32\drivers\tdtcp.sys
	Loaded from: FILE
PX5: 8942980688A6EF76558200032BC6D800A375DA91
MD5: ed0580af02502d00ad8c4c066b156be9
Determination: GOOD

C:\WINDOWS\system32\drivers\tosdvd.sys
	Loaded from: FILE
PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE
MD5: 699450901c5ccfd82357cbc531cedd23
Determination: GOOD

C:\WINDOWS\system32\drivers\tsbvcap.sys
	Loaded from: FILE
PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD
MD5: d74a8ec75305f1d3cfde7c7fc1bd62a9
Determination: GOOD

C:\WINDOWS\system32\drivers\tunmp.sys
	Loaded from: FILE
PX5: CBD0AEE38035D6A5300B00CF5C419100CB427E52
MD5: 87a0e9e18c10a9e454238e3330e2a26d
Determination: GOOD

C:\WINDOWS\system32\drivers\udfs.sys
	Loaded from: FILE
PX5: 5FD2643980FF4C93024701049FF5A900913F1B6B
MD5: 12f70256f140cd7d52c58c7048fde657
Determination: GOOD

C:\WINDOWS\system32\drivers\usb8023.sys
	Loaded from: FILE
PX5: 6C38C2AE8005B13A31EC001CD2E193004FD5788A
MD5: af090265ec388bab320f1ff7e7a7d5ea
Determination: GOOD

C:\WINDOWS\system32\drivers\usbcamd.sys
	Loaded from: FILE
PX5: D11C923000C0476E5DDA002FC1E34E00BC32EEBC
MD5: 2654eecc6fb13603ebddcd5c8ea943d1
Determination: GOOD

C:\WINDOWS\system32\drivers\usbcamd2.sys
	Loaded from: FILE
PX5: D11C923080C0476E5DDA002FC1E34E002B3DC035
MD5: 61018ba9df6b63e51d9753c980e73ec2
Determination: GOOD

C:\WINDOWS\system32\drivers\usbd.sys
	Loaded from: FILE
PX5: F328D8568037A02F12FA00A0B0E095005A1BACA9
MD5: 596eb39b50d6ebd9b734dc4ae0544693
Determination: GOOD

C:\WINDOWS\system32\drivers\usbintel.sys
	Loaded from: FILE
PX5: 46A2709480A8B9863E99007B5ED70B000E5AFC3D
MD5: 2853fd4c4489e0f8bfcf78efcdb7e998
Determination: GOOD

C:\WINDOWS\system32\drivers\usbport.sys
	Loaded from: FILE
PX5: A1EF174180FC34972E3902AA15903200854523B2
MD5: 2034ca78f9c6e787b4b76d81ac888351
Determination: GOOD

C:\WINDOWS\system32\drivers\vdmindvd.sys
	Loaded from: FILE
PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF
MD5: 55e01061c74a8cefff58dc36114a8d3f
Determination: GOOD

C:\WINDOWS\system32\drivers\videoprt.sys
	Loaded from: FILE
PX5: BBE87C52808D55E2379801ACFA738900C0632DEC
MD5: d5a9d123f5ed7c9965a481bd20cf66d8
Determination: GOOD

C:\WINDOWS\system32\drivers\volsnap.sys
	Loaded from: FILE
PX5: AC3AFD0E80294768D03200EE1153E40098EF3DD1
MD5: 698869e82c57169f2140c04a272bf12b
Determination: GOOD

C:\WINDOWS\system32\drivers\wmilib.sys
	Loaded from: FILE
PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3
MD5: 2f31b7f954bed437f2c75026c65caf7b
Determination: GOOD

C:\WINDOWS\system32\drivers\wpdusb.sys
	Loaded from: FILE
PX5: 71F884AF00CF82759F8D00E4694A460046E65AFE
MD5: d4162c1d8fe1de8f1e6ef9ba4323d520
Determination: GOOD

C:\Documents and Settings\All Users\Dati applicazioni\desktop.ini
	Loaded from: FILE
PX5: 88CF0FF93E2A4A9F00A700BD9B751300B2E9E22B

C:\Documents and Settings\utente\Dati applicazioni\desktop.ini
	Loaded from: FILE
PX5: 88CF0FF93E2A4A9F00A700BD9B751300B2E9E22B

C:\Documents and Settings\utente\Desktop\avenger.exe
	Loaded from: FILE
PX5: FFB1D6FF00A6E24EFCBA01DBF6C6720030D24BA8
MD5: 632f23bff4bc7bb9f880e5c6e144c0d6
Determination: GOOD

C:\Documents and Settings\utente\Desktop\ComboFix.exe
	Loaded from: FILE
PX5: 8B84300EAC704150CFCA162A43B67300C827ADB6
MD5: 2d4fe03c8ffc41d54a40444239bb37a7
Determination: GOOD

C:\Documents and Settings\utente\Desktop\FixVundo.exe
	Loaded from: FILE
PX5: BD03E212B0B7297588370252B6B1F20060D297D0
MD5: 497d297cbe465ca735491d5d5f7aa134
Determination: GOOD

C:\Documents and Settings\utente\Desktop\VundoFix.exe
	Loaded from: FILE
PX5: 84981B1300DF6D8806CC022EED2D1D00C8429128
MD5: 9f86904ef56e9fd07b57bb559503df72
Determination: GOOD


Results::
Known malicious programs: 2



End of PrevxCSI Log - http://www.prevx.com

VIRIT

Codice:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2008 - 18:31:05

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
 
 
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 108178.
Files Totali: 108178.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
 
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
08/01/2008 - 00:47:20

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
 
 
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 30533.
Files Totali: 30533.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
 
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
08/01/2008 - 02:31:48

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
 
 
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1.
Files Totali: 1.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
 
--------------------------------------------------------
08/01/2008 - 02:31:56

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
 
 
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1094.
Files Totali: 1094.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
 
--------------------------------------------------------
08/01/2008 - 02:32:20

[SCANSIONE DEL REGISTRO]
OK

[C:\WINDOWS]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
 
 
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 11924.
Files Totali: 11924.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
 
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
09/01/2008 - 12:30:04

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
 
C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX13.tmp Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX16.tmp Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX19.tmp Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Documents and Settings\utente\Impostazioni locali\Temp\RCX3.tmp Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Documents and Settings\utente\Impostazioni locali\Temp\RCXC.tmp Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Documents and Settings\utente\Impostazioni locali\Temp\RCXF.tmp Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\eMule\emule .exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\eMule\emule.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\ESET\nod32kui.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\Programmi\MSN Messenger\MsnMsgr.Exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\eMule\emule .exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\ESET\nod32kui.exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\Programmi\MSN Messenger\MsnMsgr.Exe.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX11.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX16.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1A.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX22.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX25.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX27.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2C.tmp.vir Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\VundoFix Backups\ctfmon.exe.bad Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\VundoFix Backups\ssqpq.exe.bad Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
C:\WINDOWS\system32\ssqpq.exe Infetto da Trojan.Win32.Vundo.BT
 * * *  RIMOSSO  * * *
 
Chiavi Registro infette: 0.
Files Infetti: 34.
Files Sospetti: 0.
Files Analizzati: 105830.
Files Totali: 105830.
Chiavi Registro rimosse: 0.
Virus Rimossi: 34.

HIJACKTHIS

Codice:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.50.20, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Eset\nod32kui .exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\eMule\emule .exe
C:\Programmi\MSN Messenger\MsnMsgr .Exe
C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpq.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule .exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ae3645db1e1d4a4abb59a6ba70ad3c9a
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ae3645db1e1d4a4abb59a6ba70ad3c9a
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bw+0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9F7D1F65-106E-4E0F-8A34-5DA2E6F3E17C} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas   www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 20878 bytes

che faccio adesso?

ho pubblicato i log, aspetto una vostra risposta, non compio nessun'altra operazione.

grazie di cuore.

Arki_ · 09-01-2008, 21:48

ho letto in un'altra guida (rimozione bagle) come eseguire la scansione con avenger.

ho trovato uno script da copiare ed incollare nella finestra con la lente.

ho premuto il semaforo ed è partita la scansione (dopo essersi riavviato il pc, ma credo sia normale).

ecco il log :

Codice:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ryqqdheh

*******************

Script file located at: \??\C:\WINDOWS\system32\ycasofjl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034



File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



Could not open file C:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\utente\Dati applicazioni\hidires\rosa.sys for deletion
Deletion of file C:\Documents and Settings\utente\Dati applicazioni\hidires\rosa.sys failed!

Could not process line:
C:\Documents and Settings\utente\Dati applicazioni\hidires\rosa.sys
Status: 0xc000003a



Could not open file C:\Documents and Settings\utente\Dati applicazioni\m\data.oct for deletion
Deletion of file C:\Documents and Settings\utente\Dati applicazioni\m\data.oct failed!

Could not process line:
C:\Documents and Settings\utente\Dati applicazioni\m\data.oct
Status: 0xc000003a



Could not open file C:\Documents and Settings\utente\Dati applicazioni\m\flec006.exe for deletion
Deletion of file C:\Documents and Settings\utente\Dati applicazioni\m\flec006.exe failed!

Could not process line:
C:\Documents and Settings\utente\Dati applicazioni\m\flec006.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



File C:\WINDOWS\system32\drivers\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.exe
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034



Folder C:\Documents and Settings\utente\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\utente\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\utente\Dati applicazioni\hidires
Status: 0xc0000034



Folder C:\WINDOWS\System32\drivers\down not found!
Deletion of folder C:\WINDOWS\System32\drivers\down failed!

Could not process line:
C:\WINDOWS\System32\drivers\down
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\rosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

**Chill-Out** · 09-01-2008, 22:49

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

scarica questo tool fallo girare ed aspetta istruzioni,ciao.

Arki_ · 09-01-2008, 23:02

Codice:

Ran on 10/01/2008 -  0.00.50,70

----a-w           620,152 2008-01-09 01:53:50  C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
----a-w           917,504 2008-01-09 01:53:51  C:\Programmi\ESET\nod32kui .exe
----a-w            94,208 2008-01-09 01:54:06  C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR .EXE
----a-w           529,968 2008-01-09 01:53:51  C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe
----a-w           244,520 2008-01-09 01:53:52  C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe
----a-w            36,864 2008-01-09 01:53:53  C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w         5,674,352 2008-01-09 01:54:01  C:\Programmi\MSN Messenger\MsnMsgr .Exe
----a-w            15,360 2008-01-08 17:02:05  C:\WINDOWS\system32\ctfmon .exe

 Entries:                8  (8)
 Directories:            0  Files:             8
 Bytes:          8,132,928  Blocks:       15,887

lancetta · 09-01-2008, 23:36

trascina il file Log txt che ti ha rilasciato su RenV.exe riesegui e se ti chiede di riavviare fallo tranquillamente e posta qui il log dei risultati

Arki_ · 09-01-2008, 23:41

ho trascinato il file log che prima mi aveva creato sull'icona di RenV.

è partito il programma di nuovo e mi ha rilasciato il seguente file :

(non mi ha chiesto di riavviare)

Codice:

Ran on 10/01/2008 -  0.38.38,10

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

sono qui e aspetto.

grazie mille davvero.

lancetta · 10-01-2008, 00:01

Quote:

Originariamente inviato da Arki_

ho trascinato il file log che prima mi aveva creato sull'icona di RenV.

è partito il programma di nuovo e mi ha rilasciato il seguente file :

(non mi ha chiesto di riavviare)

Codice:

Ran on 10/01/2008 -  0.38.38,10

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

sono qui e aspetto.

grazie mille davvero.

allora adesso devi rifare le scansioni di prima (vundofix fixvundo questo: VirtumundoBeGone http://secured2k.home.comcast.net/to...undoBeGone.exe
questo tool va avviato in modalità provvisoria, F8 all'avvio del computer)
e sopratutto combofix alla fine...la variante che hai preso è l'ultima che crea degli spazi in alcune applicazioni che sarebbero quelle legittime sostituendosi con quelle infette,inibendo così i vari interventi....

Arki_ · 10-01-2008, 10:36

ho fatto di nuovo le scansioni :

vundofix

fixvundo

combofix

ed anche Virtmundobegone

le ho eseguite tutte in modalità provvisoria.

adesso davvero il problma sembra rientrato.
alcuni programmi all'avvio sono partiti normalmente,

resta un solo problema :

il nod32 (che come avevo scritto ho provato a reinstallare l'altro giorno dopo che il virus me lo aveva disattivato) non si aggiorna. la versione che ho reinstallato era precedente a quella che avevo già istallata prima dell'infezione, infatti il database è aggiornato alla versione 1.1167 (20050713)...!

provo a fare aggiorna ora, ma contina a comparirmi l'avviso che mi dice :

"nod32 è aggiornato. non è necessario effettuare altri aggiornamenti"

però nella finestra aggiornamento compare una cosa anomala :

come ULTIMO AGGIORNAMENTO mi da : 2008-01-07 01:11

mentre come VERSIONE la 1.1167 (20050713)

che significa?
che è aggiornato a gennaio 2008, ma la versione del database è del 2005?
che faccio?
devo provare a cercare una versione più recente del programma e reinstallarlo nuovamente?

intanto posto i log delle scansioni che mi hai detto di rifare :

VUNDOFIX (che ho rifatto anche adesso dopo aver connesso il pc)

Codice:

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 4.32.32 10/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.exe
C:\WINDOWS\system32\ssqpq.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqpq.exe
C:\WINDOWS\system32\ssqpq.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 11.15.01 10/01/2008

Listing files found while scanning....

No infected files were found.

FIXVUNDO

Codice:

Symantec Trojan.Vundo Removal Tool 1.5.0

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\dareiz@kaiba.cc\DFSR\Staging\CS{7024943D-1CC3-B15D-FD5F-81465F98E44A}\01\10-{7024943D-1CC3-B15D-FD5F-81465F98E44A}-v1-{F751E798-B641-42DC-8D00-80A4C24A8EF7}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\01\12-{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}-v1-{F751E798-B641-42DC-8D00-80A4C24A8EF7}-v12-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\44\18-{364FC8DB-A18D-451E-A2CE-7DDACF42F04A}-v244-{7D12C007-A211-4490-917B-4FAE60C60654}-v18-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\57\19-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v57-{7D12C007-A211-4490-917B-4FAE60C60654}-v19-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\58\20-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v58-{7D12C007-A211-4490-917B-4FAE60C60654}-v20-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\59\21-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v59-{7D12C007-A211-4490-917B-4FAE60C60654}-v21-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\61\23-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v61-{7D12C007-A211-4490-917B-4FAE60C60654}-v23-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\62\24-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v62-{7D12C007-A211-4490-917B-4FAE60C60654}-v24-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\63\25-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v63-{7D12C007-A211-4490-917B-4FAE60C60654}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\67\26-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v67-{7D12C007-A211-4490-917B-4FAE60C60654}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\68\27-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v68-{7D12C007-A211-4490-917B-4FAE60C60654}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\69\28-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v69-{7D12C007-A211-4490-917B-4FAE60C60654}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\70\29-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v70-{7D12C007-A211-4490-917B-4FAE60C60654}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\71\30-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v71-{7D12C007-A211-4490-917B-4FAE60C60654}-v30-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\72\31-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v72-{7D12C007-A211-4490-917B-4FAE60C60654}-v31-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\73\32-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v73-{7D12C007-A211-4490-917B-4FAE60C60654}-v32-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\74\33-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v74-{7D12C007-A211-4490-917B-4FAE60C60654}-v33-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\75\34-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v75-{7D12C007-A211-4490-917B-4FAE60C60654}-v34-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\77\35-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v77-{7D12C007-A211-4490-917B-4FAE60C60654}-v35-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\78\36-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v78-{7D12C007-A211-4490-917B-4FAE60C60654}-v36-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\minoste@hotmail.com\DFSR\Staging\CS{E4BEA03B-0DA5-32F5-72A4-BE6C7BE849C8}\79\37-{2D614EDC-9F33-463E-84C4-1A82FA80937F}-v79-{7D12C007-A211-4490-917B-4FAE60C60654}-v37-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\01\11-{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}-v1-{F751E798-B641-42DC-8D00-80A4C24A8EF7}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\15\38-{306473DC-A189-40FB-99E4-7448515BD1DE}-v15-{7D12C007-A211-4490-917B-4FAE60C60654}-v38-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\16\91-{54A66D57-3E11-4417-A1F0-84D243795954}-v16-{54A66D57-3E11-4417-A1F0-84D243795954}-v91-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\18\39-{54A66D57-3E11-4417-A1F0-84D243795954}-v18-{7D12C007-A211-4490-917B-4FAE60C60654}-v39-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\20\92-{54A66D57-3E11-4417-A1F0-84D243795954}-v20-{54A66D57-3E11-4417-A1F0-84D243795954}-v92-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\22\66-{54A66D57-3E11-4417-A1F0-84D243795954}-v22-{306473DC-A189-40FB-99E4-7448515BD1DE}-v66-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\24\67-{54A66D57-3E11-4417-A1F0-84D243795954}-v24-{306473DC-A189-40FB-99E4-7448515BD1DE}-v67-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\26\76-{54A66D57-3E11-4417-A1F0-84D243795954}-v26-{306473DC-A189-40FB-99E4-7448515BD1DE}-v76-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\29\77-{54A66D57-3E11-4417-A1F0-84D243795954}-v29-{306473DC-A189-40FB-99E4-7448515BD1DE}-v77-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\32\40-{54A66D57-3E11-4417-A1F0-84D243795954}-v32-{7D12C007-A211-4490-917B-4FAE60C60654}-v40-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\34\41-{54A66D57-3E11-4417-A1F0-84D243795954}-v34-{7D12C007-A211-4490-917B-4FAE60C60654}-v41-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\36\78-{54A66D57-3E11-4417-A1F0-84D243795954}-v36-{306473DC-A189-40FB-99E4-7448515BD1DE}-v78-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\39\79-{54A66D57-3E11-4417-A1F0-84D243795954}-v39-{306473DC-A189-40FB-99E4-7448515BD1DE}-v79-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\46\80-{54A66D57-3E11-4417-A1F0-84D243795954}-v46-{306473DC-A189-40FB-99E4-7448515BD1DE}-v80-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\52\68-{54A66D57-3E11-4417-A1F0-84D243795954}-v52-{306473DC-A189-40FB-99E4-7448515BD1DE}-v68-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\54\81-{54A66D57-3E11-4417-A1F0-84D243795954}-v54-{306473DC-A189-40FB-99E4-7448515BD1DE}-v81-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\56\69-{54A66D57-3E11-4417-A1F0-84D243795954}-v56-{306473DC-A189-40FB-99E4-7448515BD1DE}-v69-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\59\71-{54A66D57-3E11-4417-A1F0-84D243795954}-v59-{306473DC-A189-40FB-99E4-7448515BD1DE}-v71-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\61\72-{54A66D57-3E11-4417-A1F0-84D243795954}-v61-{306473DC-A189-40FB-99E4-7448515BD1DE}-v72-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\63\82-{54A66D57-3E11-4417-A1F0-84D243795954}-v63-{306473DC-A189-40FB-99E4-7448515BD1DE}-v82-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\65\73-{54A66D57-3E11-4417-A1F0-84D243795954}-v65-{306473DC-A189-40FB-99E4-7448515BD1DE}-v73-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\67\74-{54A66D57-3E11-4417-A1F0-84D243795954}-v67-{306473DC-A189-40FB-99E4-7448515BD1DE}-v74-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\69\84-{54A66D57-3E11-4417-A1F0-84D243795954}-v69-{306473DC-A189-40FB-99E4-7448515BD1DE}-v84-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\75\85-{54A66D57-3E11-4417-A1F0-84D243795954}-v75-{306473DC-A189-40FB-99E4-7448515BD1DE}-v85-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\gingerxx@tiscali.it\SharingMetadata\sissi_80@hotmail.com\DFSR\Staging\CS{EE2B46DE-F261-A08B-F3BE-8FC3FB2D2455}\87\86-{54A66D57-3E11-4417-A1F0-84D243795954}-v87-{306473DC-A189-40FB-99E4-7448515BD1DE}-v86-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\perfidaxever@hotmail.com\SharingMetadata\batifab@yahoo.it\DFSR\Staging\CS{81AB862E-6220-EC62-FDB4-EF4F6F555BD6}\01\10-{81AB862E-6220-EC62-FDB4-EF4F6F555BD6}-v1-{5372329D-3400-48C8-AEDF-D91AA7662E86}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\perfidaxever@hotmail.com\SharingMetadata\luce.cor@hotmail.it\DFSR\Staging\CS{CA7B7B05-DC04-67BD-B8E3-14BAE92A650E}\01\11-{CA7B7B05-DC04-67BD-B8E3-14BAE92A650E}-v1-{5372329D-3400-48C8-AEDF-D91AA7662E86}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\01\49-{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v49-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\61\1077-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1061-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1077-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\62\1078-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1062-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1078-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\63\1079-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1063-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1079-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\64\1066-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1064-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1066-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\68\1080-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1068-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1080-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\69\1094-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1069-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1094-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\70\1082-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1070-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1082-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\72\1095-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1072-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1095-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\73\1096-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1073-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1096-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\74\1098-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1074-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1098-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\75\1099-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1075-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1099-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\aleksavdr@hotmail.com\DFSR\Staging\CS{F4E844AF-9584-A4DE-CABE-D37B780A4A4C}\76\1097-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1076-{401CE480-846A-4C5D-8367-1FA9F40CA6D6}-v1097-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\01\12-{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v12-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\23\23-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v23-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v23-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\24\24-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v24-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v24-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\24\24-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v24-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v24-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\25\25-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v25-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\25\25-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v25-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v25-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\26\26-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v26-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\26\26-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v26-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v26-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\27\27-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v27-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\27\27-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v27-{B93DA63D-2F2C-44E4-BE0D-F8F352D17741}-v27-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\28\28-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v28-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\29\29-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v29-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\30\30-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v30-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v30-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\46\46-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v46-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v46-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\47\47-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v47-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v47-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\48\48-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v48-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v48-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\daniela_dj@hotmail.it\DFSR\Staging\CS{E8D602D9-CA65-E392-BCAF-C6F26A15A6AA}\83\84-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v83-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v84-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\dareiz@kaiba.cc\DFSR\Staging\CS{F2CD1A3F-6228-5114-8B5D-CD0FBFA9752D}\01\10-{F2CD1A3F-6228-5114-8B5D-CD0FBFA9752D}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\gingerxx@tiscali.it\DFSR\Staging\CS{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}\01\22-{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v22-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\gingerxx@tiscali.it\DFSR\Staging\CS{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}\55\49-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v55-{7D12C007-A211-4490-917B-4FAE60C60654}-v49-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\gingerxx@tiscali.it\DFSR\Staging\CS{3CF50647-30B5-E6E8-5AC1-5CBC6D60A498}\56\56-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v56-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v56-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\vincy_arki@hotmail.com\SharingMetadata\rogerfederer95@hotmail.it\DFSR\Staging\CS{56992C79-1DCC-B35C-5FC1-02480851D9C7}\01\67-{56992C79-1DCC-B35C-5FC1-02480851D9C7}-v1-{4356CCB5-CA46-4BAC-836F-88307A63D6C5}-v67-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.

COMBOFIX

Codice:

ComboFix 08-01-07.5 - utente 2008-01-10  6.00.26.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1040.18.1667 [GMT 1:00]
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RCX7.tmp



	Codice:
	 <pre>
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe ---> Acrotray.exe
C:\Programmi\ESET\nod32kui .exe ---> nod32kui.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR .EXE ---> KHALMNPR.EXE
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper .exe ---> Communications_Helper.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX .exe ---> LVComSX.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe ---> LogitechDesktopMessenger.exe
C:\Programmi\MSN Messenger\MsnMsgr .Exe ---> MsnMsgr.Exe
</pre>

.
.
(((((((((((((((((((((((((   Files Creati Da 2007-12-10 al 2008-01-10  )))))))))))))))))))))))))))))))))))
.

2008-01-10 04:30 . 2007-08-07 12:52	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-10 04:30 . 2007-08-07 12:52	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Risorse di rete
2008-01-10 04:30 . 2007-08-07 12:52	<DIR>	d--------	C:\Documents and Settings\Administrator\Preferiti
2008-01-10 04:30 . 2007-08-07 11:01	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Modelli
2008-01-10 04:30 . 2007-08-07 12:52	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Avvio
2008-01-10 04:30 . 2008-01-09 01:55	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-10 04:30 . 2007-08-07 12:52	<DIR>	d--------	C:\Documents and Settings\Administrator\Documenti
2008-01-10 04:30 . 2007-08-07 12:52	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-10 00:38 . 2008-01-08 18:02	15,360	--a--c---	C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-09 22:42 . 2008-01-09 22:42	1,080	--a------	C:\qyahpcra .bat
2008-01-09 22:41 . 2008-01-09 22:42	329,216	--a------	C:\qyahpcra.bat
2008-01-08 18:13 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-08 17:59 . 2008-01-08 17:59	<DIR>	d--------	C:\Programmi\Logitech
2008-01-08 17:59 . 2006-08-22 23:20	155,648	--a------	C:\WINDOWS\system32\kemutb.dll
2008-01-08 17:59 . 2006-08-22 23:19	131,072	--a------	C:\WINDOWS\system32\KemUtil.dll
2008-01-08 17:59 . 2008-01-08 17:59	118,784	-r-------	C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-01-08 17:59 . 2006-08-22 23:20	110,592	--a------	C:\WINDOWS\system32\KemWnd.dll
2008-01-08 17:59 . 2006-07-19 12:03	94,208	--a------	C:\WINDOWS\KHALMNPR.Exe
2008-01-08 17:59 . 2006-08-22 23:20	69,632	--a------	C:\WINDOWS\system32\KemXML.dll
2008-01-08 17:59 . 2006-07-19 12:28	36,736	--a------	C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-01-08 17:59 . 2006-08-23 01:08	3,712	--a------	C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-01-08 03:08 . 2008-01-08 03:08	0	--a------	C:\WINDOWS\system32\mapisvc.inf
2008-01-08 02:21 . 2008-01-10 04:47	<DIR>	d--------	C:\VundoFix Backups
2008-01-08 01:18 . 2008-01-08 01:20	32,764	--a------	C:\WINDOWS\17PHolmes572.exe
2008-01-07 20:52 . 2008-01-07 20:52	<DIR>	d--------	C:\Documents and Settings\utente\DoctorWeb
2008-01-07 18:25 . 2008-01-09 12:48	<DIR>	d--------	C:\VEXPLITE
2008-01-07 18:25 . 2007-10-10 09:00	36,096	--a------	C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-07 02:14 . 2008-01-09 12:20	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\PrevxCSI
2008-01-07 02:14 . 2008-01-07 02:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-01-06 21:15 . 2008-01-08 02:05	250	--a------	C:\WINDOWS\gmer.ini
2008-01-06 20:26 . 2008-01-06 20:26	<DIR>	d--------	C:\Programmi\Panda Security
2008-01-06 18:45 . 2008-01-06 20:18	<DIR>	d--------	C:\Programmi\a-squared Free
2008-01-06 17:22 . 2008-01-06 17:22	<DIR>	d--------	C:\Programmi\CCleaner
2008-01-06 03:48 . 2008-01-06 03:48	<DIR>	d--------	C:\Programmi\Trend Micro
2008-01-05 03:43 . 2008-01-05 03:43	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\dvdcss
2008-01-05 03:43 . 2008-01-05 03:43	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\ArcSoft
2008-01-04 13:21 . 2008-01-04 13:21	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-04 13:21 . 2008-01-04 13:21	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-04 02:58 . 2008-01-04 02:58	<DIR>	d--------	C:\Programmi\ArcSoft
2008-01-04 02:58 . 1995-07-31 13:44	212,480	--a------	C:\WINDOWS\PCDLIB32.DLL
2008-01-04 02:58 . 2001-12-05 17:59	21	--a------	C:\WINDOWS\PMK_setup.ini
2008-01-02 13:17 . 2008-01-02 13:17	994,243	--a------	C:\WINDOWS\system32\updater.dll
2007-12-25 16:12 . 2007-12-25 16:12	<DIR>	d--------	C:\Programmi\Convar
2007-12-25 16:12 . 2003-07-18 13:58	516,784	-ra------	C:\WINDOWS\system32\XceedCry.dll
2007-12-25 16:12 . 2002-02-28 09:46	217,088	--a------	C:\WINDOWS\system32\DartSock.dll
2007-12-25 16:12 . 2002-02-21 10:12	118,784	--a------	C:\WINDOWS\system32\DartWeb.dll
2007-12-25 16:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2007-12-25 16:12 . 1998-06-13 22:53	44,544	--a------	C:\WINDOWS\system32\Gif89.dll
2007-12-25 16:12 . 2002-04-12 13:19	28,672	--a------	C:\WINDOWS\system32\DartWeb.oca
2007-12-25 16:10 . 2007-12-25 16:11	<DIR>	d--------	C:\Programmi\Stellar Phoenix Recovery Suite
2007-12-24 18:52 . 2007-12-28 11:39	<DIR>	d--------	C:\Documents and Settings\utente\Dati applicazioni\muvee Technologies
2007-12-24 18:51 . 2007-12-24 18:51	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-24 18:46 . 2007-12-28 11:21	<DIR>	d--------	C:\Programmi\File comuni\muvee Technologies
2007-12-24 18:46 . 2006-08-30 07:10	158,456	---------	C:\WINDOWS\system32\pxwma.dll
2007-12-22 19:53 . 2007-12-28 11:24	79,280	--a------	C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-22 19:46 . 2007-12-22 19:46	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\UDL
2007-12-22 19:45 . 2008-01-04 16:44	<DIR>	d--------	C:\Programmi\ABBYY FineReader 6.0 Sprint
2007-12-22 19:39 . 2007-12-22 19:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\EPSON
2007-12-22 19:38 . 2004-08-03 23:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-22 19:38 . 2004-08-03 23:01	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-22 19:38 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-22 19:38 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-22 19:36 . 2007-12-22 19:46	<DIR>	d--------	C:\Programmi\epson
2007-12-22 19:36 . 2007-03-27 00:00	67,072	--a------	C:\WINDOWS\system32\escwiad.dll
2007-12-22 19:36 . 2007-12-22 19:36	25	--a------	C:\WINDOWS\CDE DX7400DEFGIPS.ini
2007-12-22 10:58 . 2007-12-28 11:38	<DIR>	d--------	C:\Programmi\muvee Technologies
2007-12-22 10:57 . 2007-12-22 10:57	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\muvee Technologies

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 05:05	---------	d-----w	C:\Programmi\MSN Messenger
2008-01-09 11:36	---------	d-----w	C:\Programmi\eMule
2008-01-08 17:00	---------	d-----w	C:\Programmi\File comuni\Logitech
2008-01-08 16:11	---------	d--h--w	C:\Programmi\InstallShield Installation Information
2008-01-08 15:47	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\Skype
2008-01-08 02:07	502,208	----a-w	C:\WINDOWS\system32\drivers\amon.sys
2008-01-08 02:07	270,336	----a-w	C:\WINDOWS\system32\imon.dll
2008-01-08 00:24	---------	d-----w	C:\Programmi\MessengerDiscovery
2008-01-08 00:23	---------	d-----w	C:\Programmi\QuickTime
2007-12-22 18:48	---------	d-----w	C:\Programmi\File comuni\InstallShield
2007-12-22 09:58	---------	d-----w	C:\Programmi\DivX
2007-12-11 17:40	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\Nokia Multimedia Player
2007-12-08 00:01	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\BitTorrent
2007-12-07 23:58	---------	d-----w	C:\Programmi\BitTorrent
2007-12-07 23:07	---------	d-----w	C:\Programmi\Virtual Earth 3D
2007-12-07 20:33	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\vlc
2007-12-07 20:31	---------	d-----w	C:\Programmi\DomPlayer
2007-12-07 20:28	---------	d-----w	C:\Programmi\VideoLAN
2007-12-06 23:08	---------	d-----w	C:\Programmi\MAXON
2007-12-03 22:19	---------	d-----w	C:\Programmi\onOne Software
2007-12-03 22:19	---------	d-----w	C:\Programmi\File comuni\onOne Software Shared
2007-12-02 23:30	---------	d-----w	C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2007-12-02 14:46	---------	d-----w	C:\Documents and Settings\utente\Dati applicazioni\Quark
2007-12-02 14:41	---------	d-----w	C:\Programmi\Quark
2007-12-01 18:14	---------	d-----w	C:\Programmi\StuffPlug3
2007-11-19 15:32	---------	d-----w	C:\Programmi\File comuni\Adobe
2007-11-19 15:32	---------	d-----w	C:\Programmi\Bonjour
2007-10-23 16:49	586,240	----a-w	C:\WINDOWS\WLXPGSS.SCR
.

(((((((((((((((((((((((((((((   snapshot@2008-01-09_ 1.55.24.82   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 00:59:17	295,606	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe
+ 2008-01-09 17:20:06	295,606	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe
- 2008-01-08 00:59:19	295,606	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-01-09 17:20:07	295,606	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_3D.exe
- 2008-01-08 00:59:18	295,606	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-01-09 17:20:07	295,606	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2008-01-08 00:59:18	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Distiller.exe
+ 2008-01-09 17:20:07	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Distiller.exe
- 2008-01-08 00:59:18	7,278	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-01-09 17:20:07	7,278	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2008-01-08 00:59:17	23,558	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-01-09 17:20:06	23,558	----a-r	C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2D6C0BC-9651-4532-A176-C19746C2D00B}]
			C:\WINDOWS\system32\ssqpq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2008-01-10 04:45 5674352]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 04:45 36864]
"eMuleAutoStart"="C:\Programmi\eMule\emule .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-12-21 11:29 7774208]
"nwiz"="nwiz.exe" [2006-12-21 11:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-12-21 11:29 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-10 04:45 620152]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-10 04:45 917504]
"Logitech Hardware Abstraction Layer"="C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE" [2008-01-10 04:45 94208]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2008-01-10 04:45 529968]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2008-01-10 04:45 244520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
C6 Messenger.lnk - C:\Programmi\C6 Messenger\c6Messenger.exe [2007-09-12 10:55:33]
Stardock ObjectDock.lnk - C:\Programmi\Stardock\ObjectDock\ObjectDock.exe [2007-08-08 03:58:50]
Yahoo! Widget Engine.lnk - C:\Programmi\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50]
Avvio veloce di Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2007-08-08 00:46:45]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-08 17:59:54]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2008-01-08 17:59:19]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 10:43:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\FILECO~1\Stardock\MCPStub.dll

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-10-10 09:00]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-08-23 01:08]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-01-07 18:26]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-07 17:52]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-10 02:38:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 06:05:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo 
Files nascosti: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes --------------------- 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-01-10  6:07:57 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-10 05:07:55

VIRTMUNDOBEGONE

Codice:

[01/10/2008, 6:29:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\utente\Desktop\VirtumundoBeGone.exe" )
[01/10/2008, 6:30:05] - Detected System Information:
[01/10/2008, 6:30:05] -  Windows Version: 5.1.2600, Service Pack 2
[01/10/2008, 6:30:05] -  Current Username: utente (Admin)
[01/10/2008, 6:30:05] -  Windows is in SAFE mode with Networking.
[01/10/2008, 6:30:05] - Searching for Browser Helper Objects:
[01/10/2008, 6:30:05] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[01/10/2008, 6:30:05] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/10/2008, 6:30:05] -  BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[01/10/2008, 6:30:05] -  BHO 4: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[01/10/2008, 6:30:05] -  BHO 5: {B2D6C0BC-9651-4532-A176-C19746C2D00B} ()
[01/10/2008, 6:30:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2008, 6:30:05] -  Checking for HKLM\...\Winlogon\Notify\ssqpq
[01/10/2008, 6:30:05] -  Key not found: HKLM\...\Winlogon\Notify\ssqpq, continuing.
[01/10/2008, 6:30:05] -  BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/10/2008, 6:30:05] -  BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2008, 6:30:05] - Finished Searching Browser Helper Objects
[01/10/2008, 6:30:05] - Finishing up...
[01/10/2008, 6:30:05] - Nothing found! Exiting...

è rientrato tutto vero?

aspetto notizie al più presto.

grazie mille.

ps aspetto notizie più che altro adesso per l'antivirus.

Arki_ · 10-01-2008, 11:00

ah...posso riaprire i programmi danneggiati dal virus?

tipo :

logitech desktop messenger (per le impostazioni di mouse e tastiera)

windows live mesenger

emule

e alcuni programmi di grafica...???

questi ultimi mi servirebbero adesso per lavorarci.

ho bisogno di sapere che aprendoli non infetto di nuovo qualcosa.

grazie ancora.

**Chill-Out** · 10-01-2008, 11:01

Il ripristino configurazione sistema è disattivato?

Hai fatto pulizia con Ccleaner?

trascina il file Log txt che ti ha rilasciato su RenV.exe riesegui e se ti chiede di riavviare fallo tranquillamente e posta qui il log dei risultati

Edit: per favore i log li hosti su www.zshare.net indicando il link dove prelevarli

Arki_ · 10-01-2008, 11:15

ciao chillout,

sì avevo già eseguito come ultima cosa un passaggio di ccleaner.

ho trascinato il log sun RenV.

ecco il risultato :

Codice:

Ran on 10/01/2008 - 12.11.07,93

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

tutto okay?

grazie.

**Chill-Out** · 10-01-2008, 11:24

Ti ho chiesto se il system restore è stato disabilitato è importante, adesso serve un nuovo log di HJT ed un nuovo log di Prevx CSI allegali secondo la modalità che ti ho indicato,thx.

Arki_ · 10-01-2008, 11:34

ho dimenticato.

si si il ripristino è disattivato da quando mi avete detto di farlo la prima volta.

circa 3 gg.

sapevo che non dovevo riattivarlo.

ma alla fine lo dovrò riattivare?

faccio le scansioni.

**Chill-Out** · 10-01-2008, 11:36

Quote:

Originariamente inviato da Arki_

ho dimenticato.

si si il ripristino è disattivato da quando mi avete detto di farlo la prima volta.

circa 3 gg.

sapevo che non dovevo riattivarlo.

ma alla fine lo dovrò riattivare?

faccio le scansioni.

quando avremo appurato che sei pulito

Arki_ · 10-01-2008, 11:42

ecco i log :

scusa per aver postato i precedenti direttamente nella pagina.

ora ho letto le nuove regole del forum.

1_hijackthis : http://www.zshare.net/download/63693752675d89/

2_prevx csi : http://www.zshare.net/download/6369430bd6bc8c/

come sono?!

grazie.

lancetta · 10-01-2008, 11:55

hum il nod mi sà che lo devi reinstallare ...vabbè vediamo dopo

in avenger metti questo script

Quote:

Files to delete:
C:\qyahpcra.bat

nulla di grave comunque

Arki_ · 10-01-2008, 12:05

ciao,

grazie per aver risposto.

ecco il log di avenger :

http://www.zshare.net/download/636993906913cd/

per il Nod32 è davvero come dici tu mi sa.

il fatto è che credo di aver installato una versione precedente su di una già più recente (quella che si era infettata credo).

e forse non riesce ad eseguire gli aggiornamenti.

provo a cercare una versione più nuova.

grazie.

attendo con ansia

lancetta · 10-01-2008, 12:11

Quote:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

penso che tu debba reinstallare anche messenger

vedi se funge

si adesso puoi usare i programmi
cancella tutti i backup dei tool
e anche per il futuro scaricati Superantispyware lo aggiorni e gli fai fare una "Perform complete scan" da "scan your computer"
ogni tanto

08-01-2008, 12:29	#21
murack83pa Bannato Iscritto dal: Oct 2007 Città: Palermo Messaggi: 4623	ti svelo un segreto: hijackthis nn è la sfera di cristallo...detto altrimenti,hijackthis nn è un programma che rileva le infezioni,almeno nn sempre: sarebbe stato meglio che postavi il log di prevx..... anche se lo scherzetto dell'antivirus è strano, segui la procedura di rimozione del vundo sei sicuro di avere seguito tutte le istruzioni? la procedura è complessa... questi passaggi preliminari li hai rispettati? 1) Disattivare ripristino configurazione di sistema: ● tasto destro del mouse sull'icona Risorse del Computer ● seleziona la voce Proprietà ● apri la scheda Ripristino configurazione di Sistema ● spunta la voce Disattiva ripristino configurazione di sistema ● conferma, la modifica, con Applica e, poi Ok 2)Avviare in modalità provvisoria: all'accensione del pc premere ripetutamente F8. Apparirà una schermata con vari tipi di avvio. voi selezionate modalità provvisoria. devi fare girare i programmi indicati secondo quel'ordine indcato dalla guida: tu hai usato solo vundofix e fixvundo, ma c sono altri programmi quindi, ricapitolando, devi fare le seguenti scansioni e postare qui tutti i log: VundoFix Download: http://www.atribune.org/public-beta/VundoFix.exe FixVundo Download: http://www.symantec.com/content/en/u...s/FixVundo.exe ComboFix Download: http://www.techsupportforum.com/sect...s/ComboFix.exe dopo che posti i log, aspetta indicazioni in tutto questo, xò nn so se il mod dirà di postarci nel 3d ufficiale o rimanere qui....tu intanto segui la guida e posta i log al termine di tutte le scansioni ciao edit: link aggiornato (bentornato chill..era da tanto che nn ti si vedeva!) Ultima modifica di murack83pa : 08-01-2008 alle 15:57.

08-01-2008, 15:44	#22
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	ComboFix lo scarichi da qui: http://download.bleepingcomputer.com/sUBs/ComboFix.exe __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier.

09-01-2008, 22:49	#25
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe scarica questo tool fallo girare ed aspetta istruzioni,ciao. __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier.

09-01-2008, 23:36	#27
lancetta Senior Member Iscritto dal: Feb 2007 Città: Salerno...... Messaggi: 3259	trascina il file Log txt che ti ha rilasciato su RenV.exe riesegui e se ti chiede di riavviare fallo tranquillamente e posta qui il log dei risultati __________________ Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA \| GUIDA:ShutdownTimer (Spegnimento auto pc) \| Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...

09-01-2008, 23:41	#28
Arki_ Member Iscritto dal: Aug 2007 Messaggi: 50	okay ci sono ho trascinato il file log che prima mi aveva creato sull'icona di RenV. è partito il programma di nuovo e mi ha rilasciato il seguente file : (non mi ha chiesto di riavviare) Codice: Ran on 10/01/2008 - 0.38.38,10 Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 sono qui e aspetto. grazie mille davvero.

10-01-2008, 11:00	#31
Arki_ Member Iscritto dal: Aug 2007 Messaggi: 50	domanda ah...posso riaprire i programmi danneggiati dal virus? tipo : logitech desktop messenger (per le impostazioni di mouse e tastiera) windows live mesenger emule e alcuni programmi di grafica...??? questi ultimi mi servirebbero adesso per lavorarci. ho bisogno di sapere che aprendoli non infetto di nuovo qualcosa. grazie ancora.

10-01-2008, 11:01	#32
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	Il ripristino configurazione sistema è disattivato? Hai fatto pulizia con Ccleaner? trascina il file Log txt che ti ha rilasciato su RenV.exe riesegui e se ti chiede di riavviare fallo tranquillamente e posta qui il log dei risultati Edit: per favore i log li hosti su www.zshare.net indicando il link dove prelevarli __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier.

10-01-2008, 11:15	#33
Arki_ Member Iscritto dal: Aug 2007 Messaggi: 50	fatto ciao chillout, sì avevo già eseguito come ultima cosa un passaggio di ccleaner. ho trascinato il log sun RenV. ecco il risultato : Codice: Ran on 10/01/2008 - 12.11.07,93 Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 tutto okay? grazie.

10-01-2008, 11:24	#34
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	Ti ho chiesto se il system restore è stato disabilitato è importante, adesso serve un nuovo log di HJT ed un nuovo log di Prevx CSI allegali secondo la modalità che ti ho indicato,thx. __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier. Ultima modifica di Chill-Out : 10-01-2008 alle 11:31.

10-01-2008, 11:34	#35
Arki_ Member Iscritto dal: Aug 2007 Messaggi: 50	scusa ho dimenticato. si si il ripristino è disattivato da quando mi avete detto di farlo la prima volta. circa 3 gg. sapevo che non dovevo riattivarlo. ma alla fine lo dovrò riattivare? faccio le scansioni.

10-01-2008, 11:42	#37
Arki_ Member Iscritto dal: Aug 2007 Messaggi: 50	eccoli ecco i log : scusa per aver postato i precedenti direttamente nella pagina. ora ho letto le nuove regole del forum. 1_hijackthis : http://www.zshare.net/download/63693752675d89/ 2_prevx csi : http://www.zshare.net/download/6369430bd6bc8c/ come sono?! grazie.

10-01-2008, 12:05	#39
Arki_ Member Iscritto dal: Aug 2007 Messaggi: 50	hey... ciao, grazie per aver risposto. ecco il log di avenger : http://www.zshare.net/download/636993906913cd/ per il Nod32 è davvero come dici tu mi sa. il fatto è che credo di aver installato una versione precedente su di una già più recente (quella che si era infettata credo). e forse non riesce ad eseguire gli aggiornamenti. provo a cercare una versione più nuova. grazie. attendo con ansia

Strumenti
Mostra una versione stampabile Invia questa pagina per email