[new] Guida alla disinfezione da Vundo / Virtumonde / Virtumondo / MS Juan

xcdegasp · 23-02-2009, 12:23

Guida alla disinfezione da Vundo / Virtumonde / Virtumondo / MS Juan

Premessa:
La guida si intende sotto Licenza Creative Commons

Virtumonde è un Trojan che fa comparire principalmente fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa, grossi rallentamenti del pc, sostituzione dello screensaver con uno che riproduce i crasch di sistema con schermate blu (BSOD), ecc..
E' correlato al Trojan horse WinFixer.

Caratteristiche dell'infezione:
Virtumonde attacca i sistemi operativi Microsoft Windows non aggiornati sfruttando falle di sicurezza presenti in Java e programmi di navigazione (browser come InternetExplorer, Opera e Firefox quest'ultimo senza estensione NoScript).
Virtumonde sfrutta BHO -assistenti del browser- infetti e DLL correlate a WinLogon ed Esplora risorse per questo risulta difficile da individuare nel task-manager di windows e dal firewall incluso in XP e Vista.

I sintomi della sua presenza all'interno del pc sono:

Comparsa improvvisa di fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa (come Sysprotect, Storage Protector, AntiSpyware Master, e WinFixer) o rappresentanti schermate di errore di Windows.
Cambio dello screensaver in modo da far comparire una riproduzione di una famosa schermata di errore di Windows, il BSOD.
Rallentamento generale delle prestazioni del sistema.
Attacchi del tipo Denial of Service ad alcuni siti, incluso Google.
Alcune versioni di questo Trojan fanno in modo che gli aggiornamenti Automatici di Windows vengano disattivati.
Alterazione dei privilegi di un utente del computer al fine di evitare l'installazione di software antivirus.

Esistono infinite versioni di questo Trojan e ognuna può risultare più o meno difficile da rimuovere.
fonte: http://en.wikipedia.org/wiki/Vundo

Procedura di Disinfezione:
Disattivate il ripristino di sistema fino a che non sarete stati completamente disinfestati:

Fare clic su Start-> Programmi->Accessori->Esplora risorse.
Fare clic con il pulsante destro del mouse sull'icona Risorse del computer e quindi su Proprietà.
Selezionare la scheda "Ripristino configurazione di sistema".
Selezionare la voce "Disattiva ripristino configurazione di sistema"
Premere OK. Verrà richiesto di confermare l'azione in quanto saranno eliminati tutti i punti di ripristino memorizzati. Confermare premendo SI.

_ metodo per Win-Vista:
Per attivare o disattivare Protezione sistema

Per aprire Sistema, fare clic sul pulsante StartImmagine del pulsante Start, scegliere Pannello di controllo, Sistema e manutenzione e quindi Sistema.
Nel riquadro sinistro fare clic su Protezione sistema. Autorizzazioni di amministratore necessarie Se viene chiesto di specificare una password di amministratore o di confermare, digitare la password o confermare.
Per disattivare Protezione sistema per un disco rigido, deselezionare la casella di controllo visualizzata accanto al disco e quindi fare clic su OK.

eventualmente non si potesse operare la disattivazione seguire questa guida per forzare la chiusura del ripristino di sistema.

Imposta i seguenti server dns ( guida per winXP | guida per Vista | guida per router ):
208.67.222.222
208.67.220.220

Scarica ed esegui ATF-Cleaner seguendo queste brevi indicazioni (non richiede installazione), prima chiudi tutte le finestre del browser:
nella finestra che si è aperta contrassegnare "Select All" e premere "Empty Selected", poi clickare sul menù "Firefox" e contrassegnare "Select All" e premere "Empty Selected", procedere quindi nello stesso modo anche nel menù "Opera" e infine premere "Empty Selected";

e procedi come qui elencato di seguito rispettandone l'ordine d'esecuzione, se questo non venisse rispettato è molto probabile che i risultati siano assolutamente incerti:

*** REGOLE di SEZIONE - obbligatoria la lettura!! ***
collega subito eventuali chiavette USB infette cosicchè vengano ripulite
Malwarebytes Anti-Malware -> info e download
dopo averlo installato è necessario aggiornarlo e solo dopo eseguire la scansione completa del sistema, è altresì richiesto eliminare tutti gli oggetti identificati e salvare il log della scansione (il file di log da allegare per il controlo si trova nel Tab "File di log").
scollegati da internet e dalla lan
ComboFix -> Download
Doppio click su combofix.exe e segui le istruzioni
Allegare il log C:\combofix.txt
N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire)
ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza
ricollegati a internet e alla lan mantenendo i dns impostati all'inizio della guida
F-Secure OnLine: eseguire una scansione via web con F-Secure OnLine Scanner (sia per 32bit che 64bit) -> guida
_ sistema alternativo: Kaspersky Virus Removal Tool guida e link al download
per snellire il log usare ParserLog -> info & download
gli oggetti individuati devono essere rimossi, verrà mantenuto un backup degli oggetti eliminati!
Prevx 3.0 -> download | guida (necessita di connessione internet)
a fine scansione eseguire una stampa del monitor o della finestra di Prevx e salvare il log ("options" -> "save a log file")
HiJackThis -> download
si raccomanda di scompattare HiJackThis in una directory esclusiva, quindi non sul desktop!
pubblicare tutti i log richiesti in questo thread e attendere assistenza

Trattamento Post Disinfezione
Una volta ripulito leggi bene il trattamento post disinfezione, ti aiuta a verificare la configurazione di sicurezza del tuo pc, aggiornare programmi vulnerabili obsoleti ed eliminare eventuali residui inutili dei programmi utilizzati nella guida.

Ringraziamenti:
si ringraziano Bugs Bunny, Chill-Out e Wjmat

elgigi87 · 23-02-2009, 14:29

Salve io ho un problema con le pubblicità e in particolare con ad.yieldmanager.

Con ad-aware sono riuscito a bloccare i pop-up ma non ad eliminare il problema, così ho provato tanti programmi di rimozione (Findykill, Malwarebytes', Spybot, spyware terminator, spyhunter...) ma l'unica cosa che fanno è quella di rimuovere i cookie senza eliminare il porblema alla base. Di conseguenza all'apertura di i.e. ad-aware mi segnala il blocco di altri pop-up.
A questo punto, non sapendo più cosa fare da solo, ho deciso di disturbarvi. Ho fatto una scansione con HijackThis e vi posto il log.

In attesa di una risposta, vi ringrazio anticipatamente

http://www.mediafire.com/download.php?mzdym4nqujd

**Chill-Out** · 23-02-2009, 14:33

Quote:

Originariamente inviato da elgigi87

Salve io ho un problema con le pubblicità e in particolare con ad.yieldmanager.

Con ad-aware sono riuscito a bloccare i pop-up ma non ad eliminare il problema, così ho provato tanti programmi di rimozione (Findykill, Malwarebytes', Spybot, spyware terminator, spyhunter...) ma l'unica cosa che fanno è quella di rimuovere i cookie senza eliminare il porblema alla base. Di conseguenza all'apertura di i.e. ad-aware mi segnala il blocco di altri pop-up.
A questo punto, non sapendo più cosa fare da solo, ho deciso di disturbarvi. Ho fatto una scansione con HijackThis e vi posto il log.

In attesa di una risposta, vi ringrazio anticipatamente

http://www.mediafire.com/download.php?mzdym4nqujd

Ciao segui passo passo la Guida indicato al Post#1 http://www.hwupgrade.it/forum/showpo...50&postcount=1

elgigi87 · 23-02-2009, 16:39

Ciao, ho seguito passo passo tutto ciò che è scritto nel primo post e ora carico i vari log...

1. Malwarebytes

http://www.mediafire.com/?hnzmqommndj

2.Combofix

http://www.mediafire.com/?zyyzzmgmnmv

3.PrevxCSI con stamp della schermata

http://www.mediafire.com/?zmmnenaymwo
http://www.mediafire.com/imageview.p...mwmdhj&thumb=5

4.HijackThis

http://www.mediafire.com/?1imnxm5qjwn

Attendo buone notizie....

**Chill-Out** · 23-02-2009, 16:52

Scarica Avenger da qui http://swandog46.geekstogo.com/avenger2/download.php scompatta l'archivio compresso, avvia Avenger copia ed incolla il seguente script nel box bianco

Quote:

Files to delete:
c:\programmi\uusee\uninstuusee.exe

clicca su Execute, al termine il Pc si dovrebbe riavviare se no riavvia tu manualmente ed allega il log che trovi in C:\Avenger.txt + nuovo log di Prevx CSI + nuovo log di HJT-> (con più applicazioni possibili chiuse, ma con Antivirus attivo)

NB: hai dimenticato la scansione con F-Secure

elgigi87 · 23-02-2009, 17:13

Fatto tutto. Il problema persiste, comunque posto i log

1.Avenger

http://www.mediafire.com/?dt0zjemtzyk

2. PrevxCSI

http://www.mediafire.com/?wcequntmztt

3. HJT

http://www.mediafire.com/?y3mjtm5uw4z

PS: ho dimenticato solo di salvare il log di F-Secure perchè non rischiesto nel primo post, però ho effettuato la scansione ed eliminato un paio di files

**Chill-Out** · 23-02-2009, 17:29

ad.yieldmanager è un Adware.tracking cookie hai fatto pulizia con ATF Cleaner come indicato in Guida? Se no procedi pure, successivamente apri IE - Strumenti - Opzioni controlla i seguenti settaggi:

Protezione: Medio-Alta
Privacy: Medio-Alta e attiva il Blocco Pop-Up

Per F-Secura nella Guida linkata nel primo post è indicato come salvare il log

elgigi87 · 23-02-2009, 17:38

Ho fatto pulizia con ATF Cleaner e impostato il blocco pop-up su i.e. ma solo grazie ad ad-aware riesco a bloccare realmente tali pop-up. La cosa che non capisco è : perchè prima non avevo sti problemi di pop-up, mentre ora devo necessitare di un software per il blocco pop-up? dove sta il problema? è possibile rimuoverlo?

**Chill-Out** · 23-02-2009, 17:49

Quote:

Originariamente inviato da elgigi87

Ho fatto pulizia con ATF Cleaner e impostato il blocco pop-up su i.e. ma solo grazie ad ad-aware riesco a bloccare realmente tali pop-up. La cosa che non capisco è : perchè prima non avevo sti problemi di pop-up, mentre ora devo necessitare di un software per il blocco pop-up? dove sta il problema? è possibile rimuoverlo?

Sul tuo PC c'erano tracce del Vundo e non solo, ma il problema ad.yieldmanager esula da questo discorso, evidentemente adesso stai navigando su siti dove girano gli advertisemets di yieldmanager ma questo non significa che tu sei infetto, la soluzione definitiva al problema consiste nel sostitutire IE con Firefox più relative estensioni nello specifico AdBlock Plus come indicato qui http://www.hwupgrade.it/forum/showthread.php?t=1726383

elgigi87 · 23-02-2009, 17:57

Grazie di tutto!! La soluzione firefox con le due estensioni già la conoscevo e la uso, purtroppo ci sono dei siti moooooooooolto legati a internet explorer e quindi sono costretto a farne uso.

Comunque il computer sembra andare un pò meglio grazie a tutte quelle pulizie che ogni tanto servono, per cui voglio ringraziarti nuovamente e alla prox!!!

**Chill-Out** · 23-02-2009, 18:00

Quote:

Originariamente inviato da elgigi87

Grazie di tutto!! La soluzione firefox con le due estensioni già la conoscevo e la uso, purtroppo ci sono dei siti moooooooooolto legati a internet explorer e quindi sono costretto a farne uso.

Comunque il computer sembra andare un pò meglio grazie a tutte quelle pulizie che ogni tanto servono, per cui voglio ringraziarti nuovamente e alla prox!!!

Prego di nulla, ti suggerisco di leggere attentamente la Guida linkata sopra dove troverai tutta una serie di consigli utili

Ciao

Darshee · 10-03-2009, 09:49

Ciao a tutti, domenica ho seguito la procedura del primo post e un riassunto del problema è qui.
Ieri, al primo riavvio dopo la disinfezione, sembrava tutto a posto, nel pomeriggio invece si son ripresentati alcuni problemi, in particolare non riesco a navigare neanche nel forum se ho il firewall attivato, ma con nuove scansioni non ho trovato traccia nè di virtumonde nè di nulla.

Scusate se non posto secondo le regole di sezione ma non riesco a caricare i log: al momento dell'upload, anche con il firewall disattivato, i caricamenti si bloccano.

Grazie in ogni caso

Log di MalwareBytes: pulito
Log diHijackthis (usato dopo combofix come prescitto nella guida): Secondo l'analizzatore qui è pulito. Posso fidarmi o è meglio pubblicarlo?
Log di Combofix (08/03/09):

**Chill-Out** · 12-03-2009, 19:16

Ciao mancano i log di F-Secure - Prevx CSI - HJT

Darshee · 13-03-2009, 18:47

(ho provato a mettere l'ultimo log di prevcsi ma sono 80 pagine di writer... come faccio? o cosa devo cercarci? Diceva che era pulito comunque...)

Ecco... in un primo momento avevo pensato che fossero alternativi (a parte HJT che riporto ora in fondo a questo post; in fondo aggiungo il log di prvxcsi di ieri). Ho fatto nuove scansioni, non avendo più trovato tracce di virtumonde ho usato la guida alla disinfezione più "generica"... Non ho individuato il problema, e anche se sapessi cosa crcare, non riesco a usare il “cerca” (si blocca il browser). Continuo in questo post a dire cosa sto facendo e trovando, perchè non so dove altro postare (e se sbaglio correggetemi e sposto, ma sto brancolando nel buio e non ho ancora una serie “completa” di log ordinatamente postabili perchè alcune scansioni si sono interrotte)

Ad ogni modo, l'esito finale è stato che il pc era pulito (anche da virtumonde), ma dei files infetti trovati non so, forse qualcuno resiste alla pulizia, dato che i passi della guida li ho fatti non una ma due volte perchè i problemi dopo 20' dal riavvio successivo si son ripresentati (Dopo un'ora la connessione risulta attiva, ma che di fatto non lo è: i browser non caricano le pagine, i client di messaggistica istantanea non si connettono... E per rivederli funzionare devo riavviare; dietro firewall certe pagine conjava non mi vengono caricate e si pianta Firefox).
Dopo entrambe le serie di scansioni il pc risultava pulito, ma durante entrambe le scansioni sono stati rilevati alcuni elementi definiti a rischio alto e medio.

Nella prima scansione ho avuto problemi con gmer (forse non ho fatto la scansione come andava fatta o ho cambiato qualche impostazione, dato che alla fine non ho trovato come salvare il log)

Nella seconda ho avuto problemi con doctor web: arrivato a circa l'80% si è interrotto, così ho selezionato manualmente il restante 20%, ma si èinterrotto di nuovo. Come report ho solo l'ultimo (metto la sintesi: non posso uploadare files e il txt è una lunghissima serie di ok...)

Codice:

-----------------------------------------------------------------------------
Statistiche delle Scansioni
-----------------------------------------------------------------------------
Oggetti controllati: 144814
Trovati oggetti Infetti: 0
Trovato Oggetti modificati: 0
Trovato oggetti Sospetti: 1
Trovato Adware: 0
Trovato Dialer: 0
Trovato Joke: 0
Trovato Riskware: 0
Trovato Hacktool: 0
Oggetti curati: 0
Oggetti cancellati: 0
Oggetti rinominati: 0
Oggetti spostati: 0
Oggetti ignorati: 0
Velocità di scansione: 185 Kb/s
Durata scansione: 01:28:55
-----------------------------------------------------------------------------

Il file sospetto:

Codice:

C:\System Volume Information\_restore{10521D4F-3A06-406D-AA41-2924811E337A}\RP38\A0004584.bat probabile infezione da BATCH.Virus

E nella finestra del programma c'era accanto la scritta:

Codice:

Azione: "percorso non valido per il file"

Codice:

A0008440.exe
ComboFix.exe
descript.ion
VirtumundoBeGone.exe

Codice:

C:\System Volume Information\_restore{10521D4F-3A06-406D-AA41-2924811E337A}\RP38\A0004584.bat probabile infezione da BATCH.Virus

HJT (subito dopo la pulizia di virtumonde)

Codice:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
C:\Programmi\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Programmi\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\Me\Desktop\procexp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Me\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1235497799500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1235497747468
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF95B55F-7C13-482F-A88B-CDC7A7DDFCAB}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Programmi\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Programmi\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7705 bytes

Darshee · 13-03-2009, 18:51

1

Prevxcsi (ieri, dopo una precedente serie di scansioni che non avevano rilevato traccia di virtumonde)

Codice:

Prevx Scan Log - Version v3.0.1.17
Log Generated: 12/3/2009 22:48, Type: 0,0
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1040
Some non-malicious files are not included in this log.

Last Scan: Thu 2009-03-12 22:41:57 ora solare Europa occidentale. Number of Scans: 1. Last Scan Duration: 6 minutes 50 seconds.
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\shellext.dll	[PX5: 9F87E5D200E4041195EA020384BB840020028FB0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\introspection.uno.dll	[PX5: 76EC33D800788EE682D201D7BEC77600341A17C8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\hyphenmi.dll	[PX5: 575EDE2C00FFCD57002C016DCDFE9000A55BD7C9]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\i18npool.uno.dll	[PX5: 59BB112D003D512B2C1B12E276A804005D2FCF1A]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll	[PX5: A6723A9CF835FD7B772702DDCD2F5C002F24318F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libxmlsec.dll	[PX5: B69FD3D200664A0B8CC704D83CB2BA003A1096D0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\icuin36.dll	[PX5: 3170EA3700E796BB84A90C88BF689C00A8C837CF]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ldapbe2.uno.dll	[PX5: E57DEE8900CB6A01489501EF0BE38600E4EC950D]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\lngmi.dll	[PX5: F531DD3500B2A1CF42210DE372448B00FA0D4171]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\lnthmi.dll	[PX5: EBDEE7B3002463A9F0AE00AFCE798E007E6A8365]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\localedata_en.dll	[PX5: 950C6F2D00903D7398EB01A462D59A002B12D4EA]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\localedata_euro.dll	[PX5: ABE0D5BA003480CFBA7709D1B2DF0700E4F44CE2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\saxmi.dll	[PX5: 35DA1FE600505A9668DD00C9EEA6E300FC299B69]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sbmi.dll	[PX5: 4158D947006A7F4D1007148988684C007700B22A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\spellmi.dll	[PX5: 8F81AE5400D1DABA2AED0209C57B2F00237378F5]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\splmi.dll	[PX5: D504420D009B809A42F602925D08CE00784B3229]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\srtrs1.dll	[PX5: B1D6891E00BF90EB6A2A010D594D5B00446580DD]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svtmisc.uno.dll	[PX5: 6B9B2A3D007B94E454CB01FA3DFC74001B0D1D36]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svxmi.dll	[PX5: FB3B4247000B4BA542518BB190BBD6001CD84A1E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\swdmi.dll	[PX5: 596AA83F006AEBE8D4020049C5BD930080076F29]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\swmi.dll	[PX5: A563D3D400B7113F0A04773579EFB10065DAF4E6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\mcnttype.dll	[PX5: 8D7890F00052D7B4849600AA524F0400731A9868]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sysdtrans.dll	[PX5: 5CEEF6C10034A830A2E601C2A529A400609274E6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xstor.dll	[PX5: DD76CAF2003D3795A8CD0320482F660080C55CDD]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\oleautobridge.uno.dll	[PX5: 522CC60300EF745B489A040F8CFB94006E904EE2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucpchelp1.dll	[PX5: AA96641D0012D4587A8003CD04EDC5004CF08EEE]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\unoxmlmi.dll	[PX5: 0F066CBF00BD23BF3AA6043B5C5BD60004293110]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\updatefeed.uno.dll	[PX5: 2EA03D35000590AB303601DFB2E386007DDECEF2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\updchk.uno.dll	[PX5: 4E4A865400A567F78EC0022E1AE75100189B0AD0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xmlsecurity.dll	[PX5: E7D31C6D0095064F169703FC4F42B900FE0172B2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xomi.dll	[PX5: B0DC30BE0059BF5394462B09B8CEA8006B7737A5]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\jvmaccess3msc.dll	[PX5: 9C644B4600BD29A2648600AF2950EB00B47C30DE]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\reflection.uno.dll	[PX5: 99F3166700028FB7864101BE3F214E009A37078B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\emsermi.dll	[PX5: 4D33662F00EFBC5846B4020E1CD80D00A93C506F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\avmediami.dll	[PX5: CE84089A00B1810210F40332A2F2B600180D0529]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\behelper.uno.dll	[PX5: A0208416000499987A3200D374AE9C00EEFC040F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fsstorage.uno.dll	[PX5: 86F9699000628A9E70CB017172E7F500081D99B9]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ftransl.dll	[PX5: E24C3EF90091C9D1C62400A7FE29250012275F51]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwkmi.dll	[PX5: FA470FEC009DF493F0A01BDB933D2E00F256DD62]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwlmi.dll	[PX5: 0AF88B0400E88559A050010ACE8A91008F5BD8CB]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\gomi.dll	[PX5: FD2B10FA004492EACACB05384A37F8004932166A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\dnd.dll	[PX5: 0998972B00180D0CC27A01240D39D7000D6968A8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fileacc.dll	[PX5: 8401D47900ED3BE7CC6300EB6D2EFC00A62DF551]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libcurl.dll	[PX5: A7EFF4E700DF8997D647014B1FB58500FD088D73]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\nsldap32v50.dll	[PX5: 741D495100306B222031020213C450004530A26E]
[u] (ACTIVE) c:\documents and settings\me\desktop\infezioni\disinfezione generale e mantenimento\disinfezione\sysinspector.exe	[PX5: 54E40A55007BC784F5C83AE168ADA800008BB14C]
[u] (ACTIVE) c:\programmi\malwarebytes' anti-malware\mbamext.dll	[PX5: 2636393D903EDB421E1701B5D563E600F46C31CB]
[u] (ACTIVE) c:\programmi\winrar\rarext.dll	[PX5: 8EE15AF400B495D8E8850170EE425700E609FDA5]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\jmi_g.dll	[PX5: 53EC08CD00768C08807600ABE84B5300492543E6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libtextcat.dll	[PX5: A670676D00409FA73A7F00F4CE6C5E00B924F918]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\localebe1.uno.dll	[PX5: 9F3A02C7005D2D3D76B8007FCA6E9E000E9A8B37]
[u] (ACTIVE) c:\windows\system32\schannel.dll	[PX5: F4C0CC2500944D8936B3021322767A001C7539B3]
[u] (ACTIVE) c:\windows\system32\hidphone.tsp	[PX5: 821EA24B00C1441976DD00A764C7AC00A85C281E]
[u] (ACTIVE) c:\windows\system32\ntlsapi.dll	[PX5: F1D0A44F006C52E520B8003B3C2E0700A5D093EA]
[u] (ACTIVE) c:\windows\system32\shdoclc.dll	[PX5: C5AE1F2F0024C961A44F0877DE811700A23B28BB]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\uuimi.dll	[PX5: B1F5447C001464E3A61402A4BE90F300F0D55C97]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\filterconfig1.dll	[PX5: 0A1476BD00D6D292DC8F0225A0BFF4005D3CCD4F]
[u] (ACTIVE) c:\windows\system32\l3codeca.acm	[PX5: BD6FA9CA00B4F05D702C042DD7B42E0055A9F388]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\uwinapi.dll	[PX5: C672923000B274005011019F449F4000D6CC0314]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sofficeapp.dll	[PX5: 54D6514A003AE4500CB005B7A4D66800D1E29739]
[u] (ACTIVE) c:\windows\system32\drprov.dll	[PX5: 89B05BA400A6D21F388300BA87CCCF0071EEB8F6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\sal3.dll	[PX5: 57117890000E14B16EBC1AE22338C500651D06CE]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\comphelp4msc.dll	[PX5: 82A62AB6009A84AE46B60ED85C9F89005D7B04B0]
[u] (ACTIVE) c:\windows\system32\ntlanman.dll	[PX5: 9CC253FC00583DE9ACBC00C4FECB77008FDDE406]
[u] (ACTIVE) c:\windows\system32\netui0.dll	[PX5: 4555176600BF8DF6409F01E0599C810088147455]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\cppuhelper3msc.dll	[PX5: 3C881CD400D57739948C06C6C0C80C009C0B3D36]
[u] (ACTIVE) c:\windows\system32\netui1.dll	[PX5: 6BB9930500D0F90EC0BA038251212B00372F3347]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\salhelper3msc.dll	[PX5: 6E16F39500AD28963661003B3C2E0700B580D64E]
[u] (ACTIVE) c:\windows\system32\davclnt.dll	[PX5: A962084F0067018764C0006CE62BFE002167E5D3]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\cppu3.dll	[PX5: B58F2902003922963018026B34870900B81276B2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\stlport_vc7145.dll	[PX5: 497C2DCF0081828E1ABD099E8EA2FA00251D49C2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucbhelper4msc.dll	[PX5: 4C35538800724CFA728605C631527D003A51F094]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\vos3msc.dll	[PX5: 5872882000892EA7706E014CDBC773005FDB9965]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\i18nisolang1msc.dll	[PX5: 435759D200B6EE7E60D90027FAAAF200FE82A7B0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwemi.dll	[PX5: 569851230038D4B3E0540C7C0C3E690010312B04]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwimi.dll	[PX5: 3ABD5EDE00F8634390140476952795005DB10D90]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\utlmi.dll	[PX5: 036D666A00A17152184D0750AF3D11003F4FED4E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\soffice.bin	[PX5: A48ADB810093907232C6713C106B4D00750362DC]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sfxmi.dll	[PX5: 5721773300000C0B3A032E7C604EE700368A55F8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\tlmi.dll	[PX5: 5AFB018300D812B8C8CA07123FDFDF0059805C82]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\basegfxmi.dll	[PX5: DF5C910900A43EC6661B067620BC1900BFA69BF3]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sotmi.dll	[PX5: 9BFBC03E007A8595EC6E03A7ED0EA8005108FF91]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\icuuc36.dll	[PX5: 028C98D800FB772F7EFF0DA4EC2EC800B89E32EF]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\vclmi.dll	[PX5: 370C6C78009715578EAF2EE6B237DE009862B36B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svlmi.dll	[PX5: AC205DDB000F90AC40A60B02EBE26C000C80C981]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\icudt36l.dll	[PX5: D6A19AB6008E0F44F26B9A0B1EBC190052533B2E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svtmi.dll	[PX5: 6C6341580060E80C10D52BD10F533E00D090E9AB]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\i18nutilmsc.dll	[PX5: 4AF5959F005819120617013418C5EC00C4F21F95]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\jvmfwk3.dll	[PX5: FB4FCDE300A2167C5CB401A4EDAE2100B32C29A2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\tkmi.dll	[PX5: 2DD3FBB50042FCEFD09D16AA000CF900A51E4718]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\libxml2.dll	[PX5: 5E2115040088CD21CCB10E058E241E002E57A99B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\deploymentmiscmi.dll	[PX5: CE8286D600AA49AA82660175F5FA5B0091773A83]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libdb42.dll	[PX5: 4B53529D00AFE042429E08D58755CD0070A62A0F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xcrmi.dll	[PX5: B0035750004A8BA30CDE088C62B8A7005EAC32E8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\bootstrap.uno.dll	[PX5: B1EDBF4E00C3616AF40706DE3E9D5400B6129C55]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\reg3.dll	[PX5: 83EC2AC700021A018EAA01BD8CED6D00A8764B7D]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\store3.dll	[PX5: F4AB577B00BE8F47329A010CA21B74007C9D07B4]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\msci_uno.dll	[PX5: 2D852A9500F6E317CC2F003DD5677600DD72E42C]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\unsafe_uno_uno.dll	[PX5: 7970D7520079768832DE003B3C2E07002D893C4B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\purpenvhelper3msc.dll	[PX5: 18D43B560037CDC648F700D4E67B0A006FB7D6F7]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucb1.dll	[PX5: D4D750150035AD2904180370D608E8003EDA1631]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\stocservices.uno.dll	[PX5: 0D07CACE0031B9246AAE01B4997246007274DF56]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sysmgr1.uno.dll	[PX5: 3C1CCF950043B4B79454001969F815003A9E363A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sax.uno.dll	[PX5: 2BEA88CA00A4ED801866028251A09000D584F209]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\configmgr2.uno.dll	[PX5: 5B9AC9D900914B3598DA16D9787973002AE222B6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\deploymentmi.uno.dll	[PX5: 43066BD500AC5B2B5AFC06B62FF9D3004238B3FD]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\helplinkermi.dll	[PX5: 6D6C381300CBD3DE06A0024A2603B8007B86613F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libxslt.dll	[PX5: 0DD732C4005A185A865C02A7C6026A00778187FC]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucpfile1.dll	[PX5: 300873610026CCCCBECE0330B8C1550061B24CD1]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\package2.dll	[PX5: 99A6774400C3DC19CA54037255A59A0082CDDA24]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll	[PX5: 4CBC19FB0092A5A476A30522BAD957002B8B558A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\shlxthdl\stlport_vc7145.dll	[PX5: 497C2DCF0081828E1ABD099E8EA2FA00251D49C2]
[u] (ACTIVE) c:\windows\system32\wmpshell.dll	[PX5: A257F2F40064E0C786EE01FC6369D9002CF4EA3F]
[u] (ACTIVE) c:\programmi\file comuni\adobe\acrobat\activex\pdfshell.dll	[PX5: 170D444058498696C50E05D5753D2A008C5B595D]
[UP] (ACTIVE) c:\documents and settings\me\desktop\infezioni\disinfezione generale e mantenimento\disinfezione\gmer.exe	[PX5: BFABD0E100210E775A550404EE3BDC00CB5080AA]
[u] (ACTIVE) c:\windows\system32\wzcdlg.dll	[PX5: 64EACF0000F75E1CDCD305D38DB1C500FC7B10D7]
[u] (ACTIVE) c:\windows\system32\browselc.dll	[PX5: FC0AA3D9000AF28B0C07019A1B617D0085F90223]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\guesslangmi.dll	[PX5: 4B5F5F310016AE8790FA00610EAF7F008FEAB2BA]
[u] (ACTIVE) c:\windows\system32\msdmo.dll	[PX5: 1055714100D3A76538FB00E1526F6E00F6B80AB4]
[u] (ACTIVE) c:\windows\system32\dxmasf.dll	[PX5: 711CC07736D3ADB99E3C079FBEFB4100C205D113]
[u] (ACTIVE) c:\windows\system32\drmclien.dll	[PX5: 9B8BAE0D00F2C409923904C4AAB47E00D2FED44E]
[u] (ACTIVE) c:\programmi\lavasoft\ad-aware\shellext.dll	[PX5: A6B44FE96095AA8941FC016F791007009FB6EDE1]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucpexpand1.uno.dll	[PX5: 2DC0A257001A4C0A60AF00739373410001B7DC18]
[u] (ACTIVE) c:\windows\system32\csrsrv.dll	[PX5: 0E9D22D000D50DA27ED10041A4CA360072502193]
[u] (ACTIVE) c:\windows\system32\basesrv.dll	[PX5: DCDCEC17002BFF57CEE000864E966200A98AE204]
[u] (ACTIVE) c:\windows\system32\winsrv.dll	[PX5: BC9D81C9004F7D727C180406A252F7004E16F2BF]
[u] (ACTIVE) c:\windows\system32\authz.dll	[PX5: 643161B900676DC7F465009F20FAD4003F802E04]
[u] (ACTIVE) c:\windows\system32\nddeapi.dll	[PX5: E3CC6FCF000B040D48CD0002111984006B169FA5]
[u] (ACTIVE) c:\windows\system32\profmap.dll	[PX5: 0F402C6F00D880896C3600CA3A46D50037176D54]
[u] (ACTIVE) c:\windows\system32\regapi.dll	[PX5: 6B204D3500E5B3DBC2230058FCF24300FAEFC21A]
[u] (ACTIVE) c:\windows\system32\sfc.dll	[PX5: 9B3DB624004DA8C7149A004526F09B00E5C80068]
[u] (ACTIVE) c:\windows\system32\sfc_os.dll	[PX5: 5B46691300DAE27326CC02CA0CDC6C008E400438]
[u] (ACTIVE) c:\windows\system32\lsasrv.dll	[PX5: 49DDAA230034694C32000B27B76F150015D1141E]
[u] (ACTIVE) c:\windows\system32\ncobjapi.dll	[PX5: 1C74616800B64F358E8100815E99CC0098673985]
[u] (ACTIVE) c:\windows\system32\ntdsapi.dll	[PX5: 69419B890000E2FA06B101585F18620000097791]
[u] (ACTIVE) c:\windows\system32\scesrv.dll	[PX5: 767E00540005E759005F055D41E6A70089C6748E]
[u] (ACTIVE) c:\windows\system32\umpnpmgr.dll	[PX5: 2B3CB7DA00CD9457E83C01BA0719BB00F5193AD9]
[u] (ACTIVE) c:\windows\system32\samsrv.dll	[PX5: CC0CD197007F92B78E5606A339F1E200AD2F5EDA]
[u] (ACTIVE) c:\windows\system32\cryptdll.dll	[PX5: 6568164A00471B5082A80086BAA40B0093D07D2E]
[u] (ACTIVE) c:\windows\apppatch\acadproc.dll	[PX5: C8E9D54D00745F789AE800142F4B3D00FFC4FAE0]
[u] (ACTIVE) c:\windows\system32\msprivs.dll	[PX5: 10CAD90A00073085BC3600D4B298BF0006BB0264]
[u] (ACTIVE) c:\windows\system32\kerberos.dll	[PX5: 5970FBC700BE1D0D9228045EA02DB500B2998B02]
[u] (ACTIVE) c:\windows\system32\netlogon.dll	[PX5: F9A106A6001D9AF036A706354A2C1D00D42CE57B]
[u] (ACTIVE) c:\windows\system32\wdigest.dll	[PX5: 4387A20000361F60C00C00B7E4253900EB383ED7]
[u] (ACTIVE) c:\windows\system32\winscard.dll	[PX5: FC942A4B0038778B846A011ECBF6F300077F2035]
[u] (ACTIVE) c:\windows\system32\eventlog.dll	[PX5: 1729B0A200BA2375DC74007BBE4EA800967FCDB1]
[u] (ACTIVE) c:\windows\system32\duser.dll	[PX5: 23B132AD000B879AA41304E37D44DE00667DDED0]
[u] (ACTIVE) c:\windows\system32\wmi.dll	[PX5: EEC3E00D0018DA22163F00F942A73D00521421C1]
[u] (ACTIVE) c:\windows\system32\eapolqec.dll	[PX5: 3755D5060093573C7A6A006CBB8D7000AC208F93]
[u] (ACTIVE) c:\windows\system32\qutil.dll	[PX5: C7A9796F00CCD9F42C88016B387700003BA60A5B]
[u] (ACTIVE) c:\windows\system32\dot3api.dll	[PX5: 0F30A0DC003719F366F4000A5C661A0033093F8D]
[u] (ACTIVE) c:\windows\system32\mprapi.dll	[PX5: AD7830DD00DC05C1548501D46231C100DDB1AFA7]
[u] (ACTIVE) c:\windows\system32\activeds.dll	[PX5: 0D73259D00DC016AF47A02BD2C239E00191AFCE5]
[u] (ACTIVE) c:\windows\system32\adsldpc.dll	[PX5: 2A7F0E040008FCEE30D50231EE1630004262704F]
[u] (ACTIVE) c:\windows\system32\credui.dll	[PX5: 57E295F90039577A82D4026AB3E3C800532521FD]
[u] (ACTIVE) c:\windows\system32\dot3dlg.dll	[PX5: C5D6F04C000F161A24E700DE440E5B004E209E31]
[u] (ACTIVE) c:\windows\system32\onex.dll	[PX5: 2BE54E070054CAD936C10254CDA5B000F874B012]
[u] (ACTIVE) c:\windows\system32\eappcfg.dll	[PX5: D04B08F0005150ACF07A01DA3DDA0500AD0BA71D]
[u] (ACTIVE) c:\windows\system32\netshell.dll	[PX5: 5920261800C75B3A26991AA49781ED00FD71087F]
[u] (ACTIVE) c:\windows\system32\eappprxy.dll	[PX5: 5091209C00B60D41A063005B1D6C48009F0953D6]
[u] (ACTIVE) c:\windows\system32\wzcsapi.dll	[PX5: 626ACAA5007EAF39CEFC00F785D62400BD9EE315]
[u] (ACTIVE) c:\windows\system32\msidle.dll	[PX5: F5E2BB25004ED55B1AA200D8C3344B00DD6DA31D]
[u] (ACTIVE) c:\windows\system32\wbem\wbemprox.dll	[PX5: DDD411AE00AE907F4A450018BBC4C70070D63DA1]
[u] (ACTIVE) c:\windows\system32\wbem\wbemcomn.dll	[PX5: 90BB2A00003E7DAB464A03A1AA30CA00B7BE2BAA]
[u] (ACTIVE) c:\windows\system32\certcli.dll	[PX5: 0ABE262A00259892009B031021A16100C0D18937]
[u] (ACTIVE) c:\windows\system32\actxprxy.dll	[PX5: 31AF9F5E0039EE54803601F681F7E700D2F2DBEF]
[u] (ACTIVE) c:\windows\system32\msutb.dll	[PX5: 8F03A42C007E95A5FCD702BAD6A1F500B46493BF]
[u] (ACTIVE) c:\windows\system32\linkinfo.dll	[PX5: 6FEAFA9C005DD1A14E4500A7AB34AE00D05E37AC]
[u] (ACTIVE) c:\windows\system32\pdh.dll	[PX5: A94958AE0025C9435EE704D9DE505F00D1923E2F]
[u] (ACTIVE) c:\windows\system32\odbcbcp.dll	[PX5: 892A6EFF006840EC609200BEE506EA00C95CE674]
[u] (ACTIVE) c:\windows\system32\ipsecsvc.dll	[PX5: 3232DDAC006BAB6FD23F0261AFA98D00202300FF]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\msvcp71.dll	[PX5: F133D4F000B92F08A0E107FD67B66E0015498C05]
[u] (ACTIVE) c:\windows\system32\oakley.dll	[PX5: 4C81D371004972C4248C04767CAA8500205A4216]
[u] (ACTIVE) c:\windows\system32\msxml3.dll	[PX5: DE8EF42C000D874CE47C10B82C506B00CECFF0D2]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\msvcr71.dll	[PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7]
[u] (ACTIVE) c:\windows\system32\winipsec.dll	[PX5: CFB55AEA008182E47EAA00A44BC788000E40678C]
[u] (ACTIVE) c:\windows\system32\pstorsvc.dll	[PX5: 22C386090028D02F860B006EFCACC1009F19E17C]
[u] (ACTIVE) c:\windows\system32\psbase.dll	[PX5: E172641E00AE2F5580B301D5E9B97900DDED954D]
[u] (ACTIVE) c:\windows\system32\dssenh.dll	[PX5: 852136D500ADC2641E2C02C25D98CE00E20035FE]
[u] (ACTIVE) c:\windows\system32\mfc42u.dll	[PX5: 74A4697B00B6ECC7FB5E0E2428CECF00BE23B318]
[u] (ACTIVE) c:\windows\system32\msdtcprx.dll	[PX5: EF744FF0005F998A840806CCA27CB700887DFAAD]
[u] (ACTIVE) c:\windows\system32\mtxclu.dll	[PX5: A9EB14E800E4F1DB049F0148F759CE006B69348E]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\kticonv.dll	[PX5: 16784D41003119EC90C00DB5131863001563EAD6]
[u] (ACTIVE) c:\windows\system32\upnp.dll	[PX5: E144CA6900A38FFD0AC00202E8E8690034DAB1D4]
[u] (ACTIVE) c:\windows\system32\ssdpapi.dll	[PX5: BC5D352100D64581882B006103745600376CC802]
[u] (ACTIVE) c:\windows\system32\mfc42loc.dll	[PX5: 50EC1EAC0042F609E0B8000596D265006CAB3F5E]
[u] (ACTIVE) c:\windows\system32\clusapi.dll	[PX5: EFDC38D70034534BE4A9009BD1249B003AFDD116]
[u] (ACTIVE) c:\windows\system32\resutils.dll	[PX5: A0D62CBC0056FF5CE622001F93C5B40099E19AB9]
[u] (ACTIVE) c:\windows\system32\webcheck.dll	[PX5: 2B157D1E00AFC4C590FE0345C862BF00C3C9AEE2]
[u] (ACTIVE) c:\windows\system32\wpdshserviceobj.dll	[PX5: 7176B495005E12B50A520234E7E1AF00FB8DD268]
[u] (ACTIVE) c:\windows\system32\stobject.dll	[PX5: 45963CB7003D6544DE84014DA54C1A002C52614B]
[u] (ACTIVE) c:\windows\system32\batmeter.dll	[PX5: 945E3F540037700272AC00CA94CB2900B0DF9171]
[u] (ACTIVE) c:\windows\system32\msi.dll	[PX5: 5E723F4A008F80A262032B270B9C1B00BA5944F5]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll	[PX5: 4A2EABCA00EEEF38AEDF10453CA10400EACE2231]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\pocofoundation.dll	[PX5: 4DA8B894004EDB5D1EDD0D83BCA3C600ACFE9076]
[u] (ACTIVE) c:\windows\system32\portabledevicetypes.dll	[PX5: 79585FF4007031758CF802904E46EE00DF2F75D4]
[u] (ACTIVE) c:\windows\system32\portabledeviceapi.dll	[PX5: 413BE4C6002C530256CD0467F46CFA0079ACDAE6]
[u] (ACTIVE) c:\windows\system32\traffic.dll	[PX5: AE0C2A5200F668ED7A56003B43DDFF0009AD94AC]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ita.dll	[PX5: C74297D100D4EC3FF0EE006709492A00060E5B2C]
[u] (ACTIVE) c:\windows\system32\netcfgx.dll	[PX5: E18F844600CD212F9E8109C147D51400258E0E9A]
[u] (ACTIVE) c:\windows\system32\spoolss.dll	[PX5: 7D74C5B80083DB872630017C46871B0088FF7ECE]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\pocoxml.dll	[PX5: 3AF2556200640D642C740791F12695000338CC3D]
[u] (ACTIVE) c:\windows\system32\localspl.dll	[PX5: F7F37B6000116B4D443505C2D00055002F4AD286]
[u] (ACTIVE) c:\windows\system32\adobepdf.dll	[PX5: 9246BB0F50E2DC5CB18B006DA2326800F203DF0A]
[u] (ACTIVE) c:\windows\system32\cnbjmon.dll	[PX5: AC0A61BF00C13C76C238009F710B75006122DBA9]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\pocoext.dll	[PX5: F96D5BEE00DD3F464828003EB2853700A2DEB18A]
[u] (ACTIVE) c:\windows\system32\pjlmon.dll	[PX5: B89593A60027901C3C3900D39AA4C900E74DCF08]
[u] (ACTIVE) c:\windows\system32\oledlg.dll	[PX5: E390E71B00606745E85301646E826B001CB6AD89]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\libeay32.dll	[PX5: 5BD1F9CE003F6342A0290C1C3DA9080007283986]
[u] (ACTIVE) c:\windows\system32\tcpmon.dll	[PX5: E45C6E2F002C2E3FB4D700587ACBD300A8381876]
[u] (ACTIVE) c:\windows\system32\usbmon.dll	[PX5: 971C113D0090645242A2001FC9FD440095F73A2D]
[u] (ACTIVE) c:\windows\system32\win32spl.dll	[PX5: 126D0FEE00ED582D92B5016F932ACB00A56B9613]
[u] (ACTIVE) c:\windows\system32\netrap.dll	[PX5: F8F41D8C002000852E2C00B32DAB9200950EF9F1]
[u] (ACTIVE) c:\windows\system32\inetpp.dll	[PX5: 0759BCEE009D287026D101E2A2A51D0088E9C74E]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnscan.dll	[PX5: 9E7FC1D300CC60C065F3022A9DF754006D1E3742]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnamon.dll	[PX5: C1105A37002DB828156D02AFD406FD0087730E1E]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\ssleay32.dll	[PX5: 20478D2E00C7AFE26003027A207C8C00F74C05D5]
[u] (ACTIVE) c:\windows\system32\utildll.dll	[PX5: 1D523D80001DF1C066F30000C6A46100D1C3CF87]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnemon.dll	[PX5: FD35D4BA00431F36958301CA96F7F60072677EC2]
[u] (ACTIVE) c:\programmi\sagem\sagem f@st 800-840\languages\italian.dll	[PX5: 88CC2F9E009D188F70180160F90DE100838596A5]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\curllib.dll	[PX5: C98F4C5C00092FC8709904C7BA1354008A1CA3BB]
[u] (ACTIVE) c:\windows\system32\loadperf.dll	[PX5: 27E71D310093970786FD012901E883008E89B8C2]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnepfw.dll	[PX5: CE6BEB2400D84DB1F5F80389B4B70300CC17D27D]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbpfwsc.dll	[PX5: D623B96A28A4150C354E01CD9CC1C800FE4F50BD]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\dbghelp\dbghelp.dll	[PX5: D6A2407A00594DF7AC000BB32142390035C06BE4]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnupdate.dll	[PX5: BD4DB856008DF716257902654AA444006D8541BE]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\updater.dll	[PX5: A346AED90094F4C4A5E702B364AFCD008BD0E92E]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbfwe.dll	[PX5: 9127FBC828F93004355404BA3F9B3E0074E8CA65]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnmailplugins.dll	[PX5: 56D491B9001390889570016B08871900138DBF1B]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbfw.dll	[PX5: 041EEDD6281D101575E201ADF0D61100AF0F0A49]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbfwim.dll	[PX5: 44B8746228324B2C655901C519F9E700A7A8A88B]
[u] (ACTIVE) c:\windows\system32\vssapi.dll	[PX5: 5ECFC33700FBE356924C064F9AECB100B7719F72]
[u] (ACTIVE) c:\windows\system32\colbact.dll	[PX5: 1896B8D8005F3CB2EC9C00A6EB4925007251BD5E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\swriter.exe	[PX5: EDCBF0EF00684533A4A20417F52FEB001F78DD6D]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiscan.dll	[PX5: 26C8D723003B7544353C04B8D430A300DB847BDB]
[u] (ACTIVE) c:\windows\system32\comsvcs.dll	[PX5: 44834FC100A7749556F3131B0E1A1200CCE0005B]
[u] (ACTIVE) c:\windows\system32\wbem\wbemcore.dll	[PX5: A85F293B0031F3451CD3084F3A0E430098DF8AE6]
[u] (ACTIVE) c:\windows\system32\wbem\esscli.dll	[PX5: 78BF373B00E95E55C86603126A367700F7A43F1E]
[u] (ACTIVE) c:\windows\system32\wbem\fastprox.dll	[PX5: 27574A9B007FF819346107870FA1D000330365BA]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiamon.dll	[PX5: 8BE477190060F1F495D1018BCF85AA000244EB56]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiemon.dll	[PX5: 8AE655590095324BA58C016BC06D0900FE094796]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiepfw.dll	[PX5: 8954288A00C9AC64C5F70BD373C683001038CCF4]
[u] (ACTIVE) c:\windows\system32\wbem\wbemsvc.dll	[PX5: 64FE7A4100757EBFAAF7001203AB0C00753610BF]
[u] (ACTIVE) c:\windows\system32\wbem\wmiutils.dll	[PX5: AC3DED5D001A43638077015F4C53C000FE3A7268]
[u] (ACTIVE) c:\windows\system32\wbem\repdrvfs.dll	[PX5: 969DCDCE005E2F4CB8F20269B73C8700168EFBCB]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiupdate.dll	[PX5: 155749AC00583AD375900315150A6A0019536475]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguimailplugins.dll	[PX5: CB85FB3400D36B6865D301155D8421000C7F38BA]
[u] (ACTIVE) c:\windows\system32\jscript.dll	[PX5: 8AAF6CF50023B1A5D02607A91E63D000D10A3E80]
[u] (ACTIVE) c:\windows\system32\icaapi.dll	[PX5: 854A7140005CCAE92CC1008DAB5E1600967BAC21]
[u] (ACTIVE) c:\windows\system32\wbem\wmiprvsd.dll	[PX5: 37FA0B510035E61AACFC065320E6BD0019FB2BC3]
[u] (ACTIVE) c:\windows\system32\mstlsapi.dll	[PX5: 1FDF2ECE00566674C665015D4343B7009F67587E]
[u] (ACTIVE) c:\windows\system32\wbem\wbemess.dll	[PX5: A3B80C19002C4D2E2E690435AA58330058594C4B]
[u] (ACTIVE) c:\windows\system32\rastapi.dll	[PX5: 70213FCA0083DE05E42C009838627A009B490E72]
[u] (ACTIVE) c:\windows\system32\unimdm.tsp	[PX5: 3D45BFD900DD810D2CC90361DB79240028C9D137]
[u] (ACTIVE) c:\windows\system32\uniplat.dll	[PX5: C7F0DE5B009D7920361E002562779F0019669DF2]
[u] (ACTIVE) c:\windows\system32\kmddsp.tsp	[PX5: 900DB96500872B808232000FD8D3F7002B6FE098]
[u] (ACTIVE) c:\windows\system32\ndptsp.tsp	[PX5: 4CE09DFA0020D959E0C100B477E2F100FDAA7D32]
[u] (ACTIVE) c:\windows\system32\mfc71ita.dll	[PX5: 8C47BF9900C00236F0DE00B45623C60074094F00]
[u] (ACTIVE) c:\windows\system32\ipconf.tsp	[PX5: F8CEBAB4006414FA44B900F4A8ED7F008403CD71]
[u] (ACTIVE) c:\windows\system32\h323.tsp	[PX5: 6DCC5526007AD89E107A04A1457FDC003EA789AE]
[u] (ACTIVE) c:\windows\system32\hid.dll	[PX5: 7AB544F700315C2F526300FEBB2684000672D1F7]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\mfc71.dll	[PX5: 6CC9C2640078308D309410C7EE8D9E0004FCAA75]
[u] (ACTIVE) c:\windows\system32\wbem\ncprov.dll	[PX5: 5ED0A826001AC1BDB84000B6919D3F00E9097AD4]
[u] (ACTIVE) c:\windows\system32\rasqec.dll	[PX5: 3E2E3EFB007BFCF7F2FB003152A63F0019A4AC2F]
[u] (ACTIVE) c:\windows\system32\rasdlg.dll	[PX5: B19514EC00F1CC1C4E610A2C5D96C900DB9EEE5A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\soffice.exe	[PX5: 946C12B4006701B648B8711E165EC000F6F003B4]
[u] (ACTIVE) c:\windows\system32\sti.dll	[PX5: 4B255A1C0056575F0EDD01BE167FE4003DA9F5FF]
[u] (ACTIVE) c:\windows\system32\cfgmgr32.dll	[PX5: 0F8DCBAF001D4D84423D0050939AA30034E94947]
[u] (ACTIVE) c:\windows\system32\mscms.dll	[PX5: 35E0CEA200497CAF221B011739894D00B44B29E2]
[u] (ACTIVE) c:\windows\system32\zipfldr.dll	[PX5: BF489D8F00DC10342E3B05F277D48C00FAD65B01]
[u] (ACTIVE) c:\windows\system32\ntdll.dll	[PX5: 490F683C006E3FB11AE50B0B9F728800FC1975C1]
[u] (ACTIVE) c:\windows\system32\kernel32.dll	[PX5: 74382DCB004F949AC6A00F0AF3F4F1002EB295A9]
[u] (ACTIVE) c:\windows\system32\rpcrt4.dll	[PX5: 11F723A000F4669BECB4084950903A0057AD45EE]
[u] (ACTIVE) c:\windows\system32\secur32.dll	[PX5: 5D63756C00A9AA1ADC79006544A9AE00619CEEF7]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll	[PX5: D7B3752300A22AAC168F10E8A4E5E500A9029F11]
[u] (ACTIVE) c:\windows\system32\msvcrt.dll	[PX5: 6786FBCD00A604243CC605978A362F0047479516]
[u] (ACTIVE) c:\windows\system32\gdi32.dll	[PX5: 5040FD9D00CC2C26602C04ED747E7A00DE1BA07A]
[u] (ACTIVE) c:\windows\system32\user32.dll	[PX5: 8D2FE23500FE1927D8C008C5B8637500651D4C2C]
[UP] (ACTIVE) c:\windows\system32\shlwapi.dll	[PX5: 576A118E00D6F40F3CC807BA0889E100DE680372]
[u] (ACTIVE) c:\windows\system32\comdlg32.dll	[PX5: A9241E4200D223D04A440478464A410020B92150]
[u] (ACTIVE) c:\windows\system32\msimg32.dll	[PX5: 25F0CF4400FBAF01125100CC1C82B700F868C905]
[u] (ACTIVE) c:\windows\system32\oleaut32.dll	[PX5: 562389F100939B5B6CB5087362AE530080541A4F]
[u] (ACTIVE) c:\windows\system32\version.dll	[PX5: 72DD0533003F26F04A6F00F9C3C0BF0021938452]
[u] (ACTIVE) c:\windows\system32\ole32.dll	[PX5: 8C38473E00863731A4D713E8E1EB56002957DA50]
[u] (ACTIVE) c:\windows\system32\wsock32.dll	[PX5: CE653C69007169C960BA00D23FB0BD00EEC48F49]
[u] (ACTIVE) c:\windows\system32\ws2_32.dll	[PX5: 3BB2796F00A10256423801F2C684DE0049FC67E2]
[u] (ACTIVE) c:\windows\system32\ws2help.dll	[PX5: 2F03D11F003A101D4E4C00E172F606004F41078C]
[u] (ACTIVE) c:\windows\system32\imm32.dll	[PX5: 1DD43B55004334A8AE2F014DB680150012DE5AAA]
[u] (ACTIVE) c:\windows\system32\uxtheme.dll	[PX5: E5D7F2E800824B405A3603AE38D2F600B9CC76D6]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eplghooks.dll	[PX5: 9292BD7C0071A69329090000E9575800AC4B0B76]
[u] (ACTIVE) c:\windows\system32\msctf.dll	[PX5: F0E2572800A034F38CF204E021343F00261B5B7D]
[u] (ACTIVE) c:\windows\system32\msctfime.ime	[PX5: 7067BC94004780DCB40902EBE043D700A615E886]
[u] (ACTIVE) c:\windows\system32\psapi.dll	[PX5: E35D9B0B00FEA8935A5E00283FFF700020BDE028]
[u] (ACTIVE) c:\windows\system32\msasn1.dll	[PX5: 171DDD460018FDFEE099001A630D9400DF589454]
[u] (ACTIVE) c:\windows\system32\wintrust.dll	[PX5: BBF3FE7400DC07F9B27E02AF374E86001CB2C26D]
[u] (ACTIVE) c:\windows\system32\imagehlp.dll	[PX5: E0EC5CAB0066DD3B342C025E6B2639005054F18F]
[u] (ACTIVE) c:\windows\system32\netapi32.dll	[PX5: 7462A9A40068AC15264705268CA7AC00B2D0EEE7]
[u] (ACTIVE) c:\windows\system32\clbcatq.dll	[PX5: 15FCF1DF004402F39C04073EB1C251005C38F195]
[u] (ACTIVE) c:\windows\system32\comres.dll	[PX5: 98DADC0600EB0B1EE8B90C7CE8FD78003677F052]
[u] (ACTIVE) c:\windows\system32\normaliz.dll	[PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC]
[u] (ACTIVE) c:\windows\system32\wldap32.dll	[PX5: 4FAF0CCF005A3487A41A02DEA0C6E600D4A134BA]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll	[PX5: AC5C497F0055FC0ABE1908A65B418300E537E4DE]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll	[PX5: 03159C9A00BD1DFF02E50A2E72C589000A8187C0]
[u] (ACTIVE) c:\windows\system32\wininet.dll	[PX5: 5501E6E600D89D2F9C060C6E6D5FC50032BD4EDA]
[u] (ACTIVE) c:\windows\system32\iertutil.dll	[PX5: 6946C4A20009ACA216050494706B560017AA3411]
[u] (ACTIVE) c:\windows\system32\userenv.dll	[PX5: 274E3C2F0024BF1B2E530B5A3AB5EA005966585D]
[u] (ACTIVE) c:\windows\system32\comctl32.dll	[PX5: 4F0A2D1A00E7D4E26C3A0997943FEB000329CD14]
[u] (ACTIVE) c:\windows\system32\ntmarta.dll	[PX5: CAEC3300005C7928D46401D2530266003B89D601]
[u] (ACTIVE) c:\windows\system32\samlib.dll	[PX5: 8D01FD2500585BE6FAB30073BDEFF800B80FA751]
[u] (ACTIVE) c:\windows\system32\sxs.dll	[PX5: 713555D00016AF6EE8430A4532698B00B2B0D6FB]
[u] (ACTIVE) c:\windows\system32\setupapi.dll	[PX5: A5C89CD9001856B348A00F7F17668400445A4D3A]
[u] (ACTIVE) c:\windows\system32\msvcr71.dll	[PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7]
[u] (ACTIVE) c:\windows\system32\mlang.dll	[PX5: 6E13A09800C70FA5F25108E1CB865E001459364F]
[u] (ACTIVE) c:\windows\system32\ieframe.dll	[PX5: 1B65A05100803F74925D5CDF2E87F60093DC333A]
[u] (ACTIVE) c:\windows\system32\apphelp.dll	[PX5: 7DD420CF00F6748FEC9D0116E0C40B00C00681B2]
[u] (ACTIVE) c:\windows\system32\urlmon.dll	[PX5: 1830714000B5A583B4D8114BB2FE140036679107]
[u] (ACTIVE) c:\windows\system32\printui.dll	[PX5: 57E3645B00F69FCCBE1508DC243AAB001B0A3450]
[u] (ACTIVE) c:\windows\system32\winmm.dll	[PX5: 978C27FA008570E1BA4602C184808000715F7906]
[u] (ACTIVE) c:\windows\system32\syncor11.dll	[PX5: 56E15181747BAE389F160001BE58ED00D2577DF5]
[u] (ACTIVE) c:\windows\system32\rasapi32.dll	[PX5: AA8193BD006AA0579EC20327E3F9F30087FD2DB4]
[u] (ACTIVE) c:\windows\system32\rasman.dll	[PX5: 77194E7400E5FB53F01C00AE34FFD9000A4CB783]
[u] (ACTIVE) c:\windows\system32\tapi32.dll	[PX5: C36F2E8700D12E04C6C302810580430078DCA789]
[u] (ACTIVE) c:\windows\system32\rtutils.dll	[PX5: F9B8224300F34E57AC8300EE0FFA3000F5CFE48E]
[u] (ACTIVE) c:\windows\system32\msv1_0.dll	[PX5: 9A88E7E7008A58EA065402F6DD6A1C000FA35A1D]
[u] (ACTIVE) c:\windows\system32\iphlpapi.dll	[PX5: 24772E090078A26F766401E3B6F17D00CC3B3674]
[u] (ACTIVE) c:\windows\system32\dnsapi.dll	[PX5: AAB816C7003C4D3542E702845D4F1A00ADA0B52F]
[u] (ACTIVE) c:\windows\system32\rasadhlp.dll	[PX5: AF995D430035502F1E80003B3C2E0700C3F1D82B]
[u] (ACTIVE) c:\windows\system32\hnetcfg.dll	[PX5: F713C38700FD77104A6B055D5FAF3E006317D673]
[u] (ACTIVE) c:\windows\system32\wtsapi32.dll	[PX5: 6C158B26004CDD7F48CB0056162141006D84B503]
[u] (ACTIVE) c:\windows\system32\winsta.dll	[PX5: 3F914A3A00E0D736D2B700CB4D57A000351EE079]
[u] (ACTIVE) c:\windows\system32\shfolder.dll	[PX5: D7C4D1810078CAFA6257006B0FCBCA007DD6FB27]
[u] (ACTIVE) c:\windows\system32\dbghelp.dll	[PX5: 1C3B1F7000AA9962C4DD09B7DE1BD70021E1A65D]
[u] (ACTIVE) c:\windows\system32\shimeng.dll	[PX5: 1C9AA7B7007DD654FEFC00788B6C1800612ED17B]
[u] (ACTIVE) c:\windows\system32\msacm32.dll	[PX5: 080EB6CD004E00D518E10174AB0E1E006A4BC771]
[u] (ACTIVE) c:\windows\apppatch\acgenral.dll	[PX5: 4D65F25E00FF9793461B1C7DEBB460009BA7A0FC]
[u] (ACTIVE) c:\windows\system32\winrnr.dll	[PX5: 41D0CEB60004FECC421A00697B818200CFEEC440]
[u] (ACTIVE) c:\windows\system32\winlogon.exe	[PX5: 38B01C05009EAAB8CA1307D21BFA8500D5209A80]
[u] (ACTIVE) c:\windows\system32\wbem\wbemcons.dll	[PX5: C4055E2F0069E1FB18EE014DE14F77006C2EEE4C]
[u] (ACTIVE) c:\windows\system32\xpsp2res.dll	[PX5: C51367FA002C624034732D6118710400C99F098E]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll	[PX5: 8D49CA8B0045989150E01A3D8ECF5200FFFD914A]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll	[PX5: 1CD79A6B00ACCCBD60660869F17C0900CE4B6B7D]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll	[PX5: 9A45456900EE9D7990C909755A3A5C00A6DAF154]
[u] (ACTIVE) c:\windows\system32\msvcp60.dll	[PX5: AA21CEE700C12E8E50900683114B4B0004C88863]
[u] (ACTIVE) c:\windows\system32\sensapi.dll	[PX5: 98E3F7D700E71D181C6C0033011978003E0D282E]
[u] (ACTIVE) c:\programmi\java\jre6\bin\msvcr71.dll	[PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7]
[u] (ACTIVE) c:\windows\system32\rsaenh.dll	[PX5: 47100BA200180DA62E1F0385EB4B3E0076D11132]
[u] (ACTIVE) c:\windows\system32\browseui.dll	[PX5: F792BF8E0002533AA4770FCA84DCA600E655036B]
[u] (ACTIVE) c:\windows\system32\ntshrui.dll	[PX5: F959802D002AA3A138E5028649815A0083AB1AC6]
[u] (ACTIVE) c:\windows\system32\atl.dll	[PX5: 357BD57500B0B091E6D600D9FBC34C0036D5E702]
[u] (ACTIVE) c:\windows\system32\mydocs.dll	[PX5: F843A7AA00FE6D8764D20180D1DB9B0091287905]
[u] (ACTIVE) c:\windows\system32\cryptui.dll	[PX5: FC12AF700069F9D2FE0607E01D89BF009FFEAA01]
[u] (ACTIVE) c:\windows\system32\shdocvw.dll	[PX5: 3AD563BC000FEBCAE0031621E82892007791C9DF]
[u] (ACTIVE) c:\windows\system32\mpr.dll	[PX5: 7E26821800AF617DEA1E00393C441F008910575D]
[u] (ACTIVE) c:\windows\system32\aclui.dll	[PX5: D2BD0ADF00DF9254D867011A1BEEBF005606B51F]
[u] (ACTIVE) c:\windows\system32\powrprof.dll	[PX5: 47CD29DB00778E26447100327527F900E21B3CB0]
[u] (ACTIVE) c:\windows\system32\smss.exe	[PX5: FB45C9580064EFA6C69B00AD18ED030059F6B39B]
[u] (ACTIVE) c:\windows\system32\csrss.exe	[PX5: 7E2C457100B8DB47182600665DD0AE005A93CA97]
[u] (ACTIVE) c:\windows\system32\themeui.dll	[PX5: ECA32DB100FCED1CF4BB05B20510E40018102672]
[u] (ACTIVE) c:\windows\system32\msgina.dll	[PX5: 23935CBF00B404A2462E0FE2C0CB7E004CA3B2A2]
[u] (ACTIVE) c:\windows\system32\odbc32.dll	[PX5: EF73221700267D3DD05803C7ECF13C00D009DECD]
[u] (ACTIVE) c:\windows\system32\odbcint.dll	[PX5: 39D4A2AD00248E14806101AEBBE29A00FD9EFA81]
[u] (ACTIVE) c:\documents and settings\me\desktop\procexp.exe	[PX5: 3EC508198060D3EA2D5C36FD5B3C6000DF1706F5]
[u] (ACTIVE) c:\windows\system32\wdmaud.drv	[PX5: 49BE13F700CFB9ED5C2500DA53C34B005C35FEBB]
[u] (ACTIVE) c:\windows\system32\msacm32.drv	[PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B]
[u] (ACTIVE) c:\windows\system32\midimap.dll	[PX5: C932A298002D88084A000079BA6DCB001CD61712]
[u] (ACTIVE) c:\windows\system32\wuaueng.dll	[PX5: 96A8FDF31820FD8A9E1D1B88260572006ACE6A58]
[u] (ACTIVE) c:\windows\system32\winhttp.dll	[PX5: 67ED58D300BC635A687905931B10E900AAF235CB]
[u] (ACTIVE) c:\windows\system32\cabinet.dll	[PX5: 6B05D36F006B49D9EC6F009789851600A9D665FB]
[u] (ACTIVE) c:\windows\system32\mspatcha.dll	[PX5: 082417FC003C31E4749D001F964017002A684FB5]
[u] (ACTIVE) c:\windows\system32\esent.dll	[PX5: 91DCA05F007729B0AAFA1082F45464008F044772]
[u] c:\programmi\webteh\bsplayer\uninstall.exe	[PX5: 292735B62F82DF4F02DA011FBFB0CE0055626A5D]
[u] c:\documents and settings\me\desktop\ccsetup217_slim.exe	[PX5: 6F68B2EC185BE6A058940E85E64EAB00D27526EA]
[u] c:\windows\system32\wbem\tmplprov.dll	[PX5: 3E4F2573000CD2C5F29D00882B2450007E73BC49]
[u] c:\windows\system32\wbem\updprov.dll	[PX5: AC40FEF30018ECBEC68C0156F0891D007A1ABD8B]
[u] c:\windows\system32\wbem\dsprov.dll	[PX5: 34A8F87600EEC9EBD6D0019710DC3200BDAB7ECD]
[u] c:\windows\system32\wbem\fwdprov.dll	[PX5: C5882378005F233ED05E0053CB65BA00A0F65E6F]
[u] c:\programmi\eset\eset nod32 antivirus\callmsi.exe	[PX5: 03F6F5A6008BA546059D0191BA8BE9003A0D9D5E]
[u] c:\windows\system32\wbem\msiprov.dll	[PX5: 37D3D88500F4539C2EE804ECAA9C7A00D1BA1098]
[u] c:\windows\system32\wbem\smtpcons.dll	[PX5: F43CEC7700EA1EACA0DA00217410DF0071CA1FEB]
[u] c:\windows\system32\wbem\trnsprov.dll	[PX5: B49F52190036A998EA3F00A6D0516500F9E1985D]
[u] c:\windows\system32\wbem\wmitimep.dll	[PX5: FA04985A0019BB35CCB7008DA3321500D3FAF77A]
[u] c:\programmi\file comuni\microsoft shared\textconv\html32.cnv	[PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF]
[u] c:\windows\system32\wbem\wmimsg.dll	[PX5: 17DE9138001AC6F9F02A008F3DD1CA0059DAC10E]
[u] c:\windows\autoclk.exe	[PX5: 49A7C874003214CFB0CC02317EED1C0078A93FCA]
[u] c:\windows\system32\msxml4.dll	[PX5: EABA86F708DA1BE5A07B13076693B200CA2D7643]
[u] c:\windows\system32\audio3d.dll	[PX5: 06B57C0100809EEC006C0BEAA031B000E562E488]
[u] c:\windows\system32\dgsetup.dll	[PX5: 9D89C0B01C87746D4EB801AD614F2B004CCD0348]
[u] c:\windows\system32\dgrpsetu.dll	[PX5: 4193CE261D661EA8B055021EB52473004F54853A]
[u] c:\windows\syncor.exe	[PX5: DA6795E500A434BAD08A05E4121044008774B011]
[u] c:\windows\synthcorea.dll	[PX5: AEC35A9500BF542DF0F70E41E9DCC200DD95C635]
[u] c:\programmi\analog devices\soundmax\smax3cp.cpl	[PX5: 5CE5B10C00C2E52D90B901485B9F18000119BB01]
[u] c:\windows\system32\s11thk32.dll	[PX5: 80D7517400424463C02B0046C0DD7A00197F9813]
[u] c:\windows\system32\getuname.dll	[PX5: 5C6E9A5800D2E8D53E0009C7DF5B6700D7CC4B28]
[u] c:\windows\system32\avtapi.dll	[PX5: AEF2F5170097D78C900A03070F2E140011C6B698]
[u] c:\windows\isuninst.exe	[PX5: E4A984D4009E6674AE60043BB74BCC00D1649AF5]
[u] c:\windows\system32\avwav.dll	[PX5: 737DE91A00AE1AB21EAD012E3562E6001B580DF7]
[u] c:\windows\system32\virtear.dll	[PX5: 6C92F50500118DEE20670F884461A4000DFD432E]
[u] c:\windows\system32\smmedia.dll	[PX5: C42CE4D400AAC6119E6313D01536BB006C7AC7BB]
[u] c:\programmi\windows live\messenger\wlcstart.exe	[PX5: 3FE7169E60D42679F3E20017F2D91100F7E84F9F]
[u] c:\windows\system32\gdiplus.dll	[PX5: 221491A80896B6071B0119D37DDB5A005C35FA30]
[u] c:\programmi\java\jre6\bin\regutils.dll	[PX5: 8EAFD7310003D41400550406EA3CAF004A82D996]
[u] c:\programmi\malwarebytes' anti-malware\unins000.exe	[PX5: 7CABF2D39064C37182CF0A561A0FFB008E88A0B2]
[u] c:\programmi\a-squared free\unins000.exe	[PX5: 7CABF2D39864C371F4CF0A561A0FFB0087E3E8DB]
[u] c:\documents and settings\me\impostazioni locali\temp\esiasdrv.sys	[PX5: 7FA1864C088249E3848100B77E84EB0063CC303C]
[u] c:\windows\system32\acledit.dll	[PX5: 255F83BE0043299E06A2021433555A006FC8471F]
[u] c:\windows\system32\activeds.tlb	[PX5: 10C26EAA000E131CB251013AAA5AF100A6E55102]
[u] c:\windows\system32\adptif.dll	[PX5: BE23BE7B00CB1074666600322A403D005E6B2296]
[u] c:\windows\system32\adsnds.dll	[PX5: F175D6E8003F60697CAD02C6EADB3600E6EE5FEB]
[u] c:\windows\system32\apcups.dll	[PX5: 8A5CFE5E0040F8FA92490110BD0B5500BDF1FC59]
[u] c:\windows\system32\append.exe	[PX5: 33C5C530624423FA318100A9FC947F00128D8604]
[u] c:\windows\system32\arp.exe	[PX5: B453C16800D2308B4E4200977B246F009936C4DD]
[u] c:\windows\system32\asr_ldm.exe	[PX5: 098D535F002C268D90D500B692AD2600F23DC978]
[u] c:\windows\system32\atkctrs.dll	[PX5: ACD6366100FD2CBE364300CBB95F8A0044B4C060]
[u] c:\windows\system32\drivers\atmepvc.sys	[PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B]
[u] c:\windows\system32\atmpvcno.dll	[PX5: 6410E9350083298F88FA00FFF71A69006A254153]
[u] c:\windows\system32\drivers\atmuni.sys	[PX5: 92E7BF650082565E607E05AD216E0900953642D5]
[u] c:\windows\system32\autodisc.dll	[PX5: 0B854AE800BA46713EDB01807D955E00702D2DEC]
[u] c:\windows\system32\avicap32.dll	[PX5: 5C72577B0065F7A400FE01FA40091200384DCE93]
[u] c:\windows\system32\avicap.dll	[PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8]
[u] c:\windows\system32\avifile.dll	[PX5: 23078576D07C879BAB0E016052733100CC123BD6]
[u] c:\windows\system32\bootok.exe	[PX5: F569433D0008EB86125800A1B45900002310508A]
[u] c:\windows\system32\bootvrfy.exe	[PX5: 0A1BBDF400A1D9441454008215242C00640EF135]
[u] c:\windows\system32\drivers\cbidf2k.sys	[PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7]
[u] c:\windows\system32\ccfgnt.dll	[PX5: 971D08F9000641116C8E0071062D45000119820C]
[u] c:\windows\system32\chcp.com	[PX5: 62142BAC004172551EE000230CC13000B22EADAF]
[u] c:\windows\system32\chkdsk.exe	[PX5: 1086954400E415602E7900AC8CF8A6009AB081B6]
[u] c:\windows\system32\chkntfs.exe	[PX5: E8B96802005098632C3F00575B813700468EB6A8]
[u] c:\windows\system32\ciadmin.dll	[PX5: E4BB510900859F3886C702CD62B76F00EC06704E]
[u] c:\windows\system32\cidaemon.exe	[PX5: 294C30670067C14D209300448CFCAF0090848BF3]
[u] c:\windows\system32\drivers\cinemst2.sys	[PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424]
[u] c:\windows\system32\ckcnv.exe	[PX5: 068269F8003758241E9400619EF00C001FF98947]
[u] c:\windows\system32\shellstyle.dll	[PX5: C331CBAC00F33620A65B06B5A6B1F50051532311]
[u] c:\windows\system32\cmpbk32.dll	[PX5: 9AE4F3510027B04D38540076225EFC008B85C319]
[u] c:\windows\system32\cnetcfg.dll	[PX5: B4E51ABC003C3F2880C600786A5A2D0017E0A6CA]
[u] c:\windows\system32\cnvfat.dll	[PX5: 49AD2A5C00BAC153684B004C45837D000270E8F3]
[u] c:\windows\system32\comcat.dll	[PX5: 0246801000C0A6C80E5A003B3C2E0700B79BCD14]
[u] c:\windows\system32\commdlg.dll	[PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1]
[u] c:\windows\system32\compact.exe	[PX5: BCD1D91D00679CF548B900DC3BCE6800C5D6158C]
[u] c:\windows\system32\compobj.dll	[PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F]
[u] c:\windows\system32\drivers\pxscan.sys	[PX5: 11EEE13208526D6558A400F26A394F00E75A87AE]
[u] c:\windows\system32\console.dll	[PX5: 350F39E9006155800638013413E66C00F02E9B35]
[u] c:\windows\system32\control.exe	[PX5: 2549691E00D7FEE920C900E6B3BA7000953D4AE3]
[u] c:\windows\system32\convert.exe	[PX5: 592350C10039A1473628002D12444900FB693407]
[u] c:\windows\system32\drivers\cpqdap01.sys	[PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3]
[u] c:\windows\system32\csseqchk.dll	[PX5: E242EAF600C5D1D620BB019D6A836B0042F7831A]
[u] c:\windows\system32\ctl3dv2.dll	[PX5: C84734B440655DC66A4D00304EF8AC0014627D07]
[u] c:\windows\system32\d3dim.dll	[PX5: C4FFB71C0095035EA8C5063712F66B0078F5B1A5]
[u] c:\windows\system32\d3dpmesh.dll	[PX5: 7B3888C20007A1C4889B0041D3249200AC2C0BBD]
[u] c:\windows\system32\d3drm.dll	[PX5: 10917D680044F8D858BD05B8E8901C002B105CFE]
[u] c:\windows\system32\d3dxof.dll	[PX5: 13F18C7F00AA32C4BA5F00E79FE7D2000A893DE6]
[u] c:\windows\system32\ddeml.dll	[PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C]
[u] c:\windows\system32\debug.exe	[PX5: 86C9E8109AC508EC52A300360575330053F48D3F]
[u] c:\windows\system32\deskadp.dll	[PX5: 1FEBC52C0075696A427B005EACC72200AF70D61C]
[u] c:\windows\system32\deskmon.dll	[PX5: E6AC7E1B00B4347342D70033642CB1001FC78895]
[u] c:\windows\system32\deskperf.dll	[PX5: DEBA621400871F794A8D0005514927006E3B795A]
[u] c:\windows\system32\dhcpsapi.dll	[PX5: 25DB6C9800998C8D24B501B008F53A0032B4B6EC]
[u] c:\windows\system32\diactfrm.dll	[PX5: 54B567AE008CF572082C06E3C74BAD00BB80B1C2]
[u] c:\windows\system32\dimap.dll	[PX5: A562A54A007E37CFAC93009CFA17FE006159AB7A]
[u] c:\windows\system32\diskcomp.com	[PX5: 8CD292D500E33AB824A100536EC85C00EF809D63]
[u] c:\windows\system32\diskcopy.com	[PX5: F30F3BB80016CEF71C05003B3C2E07009B70B4C9]
[u] c:\windows\zip.exe	[PX5: 6A67689000B47A4A0A0D017314D3030032CE2915]
[u] c:\windows\system32\diskperf.exe	[PX5: 2829F2BF00BF42304A6500D46E590900AC98C212]
[u] c:\windows\system32\dllhst3g.exe	[PX5: 3B83660A0079725C129A00667D2C7300AF333CC4]
[u] c:\windows\system32\dmconfig.dll	[PX5: FFDFA37900346E680CDD05DBC9A184000EE3D855]
[u] c:\windows\grep.exe	[PX5: 3135F7601CE57F623A270192F3A51400FAF55654]
[u] c:\windows\system32\dmdskres.dll	[PX5: 8D3B22C9007915AEF4F401E0E6650E000C2D506F]
[u] c:\windows\system32\dmintf.dll	[PX5: 847B69C400B22AC348B5003B3C2E0700BC6922E3]
[u] c:\windows\system32\dmview.ocx	[PX5: 6221709600445C13F0E30047CCD00F00125736CC]
[u] c:\windows\system32\docprop.dll	[PX5: 4D155A630014F006B8E7003E1F6CD600C0918C31]
[u] c:\windows\system32\doskey.exe	[PX5: 3DFF732F00B2A3A62AB7004F29AEE200BB284302]
[u] c:\windows\system32\dplay.dll	[PX5: 61D801A7107F7A7E816500549A0E46000B5D7981]
[u] c:\windows\system32\dpnmodem.dll	[PX5: 76FB127600B9C295F40E00D5C6DD8A0084143E48]
[u] c:\windows\system32\dpnwsock.dll	[PX5: A7FEB4F80038F77EF23A000037F94D009A0C4C3A]
[u] c:\windows\system32\dpserial.dll	[PX5: F3FA165910C5910FD3FB00906AFC6500E7FC7276]
[u] c:\windows\system32\dpwsock.dll	[PX5: A87A564D1063697CA792007F4D1002002C710E0E]
[u] c:\windows\system32\drwatson.exe	[PX5: FD38D29F60AF31A86E160029DCB43500291D0D31]
[u] c:\windows\system32\dsauth.dll	[PX5: 1276D2A700F7E6F5F67800EA938FEE00CB5E7A94]
[u] c:\windows\system32\dvdplay.exe	[PX5: 30AAA28A00FEB62EE27500F92FFA1100D6F8CE53]
[u] c:\windows\system32\edit.com	[PX5: B542A12F4E6E0DA414520148D1845800064EF6D9]
[u] c:\windows\system32\edlin.exe	[PX5: 9CDC2E17C2E71092323F005F0F7BFC0009639A5B]
[u] c:\windows\system32\wbem\wbemads.dll	[PX5: 9F454CF6000FCC0C30BA00C5B578C000397CC27A]
[u] c:\windows\system32\esent97.dll	[PX5: F1F57D5910A67BBA03A511F24777F500CC1949E5]
[u] c:\windows\system32\esentprf.dll	[PX5: 0756CBAA00C44459447700E07EEE4600CDA677D1]
[u] c:\windows\system32\wbem\wbemads.tlb	[PX5: 4C949150002C3C757A81002BC9900A00286938B5]
[u] c:\windows\system32\esentutl.exe	[PX5: 7C67F741006043B39A0D00C22981B2002E5514CD]
[u] c:\windows\system32\eventcls.dll	[PX5: 1A215A2A0036917D823B00C6E6618A000F9E4F3C]
[u] c:\windows\system32\eventvwr.exe	[PX5: 4EF8F67D007669A324390017AA36FA008DD4EB55]
[u] c:\windows\system32\exe2bin.exe	[PX5: 811C5CBE681FD35D21DA0092B5552E0021B4F928]
[u] c:\windows\system32\expand.exe	[PX5: CDCFF1B60077778E4018008D1F34CC008F3B49FB]
[u] c:\windows\system32\fastopen.exe	[PX5: 68062C0E72CE86AB03780001B5B47F00DC855A06]
[u] c:\windows\system32\fc.exe	[PX5: FCF485F1002C473C3A740081C9ECE80087407D56]
[u] c:\windows\system32\find.exe	[PX5: FE1EFFCB00504A2E244900DFA0ADA500233B1DF3]
[u] c:\windows\system32\finger.exe	[PX5: 1D15F85400745F88266500D8826896007EC3244E]
[u] c:\windows\system32\fixmapi.exe	[PX5: 8FEB7C6F0086FF5A0C6B00150530FA00B79BCD14]
[u] c:\windows\system32\fmifs.dll	[PX5: 3C050160004167A9407200F897DA0F0041897D56]
[u] c:\windows\system32\fsusd.dll	[PX5: C16BE175003AC012409301F524BCFA00B358516F]
[u] c:\windows\system32\fsutil.exe	[PX5: E5D52EDC00D893E9EED9005AF76777008FC9340F]
[u] c:\windows\system32\ftsrch.dll	[PX5: 9A53ABFF00A46317B25D02FF9535FA001423BE53]
[u] c:\windows\system32\g711codc.ax	[PX5: 14A6DC1E00D94176A2D300C57D8D6C0092897C4B]
[u] c:\windows\system32\gcdef.dll	[PX5: 04BD2A36002ABDBF302801B230A658000915B07D]
[u] c:\windows\system32\glmf32.dll	[PX5: 8FF86B8B009E6B145A5504566048B800605DFDDA]
[u] c:\windows\system32\kbdycl.dll	[PX5: E82543E9001C48FB1AE100DB66B55C003CDC71CA]
[u] c:\windows\system32\gpupdate.exe	[PX5: BA599EEF008C54ADE61E00A6195AA300BAF53FF8]
[u] c:\windows\system32\graftabl.com	[PX5: 0FE61FD6007A5D06668800223CE439003DD31168]
[u] c:\windows\system32\hnetmon.dll	[PX5: CBE83424008FC3CC3C9C0032FD1A7400CA71A6BC]
[u] c:\windows\system32\hostname.exe	[PX5: 01B352090062058222A800B871FA5600E4E416C3]
[u] c:\windows\system32\iasacct.dll	[PX5: 3A7BCE5A00767F135C6500C193B9D5001D83EF95]
[u] c:\windows\system32\iasads.dll	[PX5: B9182F9500A5D8B2A29B00B24D901400A4FBC32E]
[u] c:\windows\system32\iashlpr.dll	[PX5: 15E3B59D0007156C7E8500241F3DF700C70C209A]
[u] c:\windows\system32\iasnap.dll	[PX5: BF967F6B00819FE0F4CE00C3BAA44000FABE6FFA]
[u] c:\windows\system32\iaspolcy.dll	[PX5: 1112BD6B00DA039E469100E7A752A4008B2C43DB]
[u] c:\windows\system32\iasrecst.dll	[PX5: 41A4279C00C3CDFC287E02930A7A370026F417D8]
[u] c:\windows\system32\iassam.dll	[PX5: 4ACD95D40095E30B52FF01A122B85700B1A60437]
[u] c:\windows\system32\iassdo.dll	[PX5: B43DC82D001E1FE8DE6B03071346E800B94F0055]
[u] c:\windows\system32\iassvcs.dll	[PX5: 7A17C38500769ED6F05400E1A364A6002E27D06F]
[u] c:\windows\system32\icmui.dll	[PX5: 79852F4F004FA70AD8870036A8B3F300BFB6CC72]
[u] c:\windows\system32\tscupgrd.exe	[PX5: 96D9AEE500AC457BAE7E0047A234C30055FB12E0]
[u] c:\windows\system32\ifsutil.dll	[PX5: DC4770E5004B4BC614EA01969D3AD00059C904E8]
[u] c:\windows\system32\iissuba.dll	[PX5: 333870ED00C68D7524550033A8DA2200177D43CC]
[u] c:\windows\system32\inetcplc.dll	[PX5: 0301BC7300CE7D23D48901A9BAE490003EB7FEA2]
[u] c:\windows\system32\infosoft.dll	[PX5: 2CDB31710086C2C1E08406D1C61673004093D560]
[u] c:\windows\system32\iologmsg.dll	[PX5: C8F05831004D6A018CFC00CACD628D003F263C81]
[u] c:\windows\system32\iprop.dll	[PX5: A4B5F86400EACF0B0ED900CF73583500B79BCD14]
[u] c:\windows\system32\iprtprio.dll	[PX5: 5D17159F000ADB5F1093007AADDE9800B79BCD14]
[u] c:\windows\system32\ipsec6.exe	[PX5: E25FEFD2004F6932B21F001651F94600E6D28907]
[u] c:\windows\system32\ipxmontr.dll	[PX5: BEE4D98A00A0A8105C9401E75180D5005962F155]
[u] c:\windows\system32\ipxpromn.dll	[PX5: 319DEFB900B083C2183201383D84A3007C933D1C]
[u] c:\windows\system32\ipxrip.dll	[PX5: 859821B9009D40A9548200AD83A363008B36EF0D]
[u] c:\windows\system32\ipxrtmgr.dll	[PX5: 4718448E00AA1CC09C1B00C6E262700012078A35]
[u] c:\windows\system32\ipxsap.dll	[PX5: 85797B9500D099280499015DBB948C00AAAAF548]
[u] c:\windows\system32\jet500.dll	[PX5: F1809CDE009860DA88F00540571EF20054FEA15C]
[u] c:\windows\system32\reset.exe	[PX5: 6B0EA7C80018D2A72657007CF67DD1001015FA99]
[u] c:\windows\system32\jgaw400.dll	[PX5: CA1C6A7800F11936AEEA008D81474C006C116D0C]
[u] c:\windows\system32\jgmd400.dll	[PX5: 5FFB60E700258B788C7200A67647E20040E0BEBB]
[u] c:\windows\system32\jgsd400.dll	[PX5: 88E4D35400F6128BB2C100C538B800006F206129]
[u] c:\windows\system32\jgsh400.dll	[PX5: 290048820064052A006701039E424E004626EA67]
[u] c:\windows\system32\jobexec.dll	[PX5: B8417B505085E1D6BFDE00D8D37A4D003E439A2E]
[u] c:\windows\system32\jsit.dll	[PX5: 4213EAF52FB0CAF270110031787A4700B8739C7E]
[u] c:\windows\system32\kbdbe.dll	[PX5: 48FDB2CB00F2B06518CA009E462900005E1643BF]
[u] c:\windows\system32\kbdbene.dll	[PX5: FE3101B600DD63A218C80009E1A04B002AE7F7EB]
[u] c:\windows\system32\kbdbr.dll	[PX5: 74070A8C000919F6185500B353B4DE0006588985]
[u] c:\windows\system32\kbdca.dll	[PX5: B92ED5B9005792E61812006E944F61000D940D14]
[u] c:\windows\system32\kbdcan.dll	[PX5: CAA133DE00AAFC421E1300B54A38DF0007D9EFA6]
[u] c:\windows\system32\kbdda.dll	[PX5: 24881EF000533D04186F006E8E5F5600C3AAD043]
[u] c:\windows\system32\kbddv.dll	[PX5: ED34EFC80039728214BF0032CFF4740071E095D3]
[u] c:\windows\system32\kbdes.dll	[PX5: 01EDE1B000E0CA0118A600B2E97B8C00E65CBEF1]
[u] c:\windows\system32\kbdfc.dll	[PX5: DF58154C0001E3F8181F007524BE200037E64113]
[u] c:\windows\system32\kbdfi.dll	[PX5: 48EE580D00FA4A861834002C6F0F8800375CF580]
[u] c:\windows\system32\kbdfo.dll	[PX5: DEE8FDE6002F2C97189B00C43AC78500739A4BF6]
[u] c:\windows\system32\kbdfr.dll	[PX5: DEC48D3900347DDF18ED005F331E3F00B4872F43]
[u] c:\windows\system32\kbdgae.dll	[PX5: F3512D80001A356F16DA00323386BA002E2F5555]
[u] c:\windows\system32\kbdgr1.dll	[PX5: 02EEA6A0005F3E741851005D3FDF7500C13DD479]
[u] c:\windows\system32\kbdgr.dll	[PX5: 4DF569E700DDEF701857000515A4BD009E9A507D]
[u] c:\windows\system32\kbdic.dll	[PX5: 55372CE0006CADDD18E60006EECB72006BA6A430]
[u] c:\windows\system32\kbdir.dll	[PX5: AD3FC81F00A34AFC1695004F6DE2EF00725D3CD6]
[u] c:\windows\system32\kbdit142.dll	[PX5: 413B35DE003D58931634005028DDC7001F6B26BC]
[u] c:\windows\system32\kbdla.dll	[PX5: A782AF5C002D56391AB8009D936AAA00646DF1FA]
[u] c:\windows\system32\kbdmac.dll	[PX5: E08CD36F00422D15180100CFAAD195008FE0678E]
[u] c:\windows\system32\kbdne.dll	[PX5: 19C8E4DD00463E6A186A00C65262CD00BB11DB57]
[u] c:\windows\system32\kbdno.dll	[PX5: A133804400BBA4A1186200204D642800A4FFC514]
[u] c:\windows\system32\kbdpo.dll	[PX5: 66DAE7380041832E184800C349947E002B6C82B9]
[u] c:\windows\system32\kbdsf.dll	[PX5: 6EA394E80094BFD4183A0046A2D29E0088783429]
[u] c:\windows\system32\kbdsg.dll	[PX5: 1428B5DE00FED1001A8300A507FDC000681433B7]
[u] c:\windows\system32\kbdsp.dll	[PX5: 782E990F000A4D37182F008DCC476C00EEAB2228]
[u] c:\windows\system32\kbdsw.dll	[PX5: 70FEA55C00F764DC18BE000C911EAA004C6FF86D]
[u] c:\windows\system32\kbduk.dll	[PX5: A085C50C0063ABE816A700AD836F5200D503ABC4]
[u] c:\windows\system32\kbdusl.dll	[PX5: ECD942B7004D75CF18740098D9D9F600E199B78A]
[u] c:\windows\system32\kbdusr.dll	[PX5: 4002D2E900F6D8061892000AE393F800DDA2AFB7]
[u] c:\windows\system32\kbdusx.dll	[PX5: 38E4317A003AC90F18CE006CD6D0E200133C6897]
[u] c:\windows\system32\label.exe	[PX5: 531189560038E51F26C200B58B3D600024A237E3]
[u] c:\windows\system32\langwrbk.dll	[PX5: 9D631F11006B809B5E3F01D350AD5A00BB8049E3]
[u] c:\windows\system32\lanman.drv	[PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2]
[u] c:\windows\system32\lights.exe	[PX5: BA6737C4005510D574B600F420A96700DE563870]
[u] c:\windows\system32\lodctr.exe	[PX5: 91495D390002F7261418001888D3DF0078863D42]
[u] c:\windows\system32\loghours.dll	[PX5: 5BF574DE00661463C6C600FA855DD400DD3CA2D3]
[u] c:\windows\system32\lpq.exe	[PX5: 1F0E55AF00A1F08A182800282F2C2900AAC28C38]
[u] c:\windows\system32\lpr.exe	[PX5: 82062E7200C988DB22A300948AE4CC0002953983]
[u] c:\windows\system32\lprmonui.dll	[PX5: 03B568AA00796F2C24BE0058CC761300D852FE7D]
[u] c:\windows\system32\lzexpand.dll	[PX5: 91470E2FD0E18E01263D006490DF71006BAC8026]
[u] c:\windows\system32\mag_hook.dll	[PX5: CFFACE9100DAB49F20920015EE4079008CDF98B7]
[u] c:\windows\system32\mapistub.dll	[PX5: 77CE006E0094CBFAB6940177F1356D0035600D22]
[u] c:\windows\system32\mcd32.dll	[PX5: 2A9594C100E3B83A28C100B6FADBE900CFDF34AA]
[u] c:\windows\system32\drivers\mcd.sys	[PX5: 874B185900D5916B1EF900C2FE181D00136FAB22]
[u] c:\windows\system32\mcdsrv32.dll	[PX5: AC1B62C900A6751929F000CAA4211200005F1832]
[u] c:\windows\system32\mciavi.drv	[PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8]
[u] c:\windows\system32\mcicda.dll	[PX5: 0DA6E175000EA08A4439008461784F00C0D40C82]
[u] c:\windows\system32\mciole16.dll	[PX5: 60D6406C00FB0E4220DE00EE027C8A002D7CC3BB]
[u] c:\windows\system32\mciole32.dll	[PX5: F6DE324D00A468C91E00003B3C2E07009BA3DCAB]
[u] c:\windows\system32\mciseq.drv	[PX5: 6F3561B8D089079262B000F61C353D001FC85F9C]
[u] c:\windows\system32\mciwave.drv	[PX5: 2D1A8D9600222A826E980084C50D45003B805765]
[u] c:\windows\system32\mdhcp.dll	[PX5: CDAA471C00BD4952C44300F8565CA9008B33804A]
[u] c:\windows\system32\mdwmdmsp.dll	[PX5: 8929DBC10006A516425D021FD20C8800227CA1D7]
[u] c:\windows\system32\mem.exe	[PX5: 6AD026121A847E269AD1009E08067900987AFFEC]
[u] c:\windows\system32\mfc40.dll	[PX5: 16D6E43310507C451B300EED26A0AE008707D019]
[u] c:\windows\system32\mfc40loc.dll	[PX5: 4515B8A4002C295AB0DA00FCDF067200DD5F6EF9]
[u] c:\windows\system32\wdmioctl.dll	[PX5: F269D3FA0031705B7636000BFAA5BC0047BC2AFC]
[u] c:\windows\system32\mll_hp.dll	[PX5: 664063F9001CB3AA0EBA00D509413200B79BCD14]
[u] c:\windows\system32\mll_mtf.dll	[PX5: 89BFACBB000C60AB1E55003B3C2E070065476AE8]
[u] c:\windows\system32\mll_qic.dll	[PX5: 08E2A6F500223E5116320085CE9DF00024578A17]
[u] c:\windows\system32\mmdrv.dll	[PX5: 10FFA6C500BC1E2E30680013AA59C6006C47E52F]
[u] c:\windows\system32\mmtask.tsk	[PX5: AAB73D4B80F9CFED040D00CDD00A1100133751C6]
[u] c:\windows\system32\mmutilse.dll	[PX5: 5B19A7C30025B470D44C014442CA0700E4019219]
[u] c:\windows\system32\mode.com	[PX5: 2E93A30400625BBF4CE400E712EA290044D98CF0]
[u] c:\windows\system32\modex.dll	[PX5: 095BD1948070B81D273000FFF5669A005A8E109B]
[u] c:\windows\system32\mountvol.exe	[PX5: 950D5FA80073BAFC2086006B5E8AEA003FC4D46E]
[u] c:\windows\system32\mpnotify.exe	[PX5: 5E082F3600FBCDFB56B7003B7441B300D2B4C13B]
[u] c:\windows\system32\mprddm.dll	[PX5: D700F4F90099829D0EFA01D9BB898C00B9BE1A0F]
[u] c:\windows\system32\mprui.dll	[PX5: 0177A32A00359BAAB80400603DBC0500BE96B1E3]
[u] c:\windows\system32\mqcertui.dll	[PX5: 05E28EF900505A972A980062E46D5A001E753199]
[u] c:\windows\system32\mqgentr.dll	[PX5: 772BBC130064B836EE5C00C399F4C400AF7617D2]
[u] c:\windows\system32\mqoa10.tlb	[PX5: 890539B100B9EDB7901000117E1B4900F43C71DE]
[u] c:\windows\system32\mqoa20.tlb	[PX5: 225AC36C00DB27AED80E002EE74ADF0006AD44A3]
[u] c:\windows\system32\mqoa.tlb	[PX5: 8312043700FA29423EC8014E4E2C9C000754A541]
[u] c:\windows\system32\mqperf.dll	[PX5: 4280D4F600AF2546201D000321D4360018CA2389]
[u] c:\windows\system32\mrinfo.exe	[PX5: B670D28200A973AF38CC008DB4842B00C4FEF66B]
[u] c:\windows\system32\msaatext.dll	[PX5: C4C283F1002389DA925D01FDC9418A008225E293]
[u] c:\windows\system32\msacm.dll	[PX5: 9509859960B48961EF3C0048E192C7002EB67DBB]
[u] c:\windows\system32\msaudite.dll	[PX5: 56340F75009355082629013C5B67AB001024352D]
[u] c:\windows\system32\mscat32.dll	[PX5: F6CF2A340087129C1CF2000A3C3556004FD28ABB]
[u] c:\windows\system32\msencode.dll	[PX5: F34AEEE64A28C8C7702E01989094D9005447DE3B]
[u] c:\windows\system32\msobjs.dll	[PX5: 4C7693F6007A43309AD900017A01FD005C932F40]
[u] c:\windows\system32\msports.dll	[PX5: 60CA55A400EE0C1AA68A00332E0FE9003A46FBD8]
[u] c:\windows\system32\msratelc.dll	[PX5: C1FA8CEE000E8B57FA0B00DF08A1AA008FE6B39B]
[u] c:\windows\system32\mssign32.dll	[PX5: E8DA9AA8004C4EB88E25006991013C00013194A0]
[u] c:\windows\system32\mssip32.dll	[PX5: 421532B400EBAD1512DB002CBACA7F0056EFEC9E]
[u] c:\windows\system32\msswch.dll	[PX5: DB83982900370724340E00B83641740065D23472]
[u] c:\windows\system32\msswchx.exe	[PX5: ABE92CDE0015D4071A2800C101B17F00CE29F367]
[u] c:\windows\system32\kbdblr.dll	[PX5: 3A6EE5860029A0B51678008DE1F1DE0042AF5F06]
[u] c:\windows\system32\kbdbu.dll	[PX5: BA8C93540032EFE2167E0013D1916A00447F56A2]
[u] c:\windows\system32\msvbvm50.dll	[PX5: AB1E8FA100B911FAB06314723D5B3D00FCADA405]
[u] c:\windows\system32\msvcp50.dll	[PX5: 4BB90EF900B92922A216081EDED87300EAD1CE5E]
[u] c:\windows\system32\msvideo.dll	[PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3]
[u] c:\windows\system32\msxml2r.dll	[PX5: 0C84D0FB10E4977AAD8E003B3C2E0700B4E0D38C]
[u] c:\windows\system32\msxmlr.dll	[PX5: E89F740100EFB7857A1100B6632176007D489053]
[u] c:\windows\system32\mapi32.dll	[PX5: 77CE006E0094CBFAB6940177F1356D0035600D22]
[u] c:\windows\system32\narrhook.dll	[PX5: D6BAA4C7009812448E6200B4AC571B0025CCFD5C]
[u] c:\windows\system32\nbtstat.exe	[PX5: BF04663A005F4021569800FC697D4B001F11AD3B]
[u] c:\windows\system32\ncpa.cpl	[PX5: F96D363E009B4BD58C3D00A5C785D900C31CB145]
[u] c:\windows\system32\ncxpnt.dll	[PX5: 88EBDE83004225C51EC00003BE720300A994E7C7]
[u] c:\windows\system32\netapi.dll	[PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9]
[u] c:\windows\system32\neth.dll	[PX5: 8C1735C700D9C6606C250425C196AD00E912E270]
[u] c:\windows\system32\netui2.dll	[PX5: 0A3C6E24008D22B0BCC6044CDC2A0000CFE8CCD1]
[u] c:\windows\system32\netware.drv	[PX5: EDF56E466001B55B0AA60041140247008D222BEB]
[u] c:\windows\system32\drivers\nikedrv.sys	[PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9]
[u] c:\windows\system32\nlsfunc.exe	[PX5: A4D1F0AFBC3190781B71004FE07BA7005F811B97]
[u] c:\windows\system32\ntdsbcli.dll	[PX5: B11829BE002229D566A10036DAA52100D5962C16]
[u] c:\windows\system32\ntmsevt.dll	[PX5: 590B963C00EEE1ABAC570064E789180025A384F4]
[u] c:\windows\system32\nw16.exe	[PX5: 1C9B00C8B43E1DAB0C9E000EA41604005E45243C]
[u] c:\windows\system32\nwapi16.dll	[PX5: 77A3859500EA47B84437008354A14B00F8FEE881]
[u] c:\windows\system32\nwc.cpl	[PX5: 3F7F3A37008DD755927F001FFE8E6700C62C8C01]
[u] c:\windows\system32\nwcfg.dll	[PX5: 950CBF560042048050000025EBA96D005CF62FF6]
[u] c:\windows\system32\nwevent.dll	[PX5: 891AFBCD005BD67A18A700B6E45CDF00C6FA2066]
[u] c:\windows\system32\drivers\nwlnknb.sys	[PX5: 04BB889700AAB944F73D0096D8122400A0912260]
[u] c:\windows\system32\drivers\nwlnkspx.sys	[PX5: 38D410228045AB3DDA820098A4E752008EA9780C]
[u] c:\windows\system32\nwscript.exe	[PX5: 3B3753F100D6782AF88C01016864D500B1E9E452]
[u] c:\programmi\malwarebytes' anti-malware\mbamgui.exe	[PX5: A3F88E9990E9E8631869066471B2760063DB16D1]
[u] c:\windows\system32\ole2.dll	[PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31]
[u] c:\windows\system32\ole2disp.dll	[PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7]
[u] c:\windows\system32\wbem\winmgmt.exe	[PX5: 9C10452000CBBED8366D005C26A46E00A2CA36C3]
[u] c:\windows\system32\ole2nls.dll	[PX5: 09B13294B021FA9E558F026E08072F00900228B5]
[u] c:\windows\system32\olecli.dll	[PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD]
[u] c:\windows\system32\olesvr.dll	[PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F]
[u] c:\windows\system32\panmap.dll	[PX5: 82434ADA006A9EDB283200714DA25900A90B792C]
[u] c:\windows\system32\pathping.exe	[PX5: DB32D2D400CAC0BD58E800597717C400035340B7]
[u] c:\windows\system32\kbdru.dll	[PX5: 7E9E7F6F00689AD216A800B9E05CFE007379647D]
[u] c:\windows\system32\kbdru1.dll	[PX5: F78CD54300BE7A5716410073AD735B00BC18AAD7]
[u] c:\windows\system32\kbdycc.dll	[PX5: D5D525F30029A795163300526880C200CEFEEB97]
[u] c:\windows\system32\kbdur.dll	[PX5: F67486210059386D16530005D2674D0049AFC121]
[u] c:\windows\system32\kbdkaz.dll	[PX5: 9C60E7270020E3381611009CFCA71800B367CE4F]
[u] c:\windows\system32\kbduzb.dll	[PX5: 08CBFA1B009B5FC9162B00341E918C00437DEA64]
[u] c:\windows\system32\kbdaze.dll	[PX5: 9B72CA830012D1061679007C84FE8800C4F6549E]
[u] c:\windows\system32\kbdtat.dll	[PX5: 57244493000E4A0A166900B8D1F1A400CB7C2EEE]
[u] c:\windows\system32\kbdmon.dll	[PX5: 590AFBD300F132321664000844395400B2DD7613]
[u] c:\windows\system32\kbdkyr.dll	[PX5: 0FB75D67000B1AE21611002F983C48000D4B729B]
[u] c:\windows\system32\perfnw.dll	[PX5: 5B7BD89D00CF445716BF00A78523C7009F85134F]
[u] c:\windows\system32\pifmgr.dll	[PX5: 1D1E2515002D40F98AE600A417A793008C16C21D]
[u] c:\windows\system32\ping6.exe	[PX5: E85E900B00A1BA7E84A80030DFE16B00ECC7AB3F]
[u] c:\windows\system32\plustab.dll	[PX5: FA9BF76500A83A1678E500D926C7170058367E58]
[u] c:\windows\system32\pmspl.dll	[PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93]
[u] c:\windows\system32\prflbmsg.dll	[PX5: D73CF96B00561B2A465900894BEB8E0086109E9C]
[u] c:\windows\system32\print.exe	[PX5: 58C5064400E46753241F0026DEFDC400C59495C7]
[u] c:\documents and settings\me\impostazioni locali\temp\nsv59e.tmp\system.dll	[PX5: DBA0831C006BD10B283E00AE3D1A680042DAA1A3]
[u] c:\windows\system32\psnppagn.dll	[PX5: A9455AA300B76328206A008264082B00786A2043]
[u] c:\windows\system32\qosname.dll	[PX5: 3B881B9400403ACB2036003533585000C8DC08DD]
[u] c:\windows\system32\rasautou.exe	[PX5: 073BF7D4002FAA822EB30020FA40FF002798F70A]
[u] c:\windows\system32\rasdial.exe	[PX5: 8E03551B0027E8D42E16003F40470300DF228951]
[u] c:\windows\system32\rasmontr.dll	[PX5: 5EFCD02C009A94B04CEE020963240D006211D43F]
[u] c:\windows\system32\rasmxs.dll	[PX5: CA7649DA00CA55BE58650061B2F99600AF38F0E3]
[u] c:\windows\system32\rasrad.dll	[PX5: 151345050063D9585CD4005AF61A1000175757E3]
[u] c:\windows\system32\rasser.dll	[PX5: 8B74EB6C005C5DA53293002798B87C0063B6FFA9]
[u] c:\windows\system32\drivers\rawwan.sys	[PX5: 3623B25780ED679386B1006F511AA700A8DBED63]
[u] c:\windows\system32\recover.exe	[PX5: FAD8ED58001F25BA1CD20093F9699A00D6B3F4BE]
[u] c:\windows\system32\regedt32.exe	[PX5: 5F666904007EF47D0EEF00DEA6EA0000B79BCD14]
[u] c:\windows\system32\regwiz.exe	[PX5: 005D1C7F005FD1421250007D29C16F0094D14B57]
[u] c:\windows\system32\relog.exe	[PX5: 415C16A2005019B8847D00F136A51A00D90C9F94]
[u] c:\windows\system32\rend.dll	[PX5: 7C449AC8006ECBE5A4C5016FB47FF9009A3AE71F]
[u] c:\windows\system32\replace.exe	[PX5: 4FF2D81E006A9B2A3299003E2DA87B001A343D41]
[u] c:\windows\system32\drivers\rio8drv.sys	[PX5: 689BF8B80051228F2F8000540597A5009049C8B5]
[u] c:\windows\system32\drivers\riodrv.sys	[PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7]
[u] c:\windows\system32\rnr20.dll	[PX5: 0408AABF00AD1CD40C64008EBFD8A800B79BCD14]
[u] c:\windows\system32\drivers\rootmdm.sys	[PX5: F3E7979300A8EEA3177100743639FF0080591A18]
[u] c:\windows\system32\route.exe	[PX5: 84958A9500289CDA52A6001BCA4EB40057400E7A]
[u] c:\windows\system32\routemon.exe	[PX5: 4341611B0085F58A64BD0070A6DB9F0090820F7E]
[u] c:\windows\system32\routetab.dll	[PX5: 8E7D33650076C19B1AFA0070AD348700EE0C2E24]
[u] c:\windows\system32\rpcns4.dll	[PX5: 5BB0403400976F1356BC0073DC6DDF00FD9A758A]
[u] c:\windows\system32\rsfsaps.dll	[PX5: A83F991C0078B05B70D800A4E5C76A001237E50B]
[u] c:\windows\system32\rsm.exe	[PX5: FA316BCF000B02A4CE630054E512E200FF84D29D]
[u] c:\windows\system32\rsmsink.exe	[PX5: 3D269E7000AFAF5B600200C8B3DD6300817104C1]
[u] c:\windows\system32\rsmui.exe	[PX5: C1AE9A9100BD61ABC0D300A5320A7F00FE6A647A]
[u] c:\windows\system32\rsopprov.exe	[PX5: 52A96E5500A753C7F64A00BC5F3FED0046AD4E55]
[u] c:\windows\system32\rsvpmsg.dll	[PX5: BFF34EF400CF99BB6C1F001D8D7360006DEBB56E]
[u] c:\windows\system32\rtm.dll	[PX5: 29FCF43800EF1161805D01E1B052720021E21CAA]
[u] c:\windows\system32\runas.exe	[PX5: DC8BFE320070554B42CE005983C0F10083BCD01F]
[u] c:\windows\system32\sc.exe	[PX5: 18AC565A00FD9A7B7A3E0057919B90002615258F]
[u] c:\windows\system32\scardssp.dll	[PX5: BBE6956C00DEFBBED09D017C8DC2610008492107]
[u] c:\windows\system32\scoit.dll	[PX5: 6CFAB33330BB407D60D90039737CA100E12D525B]
[u] c:\windows\system32\scredir.dll	[PX5: 80F128F600A49C14680D0061FCC70700A9EE0593]
[u] c:\windows\system32\scriptpw.dll	[PX5: C3E79BBD006D878628BF0031096C500061FC6A52]
[u] c:\windows\system32\scrrnit.dll	[PX5: 5D2157E032708907600700B1C7F6E10036FED01E]
[u] c:\windows\system32\sdpblb.dll	[PX5: 5A351F4B00F0D5EAFCB1011BAE3B1C00F43EAB07]
[u] c:\windows\system32\serialui.dll	[PX5: 5B8E3AD70048CA563AAC00B9A3135500CE747FE3]
[u] c:\windows\system32\serwvdrv.dll	[PX5: 333C393F004074D63A01009289D1B9001CF63C09]
[u] c:\windows\system32\setupdll.dll	[PX5: E5E0965D002355945E97064AECABE1003585EB2A]
[u] c:\windows\system32\setver.exe	[PX5: CC846963C31918572E88007E55285C00DBD8EDF9]
[u] c:\windows\system32\sfc.exe	[PX5: 845E610C000EDEE7282D0020F754BC00E632D4B5]
[u] c:\windows\system32\sfmapi.dll	[PX5: FDC3472B00CAD4085C0A006DCFB3A20086BEAC28]
[u] c:\windows\system32\share.exe	[PX5: 68062C0E72CE86AB03780001B5B47F00DC855A06]
[u] c:\windows\system32\sisbkup.dll	[PX5: FB99A7550065F075364300B2346CEE0039F770F2]
[u] c:\windows\system32\skdll.dll	[PX5: 743D46BE00A7FBD1163D007BFAC9F400EA2FE43D]
[u] c:\windows\system32\slbrccsp.dll	[PX5: F5C9E377005CB34D3CC50035F47D03007EFF86DF]
[u] c:\windows\system32\drivers\smclib.sys	[PX5: 8A9722BD003AC63939580092009AC20088FC78D8]
[u] c:\windows\system32\softpub.dll	[PX5: F195FD93008423D1165800B78E475500D6E40F59]
[u] c:\windows\system32\spnike.dll	[PX5: 99092AC800B95387106001B9947B870061A888C2]
[u] c:\windows\system32\sprio600.dll	[PX5: EC32816D00CAB07514FB014882329300CD6D9802]
[u] c:\windows\system32\sprio800.dll	[PX5: ED26A9C200020FF41AD901E7578A220075886C66]
[u] c:\windows\system32\sqlwid.dll	[PX5: B093CF0A1B5445C96052006431D8C7002B11BDF9]
[u] c:\windows\system32\sqlwoa.dll	[PX5: 69487F1D1B401CB7C0C2005765E5B1005EC2274D]
[u] c:\windows\system32\storage.dll	[PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292]
[u] c:\windows\system32\subst.exe	[PX5: BA677B8C005AD7C924CD0036E3ACC60076D8542B]
[u] c:\windows\system32\svcpack.dll	[PX5: 35CC295C00E1D4A118A10075B36A9B003E044349]
[u] c:\windows\system32\swprv.dll	[PX5: D41A6178006E0E581E66026FDF4D2F003047EC2C]
[u] c:\windows\system32\syncapp.exe	[PX5: E34EA18E003E8C6EC8FA00E884C83D00C14BA38C]
[u] c:\windows\system32\sysedit.exe	[PX5: 48EBFA4F6771787B4B6600FBD5C7AF009D2F3E6A]
[u] c:\windows\system32\sysinv.dll	[PX5: 560E63A100E374613E20008721EE29003C5157ED]
[u] c:\windows\system32\syskey.exe	[PX5: 1B8610A40092A668924800A1C95DD3005950DB1C]
[u] c:\windows\system32\tapi.dll	[PX5: EE5CF04A00F6C1534B5500976A056A00B9458478]
[u] c:\windows\system32\tapiui.dll	[PX5: 2FD8C31A0010857750EB01AEE8B36E00E631A8D8]
[u] c:\windows\system32\taskman.exe	[PX5: 3F2A394F00E022653CEA00BD2EAB5600006CD7F7]
[u] c:\windows\system32\tcmsetup.exe	[PX5: 0A2189FB004EF5EC3238005BF620B40046A23963]
[u] c:\windows\system32\tcpsvcs.exe	[PX5: 67AA759E004C70D04C7F00C5C1C4F70009E2F216]
[u] c:\windows\system32\telephon.cpl	[PX5: EAA4FBDC00B97C6E6E7E008543C54B002A19C0EB]
[u] c:\windows\system32\tftp.exe	[PX5: 8835A79100B0226D44F100D59B3E0400B19607DF]
[u] c:\windows\system32\toolhelp.dll	[PX5: 87219368400265353643009B30E21C003936EBD7]
[u] c:\windows\system32\drivers\tosdvd.sys	[PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE]
[u] c:\windows\system32\tracert6.exe	[PX5: 107ACA8D0004AA7D7E39000D5F25EB00AE9DDD2A]
[u] c:\windows\system32\drivers\tsbvcap.sys	[PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD]
[u] c:\windows\system32\tsd32.dll	[PX5: 987997CF00B055B33C8D000A392BC4002C255B4F]
[u] c:\windows\twain.dll	[PX5: A27BE63E602EB21172A80198A1207F0013B910A1]
[u] c:\windows\twunk_16.exe	[PX5: F36A27171006EDD2C23C0094956AFB0056981184]
[u] c:\windows\twunk_32.exe	[PX5: 5D53387700CBFAF764B000A2172748007BC630AF]
[u] c:\windows\system32\typelib.dll	[PX5: C0620321C004C14EB60D020DCCE16200701F9AEA]
[u] c:\windows\system32\typeperf.exe	[PX5: F6F17B700046868192F2006CF0460F00D3D78179]
[u] c:\windows\system32\ufat.dll	[PX5: E1F0D54100187CFA4295014192528700FA283031]
[u] c:\windows\system32\umdmxfrm.dll	[PX5: 6B37195800BBCADC34F3008CAF26D3000A7FB4E2]
[u] c:\windows\system32\unlodctr.exe	[PX5: B1ACD2830091C7CF102C0077FDE76000B79BCD14]
[u] c:\windows\system32\ureg.dll	[PX5: 40EB02030059304E460F008633E6290042BF4B01]
[u] c:\windows\system32\vbsit.dll	[PX5: 85149F4630B1E8D160F2005A709C39005605A9E5]
[u] c:\windows\system32\vcdex.dll	[PX5: 0E0F742F00A896FB1E4E003B3C2E07007421EAED]
[u] c:\windows\system32\drivers\vdmindvd.sys	[PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF]
[u] c:\windows\system32\ver.dll	[PX5: 92D3F081D312817123B8004A4A48DC00442A6851]
[u] c:\windows\system32\verifier.exe	[PX5: E1A2F01E004E29308E70017243870300A76A1DBB]
[u] c:\windows\system32\vfpodbc.dll	[PX5: 8D89E13037A1B4C450B1002DDDE82A0017C24646]
[u] c:\windows\fonts\vgaoem.fon	[PX5: 6CA95C4D3080777B140100C1C8350800A078F465]
[u] c:\windows\system32\vjoy.dll	[PX5: D286A0960086839812D6002870F0FF000FC9523F]
[u] c:\windows\system32\vss_ps.dll	[PX5: A5E867BA005B2F5342B8008937BB7300FE60BBE7]
[u] c:\windows\system32\vssadmin.exe	[PX5: CD77247800A711D18448004A4C3BDF00C6D8B1E7]
[u] c:\windows\system32\vwipxspx.dll	[PX5: C131DD3D00BFFDF24CDA00848840E800711E306A]
[u] c:\windows\system32\vwipxspx.exe	[PX5: F773625B744A8F7B042400A2998D2E00B79BCD14]
[u] c:\windows\system32\w32tm.exe	[PX5: BB6EFD6900672B9FCCCC001305D6EA006C72D3FB]
[u] c:\windows\system32\webhits.dll	[PX5: 77C7549F00B02E68A0830037FA360900F3E6870E]
[u] c:\windows\system32\wiasf.ax	[PX5: BEEB200C00716B439E9E00E632314E00E293AE62]
[u] c:\windows\system32\wiavusd.dll	[PX5: CC2C64DB009D9F813874022307DBEE003E1E8A5C]
[u] c:\windows\system32\wifeman.dll	[PX5: 88232AF200852544242E00CD95A0FD0002EE7140]
[u] c:\windows\system32\win87em.dll	[PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F]
[u] c:\windows\system32\win.com	[PX5: 4E1E179E00A1B00F481B003D92602E007213FB7F]
[u] c:\windows\system32\winfax.dll	[PX5: 1C7F1A930009050E24C200B8704D5100A126C26C]
[u] c:\windows\winhelp.exe	[PX5: CE4758B55BC6012FEB2303D72C946900E7446DFD]
[u] c:\windows\system32\winhlp32.exe	[PX5: 959922AE00476AA820F300DF4BE16100DEFA2832]
[u] c:\windows\system32\winmsd.exe	[PX5: 2AC194120007524F2EEA003A8F5AE300B146CA6A]
[u] c:\windows\system32\winsock.dll	[PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14]
[u] c:\windows\system32\winspool.exe	[PX5: F5BB157440E5748C08D600021F9AD300B79BCD14]
[u] c:\windows\system32\winstrm.dll	[PX5: A28B81D200D5D4D8526C00229DB14A000D8ACBD3]
[u] c:\windows\system32\wmerrita.dll	[PX5: 8A34235D00AC92A7E0440092B47FA100165D02CE]
[u] c:\windows\system32\wmiprop.dll	[PX5: 38D580FF00291BD74AC4003F048E500087980CDD]
[u] c:\windows\system32\wmiscmgr.dll	[PX5: E91D8ACF00D4DD20DC720020927B910036DD2AB6]
[u] c:\windows\system32\wowdeb.exe	[PX5: C1613D5DB0A80A260ABB006471357400B79BCD14]
[u] c:\windows\system32\wowfax.dll	[PX5: 189AEFAF802D73790CD7007E71B0C700B79BCD14]
[u] c:\windows\system32\wowfaxui.dll	[PX5: 50FD453B0082D3D1387E0069EC5CD6003AAF27C0]
[u] c:\windows\system32\drivers\ws2ifsl.sys	[PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545]
[u] c:\windows\system32\wshatm.dll	[PX5: AB33A7F400D0B9B22452001B0A9A62007D8946D7]
[u] c:\windows\system32\wshisn.dll	[PX5: 181A93030081DC642E79005B77A90C00564D61B7]
[u] c:\windows\system32\wshnetbs.dll	[PX5: 0B83A119000A99EB1CE9006990E88A00848A7CBB]
[u] c:\windows\system32\wupdmgr.exe	[PX5: 0D7ADEAF00C0A6797E4400E6788704005199B257]
[u] c:\windows\system32\ctl3d32.dll	[PX5: FC3528660045E00E6A0C00635FEFF200D16F8729]
[u] c:\windows\system32\d3dramp.dll	[PX5: 9D3CF90F00EBE45B0296095363D8D400F527F57E]
[u] c:\windows\system32\drivers\fsvga.sys	[PX5: 78ACD409008333CF30C90046F776F800BAB458CE]
[u] c:\windows\system32\idndl.dll	[PX5: 61E0320500ECAE9B66FE004F233969009BE70567]
[u] c:\windows\system32\l3codecx.ax	[PX5: 997E95DB00B47DE44618015A5D379D00AC2785D5]
[u] c:\windows\system32\lnkstub.exe	[PX5: B7EEE0D400145875687200521BB55C0029DB8F26]
[u] c:\windows\system32\migpwd.exe	[PX5: 336A1A2A00F484F6CC3500BCD852650080D020FF]
[u] c:\windows\system32\msfeedssync.exe	[PX5: FA0E4E60004D610F30FB00727688CF008D2D9800]
[u] c:\windows\system32\msr2c.dll	[PX5: A604F9A300FDBCC4101901D751665500520647C7]
[u] c:\windows\system32\msr2cenu.dll	[PX5: 2C9DB74400747F6E1C580080B256FE00460E35DF]
[u] c:\windows\system32\msrclr40.dll	[PX5: 0B3ACE4A4A26088C205901F2E00DCD0082B4AAC1]
[u] c:\windows\system32\msrecr40.dll	[PX5: 8713FF0D4A8F84F970B1008FBC4042008D92F865]
[u] c:\windows\system32\msvcrt20.dll	[PX5: 6566538900FFFAB7E0D703DC77F39900C0D36C47]
[UP] c:\windows\system32\nhelper.exe	[PX5: 079EEC0E00102765A63200D45E5D3B000F8F5CB1]
[u] c:\windows\system32\nlsdl.dll	[PX5: A241FEE800B5407C605300CCC4620600715D2FFE]
[u] c:\windows\system32\osuninst.exe	[PX5: 15811BF900720B5EA04E00A32D10BF00E9AAC7D2]
[u] c:\windows\system32\paqsp.dll	[PX5: CFF5BD7A000F465868EE02B7F6EC6200E5FC949C]
[u] c:\windows\system32\pentnt.exe	[PX5: 9911CD37009E1BF33C3400A20578F60082519B56]
[u] c:\windows\system32\rdpcfgex.dll	[PX5: 648184F200AE0568123C00C1F661D900A8042FB8]
[u] c:\windows\system32\wbem\winmgmtr.dll	[PX5: D47427AE00F6C8BD44BB0069DFB3CE00E557B805]
[u] c:\windows\system32\usrcntra.dll	[PX5: 114DC3B03CADF53EF0E500B0109D2800348FA0AD]
[u] c:\windows\system32\usrcoina.dll	[PX5: 51B8010B43DA8A93105B011D8DC7090004CCBE52]
[u] c:\windows\system32\usrdpa.dll	[PX5: 1A2C212842C286DC30EB016869B8EE0001657092]
[u] c:\windows\system32\usrdtea.dll	[PX5: F08EFB65392E343BF0B10471443E2F003B21FB49]
[u] c:\windows\system32\usrfaxa.dll	[PX5: 9882066F39AA3AED506A017693849A009709731B]
[u] c:\windows\system32\usrlbva.dll	[PX5: F3EF7D6B39F01C1AD070009BB622ED00F0667E8B]
[u] c:\windows\system32\usrmlnka.exe	[PX5: 875743FC4374140730F5013A65F269004FCAFAE7]
[u] c:\windows\system32\usrprbda.exe	[PX5: 2DE730A944775F19F07C0038288B24009F1357D0]
[u] c:\windows\system32\usrrtosa.dll	[PX5: 632368733B345AB030840176289F7A000917C72D]
[u] c:\windows\system32\usrsdpia.dll	[PX5: 391E6D863B547BA4C05C00AA74A9C100C649DD26]
[u] c:\windows\system32\usrshuta.exe	[PX5: BF8E9F49445F76501093018A4F91D7004F29A4A0]
[u] c:\windows\system32\usrsvpia.dll	[PX5: 0EAEEE7A3BA2956AA02100FA28A172003C5D8C52]
[u] c:\windows\system32\usrv42a.dll	[PX5: 8FB8F48839B81AED908201D99708C900B31AE85B]
[u] c:\windows\system32\usrv80a.dll	[PX5: 3E101E1839C4CFFEC00900D048B7940018D7E028]
[u] c:\windows\system32\usrvoica.dll	[PX5: 918ABC413CBB8D91B03800A09723AD00FD9982D4]
[u] c:\windows\system32\usrvpa.dll	[PX5: 879D6E703B8B1009C09F001E2B1066001B7F3862]
[u] c:\windows\vmmreg32.dll	[PX5: 335647CF0034A84E4AE000B273D0BD00326B6A91]
[u] c:\windows\fdsv.exe	[PX5: 6F7A62FCA077B08A5D6001A3FD295E0099F540C9]

wjmat · 13-03-2009, 19:39

x Darshee

i log caricati secondo le regole di sezione, grazie

Darshee · 13-03-2009, 20:53

Mi spiace ma posso solo metterli sotto CODE: per qualche motivo non mi funziona l'upload nei siti indicati (e nemmeno come allegati nelle email).

Se ci sono altri modi alternativi che mi sono sfuggiti fatemi sapere per favore così li metto giusti...

Edit: mi accorgo ora che è arrivato il post con la prima parte del log di prevxcsi (prima mi compaivasolo una pagina bianca); lo tolgo o aggiungo anche la seconda parte?

wjmat · 13-03-2009, 22:45

hjt non è completo
per caricarlo negli allegati va rinominato in .txt perchè originariamente viene salvato come .log

Darshee · 17-03-2009, 18:26

Ora ho disinstallato il firewall e riesco a uploadare i files... Che faccio, li cancello dai log precedenti e li metto tutti qui?

Quello di HJT di quel giorno è tutto lì...
Se può servire fatto ora, l'ho messo qui

bozzato · 18-03-2009, 21:03

navigavo dal cel e scaricando qualcosa ho infettato la memory sd...
messa sul pc, per cautela, l'ho scansionata con avast...
a trovato su 2 serial di avast (scaricati dal cel) virtumonde TT e vitro...

la memory l'ho inserita nel pc con shift premuto...(quindi senza autoplay)...
domani farò subito una scansione con MBAM...

ho il pc nuovo e...mi secca essere colpito già di brutto...

secondo voi sono molte le possibilità che sono ancora infetto?
domani farò tutta la guida....

20:36

"...Premessa:
Virtumonde è un Trojan che fa comparire principalmente fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa, grossi rallentamenti del pc, sostituzione dello screensaver con uno che riproduce i crasch di sistema con schermate blu (BSOD), ecc..
E' correlato al Trojan horse WinFixer...."
nessuna di questi segnali mi succedono...

PS:mi scuso con chill-out....non mi sn ricordato della disc

23-02-2009, 17:13	#6
elgigi87 Junior Member Iscritto dal: Jan 2008 Messaggi: 14	Fatto tutto. Il problema persiste, comunque posto i log 1.Avenger http://www.mediafire.com/?dt0zjemtzyk 2. PrevxCSI http://www.mediafire.com/?wcequntmztt 3. HJT http://www.mediafire.com/?y3mjtm5uw4z PS: ho dimenticato solo di salvare il log di F-Secure perchè non rischiesto nel primo post, però ho effettuato la scansione ed eliminato un paio di files Ultima modifica di elgigi87 : 23-02-2009 alle 17:17.

23-02-2009, 17:29	#7
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	ad.yieldmanager è un Adware.tracking cookie hai fatto pulizia con ATF Cleaner come indicato in Guida? Se no procedi pure, successivamente apri IE - Strumenti - Opzioni controlla i seguenti settaggi: Protezione: Medio-Alta Privacy: Medio-Alta e attiva il Blocco Pop-Up Per F-Secura nella Guida linkata nel primo post è indicato come salvare il log __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier.

10-03-2009, 09:49	#12
Darshee Junior Member Iscritto dal: Mar 2009 Messaggi: 11	Ciao a tutti, domenica ho seguito la procedura del primo post e un riassunto del problema è qui. Ieri, al primo riavvio dopo la disinfezione, sembrava tutto a posto, nel pomeriggio invece si son ripresentati alcuni problemi, in particolare non riesco a navigare neanche nel forum se ho il firewall attivato, ma con nuove scansioni non ho trovato traccia nè di virtumonde nè di nulla. Scusate se non posto secondo le regole di sezione ma non riesco a caricare i log: al momento dell'upload, anche con il firewall disattivato, i caricamenti si bloccano. Grazie in ogni caso Log di MalwareBytes: pulito Log diHijackthis (usato dopo combofix come prescitto nella guida): Secondo l'analizzatore qui è pulito. Posso fidarmi o è meglio pubblicarlo? Log di Combofix (08/03/09): Ultima modifica di Darshee : 13-03-2009 alle 19:11. Motivo: inserire log sotto CODE

12-03-2009, 19:16	#13
Chill-Out Moderatore Iscritto dal: Jun 2007 Città: 127.0.0.1 Messaggi: 25885	Ciao mancano i log di F-Secure - Prevx CSI - HJT __________________ Regole di Sezione ▪ Guida alla Disinfezione ▪ Attenzione: Thread importanti Try again and you will be luckier.

13-03-2009, 19:39	#16
wjmat Senior Member Iscritto dal: Dec 2007 Città: Brianza Messaggi: 14704	x Darshee i log caricati secondo le regole di sezione, grazie __________________ fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording •

23-02-2009, 12:23	#1
xcdegasp Senior Member Iscritto dal: Nov 2001 Città: Fidenza(pr) da Trento Messaggi: 27479	[new] Guida alla disinfezione da Vundo / Virtumonde / Virtumondo / MS Juan Guida alla disinfezione da Vundo / Virtumonde / Virtumondo / MS Juan Premessa: La guida si intende sotto Licenza Creative Commons Virtumonde è un Trojan che fa comparire principalmente fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa, grossi rallentamenti del pc, sostituzione dello screensaver con uno che riproduce i crasch di sistema con schermate blu (BSOD), ecc.. E' correlato al Trojan horse WinFixer. Caratteristiche dell'infezione: Virtumonde attacca i sistemi operativi Microsoft Windows non aggiornati sfruttando falle di sicurezza presenti in Java e programmi di navigazione (browser come InternetExplorer, Opera e Firefox quest'ultimo senza estensione NoScript). Virtumonde sfrutta BHO -assistenti del browser- infetti e DLL correlate a WinLogon ed Esplora risorse per questo risulta difficile da individuare nel task-manager di windows e dal firewall incluso in XP e Vista. I sintomi della sua presenza all'interno del pc sono: Comparsa improvvisa di fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa (come Sysprotect, Storage Protector, AntiSpyware Master, e WinFixer) o rappresentanti schermate di errore di Windows. Cambio dello screensaver in modo da far comparire una riproduzione di una famosa schermata di errore di Windows, il BSOD. Rallentamento generale delle prestazioni del sistema. Attacchi del tipo Denial of Service ad alcuni siti, incluso Google. Alcune versioni di questo Trojan fanno in modo che gli aggiornamenti Automatici di Windows vengano disattivati. Alterazione dei privilegi di un utente del computer al fine di evitare l'installazione di software antivirus. Esistono infinite versioni di questo Trojan e ognuna può risultare più o meno difficile da rimuovere. fonte: http://en.wikipedia.org/wiki/Vundo Procedura di Disinfezione: Disattivate il ripristino di sistema fino a che non sarete stati completamente disinfestati: Fare clic su Start-> Programmi->Accessori->Esplora risorse. Fare clic con il pulsante destro del mouse sull'icona Risorse del computer e quindi su Proprietà. Selezionare la scheda "Ripristino configurazione di sistema". Selezionare la voce "Disattiva ripristino configurazione di sistema" Premere OK. Verrà richiesto di confermare l'azione in quanto saranno eliminati tutti i punti di ripristino memorizzati. Confermare premendo SI. _ metodo per Win-Vista: Per attivare o disattivare Protezione sistema Per aprire Sistema, fare clic sul pulsante StartImmagine del pulsante Start, scegliere Pannello di controllo, Sistema e manutenzione e quindi Sistema. Nel riquadro sinistro fare clic su Protezione sistema. Autorizzazioni di amministratore necessarie Se viene chiesto di specificare una password di amministratore o di confermare, digitare la password o confermare. Per disattivare Protezione sistema per un disco rigido, deselezionare la casella di controllo visualizzata accanto al disco e quindi fare clic su OK. eventualmente non si potesse operare la disattivazione seguire questa guida per forzare la chiusura del ripristino di sistema. Imposta i seguenti server dns ( guida per winXP \| guida per Vista \| guida per router ): 208.67.222.222 208.67.220.220 Scarica ed esegui ATF-Cleaner seguendo queste brevi indicazioni (non richiede installazione), prima chiudi tutte le finestre del browser: nella finestra che si è aperta contrassegnare "Select All" e premere "Empty Selected", poi clickare sul menù "Firefox" e contrassegnare "Select All" e premere "Empty Selected", procedere quindi nello stesso modo anche nel menù "Opera" e infine premere "Empty Selected"; e procedi come qui elencato di seguito rispettandone l'ordine d'esecuzione, se questo non venisse rispettato è molto probabile che i risultati siano assolutamente incerti: * REGOLE di SEZIONE - obbligatoria la lettura!! * collega subito eventuali chiavette USB infette cosicchè vengano ripulite Malwarebytes Anti-Malware -> info e download dopo averlo installato è necessario aggiornarlo e solo dopo eseguire la scansione completa del sistema, è altresì richiesto eliminare tutti gli oggetti identificati e salvare il log della scansione (il file di log da allegare per il controlo si trova nel Tab "File di log"). scollegati da internet e dalla lan ComboFix -> Download Doppio click su combofix.exe e segui le istruzioni Allegare il log C:\combofix.txt N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire) ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza ricollegati a internet e alla lan mantenendo i dns impostati all'inizio della guida F-Secure OnLine: eseguire una scansione via web con F-Secure OnLine Scanner (sia per 32bit che 64bit) -> guida _ sistema alternativo: Kaspersky Virus Removal Tool guida e link al download per snellire il log usare ParserLog -> info & download gli oggetti individuati devono essere rimossi, verrà mantenuto un backup degli oggetti eliminati! Prevx 3.0 -> download \| guida (necessita di connessione internet) a fine scansione eseguire una stampa del monitor o della finestra di Prevx e salvare il log ("options" -> "save a log file") HiJackThis -> download si raccomanda di scompattare HiJackThis in una directory esclusiva, quindi non sul desktop! pubblicare tutti i log richiesti in questo thread e attendere assistenza Trattamento Post Disinfezione Una volta ripulito leggi bene il trattamento post disinfezione, ti aiuta a verificare la configurazione di sicurezza del tuo pc, aggiornare programmi vulnerabili obsoleti ed eliminare eventuali residui inutili dei programmi utilizzati nella guida. Ringraziamenti: si ringraziano Bugs Bunny, Chill-Out e Wjmat __________________ "Visti da vicino siamo tutti strani..." ~\|~ What Defines a Community? ~\|~ Thread eMule Ufficiale ~\|~ Online Armor in Italiano ~\|~ Regole di Sezione ~\|► Guida a PrivateFirewall quinto potere ~\|~ Le illusioni della TV Ultima modifica di xcdegasp : 31-08-2010 alle 22:25. Motivo: inseriti i termini di licenza

23-02-2009, 14:29	#2
elgigi87 Junior Member Iscritto dal: Jan 2008 Messaggi: 14	Salve io ho un problema con le pubblicità e in particolare con ad.yieldmanager. Con ad-aware sono riuscito a bloccare i pop-up ma non ad eliminare il problema, così ho provato tanti programmi di rimozione (Findykill, Malwarebytes', Spybot, spyware terminator, spyhunter...) ma l'unica cosa che fanno è quella di rimuovere i cookie senza eliminare il porblema alla base. Di conseguenza all'apertura di i.e. ad-aware mi segnala il blocco di altri pop-up. A questo punto, non sapendo più cosa fare da solo, ho deciso di disturbarvi. Ho fatto una scansione con HijackThis e vi posto il log. In attesa di una risposta, vi ringrazio anticipatamente http://www.mediafire.com/download.php?mzdym4nqujd

23-02-2009, 16:39	#4
elgigi87 Junior Member Iscritto dal: Jan 2008 Messaggi: 14	Ciao, ho seguito passo passo tutto ciò che è scritto nel primo post e ora carico i vari log... 1. Malwarebytes http://www.mediafire.com/?hnzmqommndj 2.Combofix http://www.mediafire.com/?zyyzzmgmnmv 3.PrevxCSI con stamp della schermata http://www.mediafire.com/?zmmnenaymwo http://www.mediafire.com/imageview.p...mwmdhj&thumb=5 4.HijackThis http://www.mediafire.com/?1imnxm5qjwn Attendo buone notizie....

23-02-2009, 17:38	#8
elgigi87 Junior Member Iscritto dal: Jan 2008 Messaggi: 14	Ho fatto pulizia con ATF Cleaner e impostato il blocco pop-up su i.e. ma solo grazie ad ad-aware riesco a bloccare realmente tali pop-up. La cosa che non capisco è : perchè prima non avevo sti problemi di pop-up, mentre ora devo necessitare di un software per il blocco pop-up? dove sta il problema? è possibile rimuoverlo?

23-02-2009, 17:57	#10
elgigi87 Junior Member Iscritto dal: Jan 2008 Messaggi: 14	Grazie di tutto!! La soluzione firefox con le due estensioni già la conoscevo e la uso, purtroppo ci sono dei siti moooooooooolto legati a internet explorer e quindi sono costretto a farne uso. Comunque il computer sembra andare un pò meglio grazie a tutte quelle pulizie che ogni tanto servono, per cui voglio ringraziarti nuovamente e alla prox!!!

13-03-2009, 20:53	#17
Darshee Junior Member Iscritto dal: Mar 2009 Messaggi: 11	Mi spiace ma posso solo metterli sotto CODE: per qualche motivo non mi funziona l'upload nei siti indicati (e nemmeno come allegati nelle email). Se ci sono altri modi alternativi che mi sono sfuggiti fatemi sapere per favore così li metto giusti... Edit: mi accorgo ora che è arrivato il post con la prima parte del log di prevxcsi (prima mi compaivasolo una pagina bianca); lo tolgo o aggiungo anche la seconda parte? Ultima modifica di Darshee : 13-03-2009 alle 21:30.

13-03-2009, 22:45	#18
wjmat Senior Member Iscritto dal: Dec 2007 Città: Brianza Messaggi: 14704	hjt non è completo per caricarlo negli allegati va rinominato in .txt perchè originariamente viene salvato come .log __________________ fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording •

17-03-2009, 18:26	#19
Darshee Junior Member Iscritto dal: Mar 2009 Messaggi: 11	Ora ho disinstallato il firewall e riesco a uploadare i files... Che faccio, li cancello dai log precedenti e li metto tutti qui? Quello di HJT di quel giorno è tutto lì... Se può servire fatto ora, l'ho messo qui

18-03-2009, 21:03	#20
bozzato Senior Member Iscritto dal: Feb 2009 Messaggi: 481	navigavo dal cel e scaricando qualcosa ho infettato la memory sd... messa sul pc, per cautela, l'ho scansionata con avast... a trovato su 2 serial di avast (scaricati dal cel) virtumonde TT e vitro... la memory l'ho inserita nel pc con shift premuto...(quindi senza autoplay)... domani farò subito una scansione con MBAM... ho il pc nuovo e...mi secca essere colpito già di brutto... secondo voi sono molte le possibilità che sono ancora infetto? domani farò tutta la guida.... 20:36 "...Premessa: Virtumonde è un Trojan che fa comparire principalmente fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa, grossi rallentamenti del pc, sostituzione dello screensaver con uno che riproduce i crasch di sistema con schermate blu (BSOD), ecc.. E' correlato al Trojan horse WinFixer...." nessuna di questi segnali mi succedono... PS:mi scuso con chill-out....non mi sn ricordato della disc

Strumenti
Mostra una versione stampabile Invia questa pagina per email