Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?

Guida all'acquisto e offerte: confronto fra i migliori smartphone di fascia alta
Guida all'acquisto e offerte: confronto fra i migliori smartphone di fascia alta
Quali sono i migliori smartphone top di gamma del 2018? Qual è l'acquisto migliore da fare per chi non ha limiti di budget oggi? Fra iPhone XS, Galaxy S9 o Note 9, e Huawei P20 Pro la scelta non è mai stata così ardua, ma c'è da dire che ci sono anche molti altri smartphone che offrono un'esperienza paragonabile ad un prezzo molto, molto più contenuto. In questa pagina troverete numerosi consigli su come spendere al meglio i vostri soldi
E’ Federico Borella il Photographer of the year 2019
E’ Federico Borella il Photographer of the year 2019
Federico Borella si è aggiudicato il più prestigioso dei titoli al Sony World Photograpy Awards 2019 con un lavoro documentaristico basato su uno spunto tragico quanto originale: la correlazione tra cambiamenti climatici e tasso di suicidi tra gli agricoltori indiani
Darktrace, la protezione per le aziende basata sull'intelligenza artificiale
Darktrace, la protezione per le aziende basata sull'intelligenza artificiale
Darktrace è un'azienda operante nell'ambito della cybersecurity che vanta la tecnologia di machine learning più avanzata al mondo per la cyber defense. Si ispira all'intelligenza di auto-apprendimento del sistema immunitario umano e funziona automaticamente, senza una pregressa conoscenza e senza appoggiarsi alle classiche firme, rilevando e combattendo in tempo reale gli attacchi.
Tutti gli articoli Tutte le news

Vai al Forum
Rispondi
 
Strumenti
Old 23-02-2009, 12:23   #1
xcdegasp
Moderatore
 
L'Avatar di xcdegasp
 
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27353
[new] Guida alla disinfezione da Vundo / Virtumonde / Virtumondo / MS Juan

Guida alla disinfezione da Vundo / Virtumonde / Virtumondo / MS Juan


Premessa:
La guida si intende sotto Licenza Creative Commons
Virtumonde è un Trojan che fa comparire principalmente fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa, grossi rallentamenti del pc, sostituzione dello screensaver con uno che riproduce i crasch di sistema con schermate blu (BSOD), ecc..
E' correlato al Trojan horse WinFixer.



Caratteristiche dell'infezione:
Virtumonde attacca i sistemi operativi Microsoft Windows non aggiornati sfruttando falle di sicurezza presenti in Java e programmi di navigazione (browser come InternetExplorer, Opera e Firefox quest'ultimo senza estensione NoScript).
Virtumonde sfrutta BHO -assistenti del browser- infetti e DLL correlate a WinLogon ed Esplora risorse per questo risulta difficile da individuare nel task-manager di windows e dal firewall incluso in XP e Vista.

I sintomi della sua presenza all'interno del pc sono:
  • Comparsa improvvisa di fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa (come Sysprotect, Storage Protector, AntiSpyware Master, e WinFixer) o rappresentanti schermate di errore di Windows.

  • Cambio dello screensaver in modo da far comparire una riproduzione di una famosa schermata di errore di Windows, il BSOD.

  • Rallentamento generale delle prestazioni del sistema.

  • Attacchi del tipo Denial of Service ad alcuni siti, incluso Google.

  • Alcune versioni di questo Trojan fanno in modo che gli aggiornamenti Automatici di Windows vengano disattivati.

  • Alterazione dei privilegi di un utente del computer al fine di evitare l'installazione di software antivirus.

Esistono infinite versioni di questo Trojan e ognuna può risultare più o meno difficile da rimuovere.
fonte: http://en.wikipedia.org/wiki/Vundo




Procedura di Disinfezione:
Disattivate il ripristino di sistema fino a che non sarete stati completamente disinfestati:
  1. Fare clic su Start-> Programmi->Accessori->Esplora risorse.

  2. Fare clic con il pulsante destro del mouse sull'icona Risorse del computer e quindi su Proprietà.

  3. Selezionare la scheda "Ripristino configurazione di sistema".

  4. Selezionare la voce "Disattiva ripristino configurazione di sistema"

  5. Premere OK. Verrà richiesto di confermare l'azione in quanto saranno eliminati tutti i punti di ripristino memorizzati. Confermare premendo SI.


_ metodo per Win-Vista:
Per attivare o disattivare Protezione sistema
  1. Per aprire Sistema, fare clic sul pulsante StartImmagine del pulsante Start, scegliere Pannello di controllo, Sistema e manutenzione e quindi Sistema.
  2. Nel riquadro sinistro fare clic su Protezione sistema. Autorizzazioni di amministratore necessarie Se viene chiesto di specificare una password di amministratore o di confermare, digitare la password o confermare.
  3. Per disattivare Protezione sistema per un disco rigido, deselezionare la casella di controllo visualizzata accanto al disco e quindi fare clic su OK.

eventualmente non si potesse operare la disattivazione seguire questa guida per forzare la chiusura del ripristino di sistema.


Imposta i seguenti server dns ( guida per winXP | guida per Vista | guida per router ):
208.67.222.222
208.67.220.220


Scarica ed esegui ATF-Cleaner seguendo queste brevi indicazioni (non richiede installazione), prima chiudi tutte le finestre del browser:
nella finestra che si è aperta contrassegnare "Select All" e premere "Empty Selected", poi clickare sul menù "Firefox" e contrassegnare "Select All" e premere "Empty Selected", procedere quindi nello stesso modo anche nel menù "Opera" e infine premere "Empty Selected";



e procedi come qui elencato di seguito rispettandone l'ordine d'esecuzione, se questo non venisse rispettato è molto probabile che i risultati siano assolutamente incerti:
  • *** REGOLE di SEZIONE - obbligatoria la lettura!! ***

  • collega subito eventuali chiavette USB infette cosicchè vengano ripulite

  • Malwarebytes Anti-Malware -> info e download
    dopo averlo installato è necessario aggiornarlo e solo dopo eseguire la scansione completa del sistema, è altresì richiesto eliminare tutti gli oggetti identificati e salvare il log della scansione (il file di log da allegare per il controlo si trova nel Tab "File di log").

  • scollegati da internet e dalla lan

  • ComboFix -> Download
    Doppio click su combofix.exe e segui le istruzioni
    Allegare il log C:\combofix.txt
    N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire)

    ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza

  • ricollegati a internet e alla lan mantenendo i dns impostati all'inizio della guida

  • F-Secure OnLine: eseguire una scansione via web con F-Secure OnLine Scanner (sia per 32bit che 64bit) -> guida
    _ sistema alternativo: Kaspersky Virus Removal Tool guida e link al download
    per snellire il log usare ParserLog -> info & download
    gli oggetti individuati devono essere rimossi, verrà mantenuto un backup degli oggetti eliminati!


  • Prevx 3.0 -> download | guida (necessita di connessione internet)
    a fine scansione eseguire una stampa del monitor o della finestra di Prevx e salvare il log ("options" -> "save a log file")

  • HiJackThis -> download
    si raccomanda di scompattare HiJackThis in una directory esclusiva, quindi non sul desktop!

  • pubblicare tutti i log richiesti in questo thread e attendere assistenza




Trattamento Post Disinfezione
Una volta ripulito leggi bene il trattamento post disinfezione, ti aiuta a verificare la configurazione di sicurezza del tuo pc, aggiornare programmi vulnerabili obsoleti ed eliminare eventuali residui inutili dei programmi utilizzati nella guida.




Ringraziamenti:
si ringraziano Bugs Bunny, Chill-Out e Wjmat

Ultima modifica di xcdegasp : 31-08-2010 alle 22:25. Motivo: inseriti i termini di licenza
xcdegasp è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 14:29   #2
elgigi87
Junior Member
 
Iscritto dal: Jan 2008
Messaggi: 14
Salve io ho un problema con le pubblicità e in particolare con ad.yieldmanager.

Con ad-aware sono riuscito a bloccare i pop-up ma non ad eliminare il problema, così ho provato tanti programmi di rimozione (Findykill, Malwarebytes', Spybot, spyware terminator, spyhunter...) ma l'unica cosa che fanno è quella di rimuovere i cookie senza eliminare il porblema alla base. Di conseguenza all'apertura di i.e. ad-aware mi segnala il blocco di altri pop-up.
A questo punto, non sapendo più cosa fare da solo, ho deciso di disturbarvi. Ho fatto una scansione con HijackThis e vi posto il log.

In attesa di una risposta, vi ringrazio anticipatamente

http://www.mediafire.com/download.php?mzdym4nqujd
elgigi87 è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 14:33   #3
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da elgigi87 Guarda i messaggi
Salve io ho un problema con le pubblicità e in particolare con ad.yieldmanager.

Con ad-aware sono riuscito a bloccare i pop-up ma non ad eliminare il problema, così ho provato tanti programmi di rimozione (Findykill, Malwarebytes', Spybot, spyware terminator, spyhunter...) ma l'unica cosa che fanno è quella di rimuovere i cookie senza eliminare il porblema alla base. Di conseguenza all'apertura di i.e. ad-aware mi segnala il blocco di altri pop-up.
A questo punto, non sapendo più cosa fare da solo, ho deciso di disturbarvi. Ho fatto una scansione con HijackThis e vi posto il log.

In attesa di una risposta, vi ringrazio anticipatamente

http://www.mediafire.com/download.php?mzdym4nqujd
Ciao segui passo passo la Guida indicato al Post#1 http://www.hwupgrade.it/forum/showpo...50&postcount=1
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 16:39   #4
elgigi87
Junior Member
 
Iscritto dal: Jan 2008
Messaggi: 14
Ciao, ho seguito passo passo tutto ciò che è scritto nel primo post e ora carico i vari log...

1. Malwarebytes

http://www.mediafire.com/?hnzmqommndj

2.Combofix

http://www.mediafire.com/?zyyzzmgmnmv

3.PrevxCSI con stamp della schermata

http://www.mediafire.com/?zmmnenaymwo
http://www.mediafire.com/imageview.p...mwmdhj&thumb=5

4.HijackThis

http://www.mediafire.com/?1imnxm5qjwn

Attendo buone notizie....
elgigi87 è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 16:52   #5
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Scarica Avenger da qui http://swandog46.geekstogo.com/avenger2/download.php scompatta l'archivio compresso, avvia Avenger copia ed incolla il seguente script nel box bianco

Quote:
Files to delete:
c:\programmi\uusee\uninstuusee.exe

clicca su Execute, al termine il Pc si dovrebbe riavviare se no riavvia tu manualmente ed allega il log che trovi in C:\Avenger.txt + nuovo log di Prevx CSI + nuovo log di HJT-> (con più applicazioni possibili chiuse, ma con Antivirus attivo)

NB: hai dimenticato la scansione con F-Secure
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 17:13   #6
elgigi87
Junior Member
 
Iscritto dal: Jan 2008
Messaggi: 14
Fatto tutto. Il problema persiste, comunque posto i log

1.Avenger

http://www.mediafire.com/?dt0zjemtzyk

2. PrevxCSI

http://www.mediafire.com/?wcequntmztt

3. HJT

http://www.mediafire.com/?y3mjtm5uw4z

PS: ho dimenticato solo di salvare il log di F-Secure perchè non rischiesto nel primo post, però ho effettuato la scansione ed eliminato un paio di files

Ultima modifica di elgigi87 : 23-02-2009 alle 17:17.
elgigi87 è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 17:29   #7
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
ad.yieldmanager è un Adware.tracking cookie hai fatto pulizia con ATF Cleaner come indicato in Guida? Se no procedi pure, successivamente apri IE - Strumenti - Opzioni controlla i seguenti settaggi:

Protezione: Medio-Alta
Privacy: Medio-Alta e attiva il Blocco Pop-Up

Per F-Secura nella Guida linkata nel primo post è indicato come salvare il log
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 17:38   #8
elgigi87
Junior Member
 
Iscritto dal: Jan 2008
Messaggi: 14
Ho fatto pulizia con ATF Cleaner e impostato il blocco pop-up su i.e. ma solo grazie ad ad-aware riesco a bloccare realmente tali pop-up. La cosa che non capisco è : perchè prima non avevo sti problemi di pop-up, mentre ora devo necessitare di un software per il blocco pop-up? dove sta il problema? è possibile rimuoverlo?
elgigi87 è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 17:49   #9
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da elgigi87 Guarda i messaggi
Ho fatto pulizia con ATF Cleaner e impostato il blocco pop-up su i.e. ma solo grazie ad ad-aware riesco a bloccare realmente tali pop-up. La cosa che non capisco è : perchè prima non avevo sti problemi di pop-up, mentre ora devo necessitare di un software per il blocco pop-up? dove sta il problema? è possibile rimuoverlo?
Sul tuo PC c'erano tracce del Vundo e non solo, ma il problema ad.yieldmanager esula da questo discorso, evidentemente adesso stai navigando su siti dove girano gli advertisemets di yieldmanager ma questo non significa che tu sei infetto, la soluzione definitiva al problema consiste nel sostitutire IE con Firefox più relative estensioni nello specifico AdBlock Plus come indicato qui http://www.hwupgrade.it/forum/showthread.php?t=1726383
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 17:57   #10
elgigi87
Junior Member
 
Iscritto dal: Jan 2008
Messaggi: 14
Grazie di tutto!! La soluzione firefox con le due estensioni già la conoscevo e la uso, purtroppo ci sono dei siti moooooooooolto legati a internet explorer e quindi sono costretto a farne uso.

Comunque il computer sembra andare un pò meglio grazie a tutte quelle pulizie che ogni tanto servono, per cui voglio ringraziarti nuovamente e alla prox!!!
elgigi87 è offline   Rispondi citando il messaggio o parte di esso
Old 23-02-2009, 18:00   #11
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da elgigi87 Guarda i messaggi
Grazie di tutto!! La soluzione firefox con le due estensioni già la conoscevo e la uso, purtroppo ci sono dei siti moooooooooolto legati a internet explorer e quindi sono costretto a farne uso.

Comunque il computer sembra andare un pò meglio grazie a tutte quelle pulizie che ogni tanto servono, per cui voglio ringraziarti nuovamente e alla prox!!!
Prego di nulla, ti suggerisco di leggere attentamente la Guida linkata sopra dove troverai tutta una serie di consigli utili

Ciao
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 10-03-2009, 09:49   #12
Darshee
Junior Member
 
Iscritto dal: Mar 2009
Messaggi: 11
Ciao a tutti, domenica ho seguito la procedura del primo post e un riassunto del problema è qui.
Ieri, al primo riavvio dopo la disinfezione, sembrava tutto a posto, nel pomeriggio invece si son ripresentati alcuni problemi, in particolare non riesco a navigare neanche nel forum se ho il firewall attivato, ma con nuove scansioni non ho trovato traccia nè di virtumonde nè di nulla.

Scusate se non posto secondo le regole di sezione ma non riesco a caricare i log: al momento dell'upload, anche con il firewall disattivato, i caricamenti si bloccano.

Grazie in ogni caso



Log di MalwareBytes: pulito
Log diHijackthis (usato dopo combofix come prescitto nella guida): Secondo l'analizzatore qui è pulito. Posso fidarmi o è meglio pubblicarlo?
Log di Combofix (08/03/09):

Ultima modifica di Darshee : 13-03-2009 alle 19:11. Motivo: inserire log sotto CODE
Darshee è offline   Rispondi citando il messaggio o parte di esso
Old 12-03-2009, 19:16   #13
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Ciao mancano i log di F-Secure - Prevx CSI - HJT
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 13-03-2009, 18:47   #14
Darshee
Junior Member
 
Iscritto dal: Mar 2009
Messaggi: 11
(ho provato a mettere l'ultimo log di prevcsi ma sono 80 pagine di writer... come faccio? o cosa devo cercarci? Diceva che era pulito comunque...)

Ecco... in un primo momento avevo pensato che fossero alternativi (a parte HJT che riporto ora in fondo a questo post; in fondo aggiungo il log di prvxcsi di ieri). Ho fatto nuove scansioni, non avendo più trovato tracce di virtumonde ho usato la guida alla disinfezione più "generica"... Non ho individuato il problema, e anche se sapessi cosa crcare, non riesco a usare il “cerca” (si blocca il browser). Continuo in questo post a dire cosa sto facendo e trovando, perchè non so dove altro postare (e se sbaglio correggetemi e sposto, ma sto brancolando nel buio e non ho ancora una serie “completa” di log ordinatamente postabili perchè alcune scansioni si sono interrotte)

Ad ogni modo, l'esito finale è stato che il pc era pulito (anche da virtumonde), ma dei files infetti trovati non so, forse qualcuno resiste alla pulizia, dato che i passi della guida li ho fatti non una ma due volte perchè i problemi dopo 20' dal riavvio successivo si son ripresentati (Dopo un'ora la connessione risulta attiva, ma che di fatto non lo è: i browser non caricano le pagine, i client di messaggistica istantanea non si connettono... E per rivederli funzionare devo riavviare; dietro firewall certe pagine conjava non mi vengono caricate e si pianta Firefox).
Dopo entrambe le serie di scansioni il pc risultava pulito, ma durante entrambe le scansioni sono stati rilevati alcuni elementi definiti a rischio alto e medio.

Nella prima scansione ho avuto problemi con gmer (forse non ho fatto la scansione come andava fatta o ho cambiato qualche impostazione, dato che alla fine non ho trovato come salvare il log)

Nella seconda ho avuto problemi con doctor web: arrivato a circa l'80% si è interrotto, così ho selezionato manualmente il restante 20%, ma si èinterrotto di nuovo. Come report ho solo l'ultimo (metto la sintesi: non posso uploadare files e il txt è una lunghissima serie di ok...)
Codice:
-----------------------------------------------------------------------------
Statistiche delle Scansioni
-----------------------------------------------------------------------------
Oggetti controllati: 144814
Trovati oggetti Infetti: 0
Trovato Oggetti modificati: 0
Trovato oggetti Sospetti: 1
Trovato Adware: 0
Trovato Dialer: 0
Trovato Joke: 0
Trovato Riskware: 0
Trovato Hacktool: 0
Oggetti curati: 0
Oggetti cancellati: 0
Oggetti rinominati: 0
Oggetti spostati: 0
Oggetti ignorati: 0
Velocità di scansione: 185 Kb/s
Durata scansione: 01:28:55
-----------------------------------------------------------------------------
Il file sospetto:
Codice:
C:\System Volume Information\_restore{10521D4F-3A06-406D-AA41-2924811E337A}\RP38\A0004584.bat probabile infezione da BATCH.Virus
E nella finestra del programma c'era accanto la scritta:
Codice:
Azione: "percorso non valido per il file"
Codice:
A0008440.exe
ComboFix.exe
descript.ion
VirtumundoBeGone.exe

Codice:
C:\System Volume Information\_restore{10521D4F-3A06-406D-AA41-2924811E337A}\RP38\A0004584.bat probabile infezione da BATCH.Virus

HJT (subito dopo la pulizia di virtumonde)
Codice:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
C:\Programmi\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Programmi\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\Me\Desktop\procexp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Me\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1235497799500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1235497747468
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF95B55F-7C13-482F-A88B-CDC7A7DDFCAB}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Programmi\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Programmi\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7705 bytes

Ultima modifica di Darshee : 13-03-2009 alle 18:55.
Darshee è offline   Rispondi citando il messaggio o parte di esso
Old 13-03-2009, 18:51   #15
Darshee
Junior Member
 
Iscritto dal: Mar 2009
Messaggi: 11
1

Prevxcsi (ieri, dopo una precedente serie di scansioni che non avevano rilevato traccia di virtumonde)
Codice:
Prevx Scan Log - Version v3.0.1.17
Log Generated: 12/3/2009 22:48, Type: 0,0
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1040
Some non-malicious files are not included in this log.

Last Scan: Thu 2009-03-12 22:41:57 ora solare Europa occidentale. Number of Scans: 1. Last Scan Duration: 6 minutes 50 seconds.
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\shellext.dll	[PX5: 9F87E5D200E4041195EA020384BB840020028FB0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\introspection.uno.dll	[PX5: 76EC33D800788EE682D201D7BEC77600341A17C8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\hyphenmi.dll	[PX5: 575EDE2C00FFCD57002C016DCDFE9000A55BD7C9]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\i18npool.uno.dll	[PX5: 59BB112D003D512B2C1B12E276A804005D2FCF1A]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll	[PX5: A6723A9CF835FD7B772702DDCD2F5C002F24318F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libxmlsec.dll	[PX5: B69FD3D200664A0B8CC704D83CB2BA003A1096D0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\icuin36.dll	[PX5: 3170EA3700E796BB84A90C88BF689C00A8C837CF]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ldapbe2.uno.dll	[PX5: E57DEE8900CB6A01489501EF0BE38600E4EC950D]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\lngmi.dll	[PX5: F531DD3500B2A1CF42210DE372448B00FA0D4171]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\lnthmi.dll	[PX5: EBDEE7B3002463A9F0AE00AFCE798E007E6A8365]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\localedata_en.dll	[PX5: 950C6F2D00903D7398EB01A462D59A002B12D4EA]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\localedata_euro.dll	[PX5: ABE0D5BA003480CFBA7709D1B2DF0700E4F44CE2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\saxmi.dll	[PX5: 35DA1FE600505A9668DD00C9EEA6E300FC299B69]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sbmi.dll	[PX5: 4158D947006A7F4D1007148988684C007700B22A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\spellmi.dll	[PX5: 8F81AE5400D1DABA2AED0209C57B2F00237378F5]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\splmi.dll	[PX5: D504420D009B809A42F602925D08CE00784B3229]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\srtrs1.dll	[PX5: B1D6891E00BF90EB6A2A010D594D5B00446580DD]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svtmisc.uno.dll	[PX5: 6B9B2A3D007B94E454CB01FA3DFC74001B0D1D36]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svxmi.dll	[PX5: FB3B4247000B4BA542518BB190BBD6001CD84A1E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\swdmi.dll	[PX5: 596AA83F006AEBE8D4020049C5BD930080076F29]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\swmi.dll	[PX5: A563D3D400B7113F0A04773579EFB10065DAF4E6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\mcnttype.dll	[PX5: 8D7890F00052D7B4849600AA524F0400731A9868]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sysdtrans.dll	[PX5: 5CEEF6C10034A830A2E601C2A529A400609274E6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xstor.dll	[PX5: DD76CAF2003D3795A8CD0320482F660080C55CDD]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\oleautobridge.uno.dll	[PX5: 522CC60300EF745B489A040F8CFB94006E904EE2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucpchelp1.dll	[PX5: AA96641D0012D4587A8003CD04EDC5004CF08EEE]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\unoxmlmi.dll	[PX5: 0F066CBF00BD23BF3AA6043B5C5BD60004293110]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\updatefeed.uno.dll	[PX5: 2EA03D35000590AB303601DFB2E386007DDECEF2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\updchk.uno.dll	[PX5: 4E4A865400A567F78EC0022E1AE75100189B0AD0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xmlsecurity.dll	[PX5: E7D31C6D0095064F169703FC4F42B900FE0172B2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xomi.dll	[PX5: B0DC30BE0059BF5394462B09B8CEA8006B7737A5]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\jvmaccess3msc.dll	[PX5: 9C644B4600BD29A2648600AF2950EB00B47C30DE]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\reflection.uno.dll	[PX5: 99F3166700028FB7864101BE3F214E009A37078B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\emsermi.dll	[PX5: 4D33662F00EFBC5846B4020E1CD80D00A93C506F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\avmediami.dll	[PX5: CE84089A00B1810210F40332A2F2B600180D0529]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\behelper.uno.dll	[PX5: A0208416000499987A3200D374AE9C00EEFC040F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fsstorage.uno.dll	[PX5: 86F9699000628A9E70CB017172E7F500081D99B9]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ftransl.dll	[PX5: E24C3EF90091C9D1C62400A7FE29250012275F51]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwkmi.dll	[PX5: FA470FEC009DF493F0A01BDB933D2E00F256DD62]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwlmi.dll	[PX5: 0AF88B0400E88559A050010ACE8A91008F5BD8CB]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\gomi.dll	[PX5: FD2B10FA004492EACACB05384A37F8004932166A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\dnd.dll	[PX5: 0998972B00180D0CC27A01240D39D7000D6968A8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fileacc.dll	[PX5: 8401D47900ED3BE7CC6300EB6D2EFC00A62DF551]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libcurl.dll	[PX5: A7EFF4E700DF8997D647014B1FB58500FD088D73]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\nsldap32v50.dll	[PX5: 741D495100306B222031020213C450004530A26E]
[u] (ACTIVE) c:\documents and settings\me\desktop\infezioni\disinfezione generale e mantenimento\disinfezione\sysinspector.exe	[PX5: 54E40A55007BC784F5C83AE168ADA800008BB14C]
[u] (ACTIVE) c:\programmi\malwarebytes' anti-malware\mbamext.dll	[PX5: 2636393D903EDB421E1701B5D563E600F46C31CB]
[u] (ACTIVE) c:\programmi\winrar\rarext.dll	[PX5: 8EE15AF400B495D8E8850170EE425700E609FDA5]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\jmi_g.dll	[PX5: 53EC08CD00768C08807600ABE84B5300492543E6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libtextcat.dll	[PX5: A670676D00409FA73A7F00F4CE6C5E00B924F918]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\localebe1.uno.dll	[PX5: 9F3A02C7005D2D3D76B8007FCA6E9E000E9A8B37]
[u] (ACTIVE) c:\windows\system32\schannel.dll	[PX5: F4C0CC2500944D8936B3021322767A001C7539B3]
[u] (ACTIVE) c:\windows\system32\hidphone.tsp	[PX5: 821EA24B00C1441976DD00A764C7AC00A85C281E]
[u] (ACTIVE) c:\windows\system32\ntlsapi.dll	[PX5: F1D0A44F006C52E520B8003B3C2E0700A5D093EA]
[u] (ACTIVE) c:\windows\system32\shdoclc.dll	[PX5: C5AE1F2F0024C961A44F0877DE811700A23B28BB]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\uuimi.dll	[PX5: B1F5447C001464E3A61402A4BE90F300F0D55C97]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\filterconfig1.dll	[PX5: 0A1476BD00D6D292DC8F0225A0BFF4005D3CCD4F]
[u] (ACTIVE) c:\windows\system32\l3codeca.acm	[PX5: BD6FA9CA00B4F05D702C042DD7B42E0055A9F388]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\uwinapi.dll	[PX5: C672923000B274005011019F449F4000D6CC0314]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sofficeapp.dll	[PX5: 54D6514A003AE4500CB005B7A4D66800D1E29739]
[u] (ACTIVE) c:\windows\system32\drprov.dll	[PX5: 89B05BA400A6D21F388300BA87CCCF0071EEB8F6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\sal3.dll	[PX5: 57117890000E14B16EBC1AE22338C500651D06CE]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\comphelp4msc.dll	[PX5: 82A62AB6009A84AE46B60ED85C9F89005D7B04B0]
[u] (ACTIVE) c:\windows\system32\ntlanman.dll	[PX5: 9CC253FC00583DE9ACBC00C4FECB77008FDDE406]
[u] (ACTIVE) c:\windows\system32\netui0.dll	[PX5: 4555176600BF8DF6409F01E0599C810088147455]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\cppuhelper3msc.dll	[PX5: 3C881CD400D57739948C06C6C0C80C009C0B3D36]
[u] (ACTIVE) c:\windows\system32\netui1.dll	[PX5: 6BB9930500D0F90EC0BA038251212B00372F3347]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\salhelper3msc.dll	[PX5: 6E16F39500AD28963661003B3C2E0700B580D64E]
[u] (ACTIVE) c:\windows\system32\davclnt.dll	[PX5: A962084F0067018764C0006CE62BFE002167E5D3]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\cppu3.dll	[PX5: B58F2902003922963018026B34870900B81276B2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\stlport_vc7145.dll	[PX5: 497C2DCF0081828E1ABD099E8EA2FA00251D49C2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucbhelper4msc.dll	[PX5: 4C35538800724CFA728605C631527D003A51F094]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\vos3msc.dll	[PX5: 5872882000892EA7706E014CDBC773005FDB9965]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\i18nisolang1msc.dll	[PX5: 435759D200B6EE7E60D90027FAAAF200FE82A7B0]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwemi.dll	[PX5: 569851230038D4B3E0540C7C0C3E690010312B04]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\fwimi.dll	[PX5: 3ABD5EDE00F8634390140476952795005DB10D90]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\utlmi.dll	[PX5: 036D666A00A17152184D0750AF3D11003F4FED4E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\soffice.bin	[PX5: A48ADB810093907232C6713C106B4D00750362DC]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sfxmi.dll	[PX5: 5721773300000C0B3A032E7C604EE700368A55F8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\tlmi.dll	[PX5: 5AFB018300D812B8C8CA07123FDFDF0059805C82]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\basegfxmi.dll	[PX5: DF5C910900A43EC6661B067620BC1900BFA69BF3]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sotmi.dll	[PX5: 9BFBC03E007A8595EC6E03A7ED0EA8005108FF91]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\icuuc36.dll	[PX5: 028C98D800FB772F7EFF0DA4EC2EC800B89E32EF]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\vclmi.dll	[PX5: 370C6C78009715578EAF2EE6B237DE009862B36B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svlmi.dll	[PX5: AC205DDB000F90AC40A60B02EBE26C000C80C981]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\icudt36l.dll	[PX5: D6A19AB6008E0F44F26B9A0B1EBC190052533B2E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\svtmi.dll	[PX5: 6C6341580060E80C10D52BD10F533E00D090E9AB]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\i18nutilmsc.dll	[PX5: 4AF5959F005819120617013418C5EC00C4F21F95]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\jvmfwk3.dll	[PX5: FB4FCDE300A2167C5CB401A4EDAE2100B32C29A2]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\tkmi.dll	[PX5: 2DD3FBB50042FCEFD09D16AA000CF900A51E4718]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\libxml2.dll	[PX5: 5E2115040088CD21CCB10E058E241E002E57A99B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\deploymentmiscmi.dll	[PX5: CE8286D600AA49AA82660175F5FA5B0091773A83]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libdb42.dll	[PX5: 4B53529D00AFE042429E08D58755CD0070A62A0F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\xcrmi.dll	[PX5: B0035750004A8BA30CDE088C62B8A7005EAC32E8]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\bootstrap.uno.dll	[PX5: B1EDBF4E00C3616AF40706DE3E9D5400B6129C55]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\reg3.dll	[PX5: 83EC2AC700021A018EAA01BD8CED6D00A8764B7D]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\store3.dll	[PX5: F4AB577B00BE8F47329A010CA21B74007C9D07B4]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\msci_uno.dll	[PX5: 2D852A9500F6E317CC2F003DD5677600DD72E42C]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\unsafe_uno_uno.dll	[PX5: 7970D7520079768832DE003B3C2E07002D893C4B]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\purpenvhelper3msc.dll	[PX5: 18D43B560037CDC648F700D4E67B0A006FB7D6F7]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucb1.dll	[PX5: D4D750150035AD2904180370D608E8003EDA1631]
[u] (ACTIVE) c:\programmi\openoffice.org 3\ure\bin\stocservices.uno.dll	[PX5: 0D07CACE0031B9246AAE01B4997246007274DF56]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sysmgr1.uno.dll	[PX5: 3C1CCF950043B4B79454001969F815003A9E363A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\sax.uno.dll	[PX5: 2BEA88CA00A4ED801866028251A09000D584F209]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\configmgr2.uno.dll	[PX5: 5B9AC9D900914B3598DA16D9787973002AE222B6]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\deploymentmi.uno.dll	[PX5: 43066BD500AC5B2B5AFC06B62FF9D3004238B3FD]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\helplinkermi.dll	[PX5: 6D6C381300CBD3DE06A0024A2603B8007B86613F]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\libxslt.dll	[PX5: 0DD732C4005A185A865C02A7C6026A00778187FC]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucpfile1.dll	[PX5: 300873610026CCCCBECE0330B8C1550061B24CD1]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\package2.dll	[PX5: 99A6774400C3DC19CA54037255A59A0082CDDA24]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll	[PX5: 4CBC19FB0092A5A476A30522BAD957002B8B558A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\shlxthdl\stlport_vc7145.dll	[PX5: 497C2DCF0081828E1ABD099E8EA2FA00251D49C2]
[u] (ACTIVE) c:\windows\system32\wmpshell.dll	[PX5: A257F2F40064E0C786EE01FC6369D9002CF4EA3F]
[u] (ACTIVE) c:\programmi\file comuni\adobe\acrobat\activex\pdfshell.dll	[PX5: 170D444058498696C50E05D5753D2A008C5B595D]
[UP] (ACTIVE) c:\documents and settings\me\desktop\infezioni\disinfezione generale e mantenimento\disinfezione\gmer.exe	[PX5: BFABD0E100210E775A550404EE3BDC00CB5080AA]
[u] (ACTIVE) c:\windows\system32\wzcdlg.dll	[PX5: 64EACF0000F75E1CDCD305D38DB1C500FC7B10D7]
[u] (ACTIVE) c:\windows\system32\browselc.dll	[PX5: FC0AA3D9000AF28B0C07019A1B617D0085F90223]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\guesslangmi.dll	[PX5: 4B5F5F310016AE8790FA00610EAF7F008FEAB2BA]
[u] (ACTIVE) c:\windows\system32\msdmo.dll	[PX5: 1055714100D3A76538FB00E1526F6E00F6B80AB4]
[u] (ACTIVE) c:\windows\system32\dxmasf.dll	[PX5: 711CC07736D3ADB99E3C079FBEFB4100C205D113]
[u] (ACTIVE) c:\windows\system32\drmclien.dll	[PX5: 9B8BAE0D00F2C409923904C4AAB47E00D2FED44E]
[u] (ACTIVE) c:\programmi\lavasoft\ad-aware\shellext.dll	[PX5: A6B44FE96095AA8941FC016F791007009FB6EDE1]
[u] (ACTIVE) c:\programmi\openoffice.org 3\basis\program\ucpexpand1.uno.dll	[PX5: 2DC0A257001A4C0A60AF00739373410001B7DC18]
[u] (ACTIVE) c:\windows\system32\csrsrv.dll	[PX5: 0E9D22D000D50DA27ED10041A4CA360072502193]
[u] (ACTIVE) c:\windows\system32\basesrv.dll	[PX5: DCDCEC17002BFF57CEE000864E966200A98AE204]
[u] (ACTIVE) c:\windows\system32\winsrv.dll	[PX5: BC9D81C9004F7D727C180406A252F7004E16F2BF]
[u] (ACTIVE) c:\windows\system32\authz.dll	[PX5: 643161B900676DC7F465009F20FAD4003F802E04]
[u] (ACTIVE) c:\windows\system32\nddeapi.dll	[PX5: E3CC6FCF000B040D48CD0002111984006B169FA5]
[u] (ACTIVE) c:\windows\system32\profmap.dll	[PX5: 0F402C6F00D880896C3600CA3A46D50037176D54]
[u] (ACTIVE) c:\windows\system32\regapi.dll	[PX5: 6B204D3500E5B3DBC2230058FCF24300FAEFC21A]
[u] (ACTIVE) c:\windows\system32\sfc.dll	[PX5: 9B3DB624004DA8C7149A004526F09B00E5C80068]
[u] (ACTIVE) c:\windows\system32\sfc_os.dll	[PX5: 5B46691300DAE27326CC02CA0CDC6C008E400438]
[u] (ACTIVE) c:\windows\system32\lsasrv.dll	[PX5: 49DDAA230034694C32000B27B76F150015D1141E]
[u] (ACTIVE) c:\windows\system32\ncobjapi.dll	[PX5: 1C74616800B64F358E8100815E99CC0098673985]
[u] (ACTIVE) c:\windows\system32\ntdsapi.dll	[PX5: 69419B890000E2FA06B101585F18620000097791]
[u] (ACTIVE) c:\windows\system32\scesrv.dll	[PX5: 767E00540005E759005F055D41E6A70089C6748E]
[u] (ACTIVE) c:\windows\system32\umpnpmgr.dll	[PX5: 2B3CB7DA00CD9457E83C01BA0719BB00F5193AD9]
[u] (ACTIVE) c:\windows\system32\samsrv.dll	[PX5: CC0CD197007F92B78E5606A339F1E200AD2F5EDA]
[u] (ACTIVE) c:\windows\system32\cryptdll.dll	[PX5: 6568164A00471B5082A80086BAA40B0093D07D2E]
[u] (ACTIVE) c:\windows\apppatch\acadproc.dll	[PX5: C8E9D54D00745F789AE800142F4B3D00FFC4FAE0]
[u] (ACTIVE) c:\windows\system32\msprivs.dll	[PX5: 10CAD90A00073085BC3600D4B298BF0006BB0264]
[u] (ACTIVE) c:\windows\system32\kerberos.dll	[PX5: 5970FBC700BE1D0D9228045EA02DB500B2998B02]
[u] (ACTIVE) c:\windows\system32\netlogon.dll	[PX5: F9A106A6001D9AF036A706354A2C1D00D42CE57B]
[u] (ACTIVE) c:\windows\system32\wdigest.dll	[PX5: 4387A20000361F60C00C00B7E4253900EB383ED7]
[u] (ACTIVE) c:\windows\system32\winscard.dll	[PX5: FC942A4B0038778B846A011ECBF6F300077F2035]
[u] (ACTIVE) c:\windows\system32\eventlog.dll	[PX5: 1729B0A200BA2375DC74007BBE4EA800967FCDB1]
[u] (ACTIVE) c:\windows\system32\duser.dll	[PX5: 23B132AD000B879AA41304E37D44DE00667DDED0]
[u] (ACTIVE) c:\windows\system32\wmi.dll	[PX5: EEC3E00D0018DA22163F00F942A73D00521421C1]
[u] (ACTIVE) c:\windows\system32\eapolqec.dll	[PX5: 3755D5060093573C7A6A006CBB8D7000AC208F93]
[u] (ACTIVE) c:\windows\system32\qutil.dll	[PX5: C7A9796F00CCD9F42C88016B387700003BA60A5B]
[u] (ACTIVE) c:\windows\system32\dot3api.dll	[PX5: 0F30A0DC003719F366F4000A5C661A0033093F8D]
[u] (ACTIVE) c:\windows\system32\mprapi.dll	[PX5: AD7830DD00DC05C1548501D46231C100DDB1AFA7]
[u] (ACTIVE) c:\windows\system32\activeds.dll	[PX5: 0D73259D00DC016AF47A02BD2C239E00191AFCE5]
[u] (ACTIVE) c:\windows\system32\adsldpc.dll	[PX5: 2A7F0E040008FCEE30D50231EE1630004262704F]
[u] (ACTIVE) c:\windows\system32\credui.dll	[PX5: 57E295F90039577A82D4026AB3E3C800532521FD]
[u] (ACTIVE) c:\windows\system32\dot3dlg.dll	[PX5: C5D6F04C000F161A24E700DE440E5B004E209E31]
[u] (ACTIVE) c:\windows\system32\onex.dll	[PX5: 2BE54E070054CAD936C10254CDA5B000F874B012]
[u] (ACTIVE) c:\windows\system32\eappcfg.dll	[PX5: D04B08F0005150ACF07A01DA3DDA0500AD0BA71D]
[u] (ACTIVE) c:\windows\system32\netshell.dll	[PX5: 5920261800C75B3A26991AA49781ED00FD71087F]
[u] (ACTIVE) c:\windows\system32\eappprxy.dll	[PX5: 5091209C00B60D41A063005B1D6C48009F0953D6]
[u] (ACTIVE) c:\windows\system32\wzcsapi.dll	[PX5: 626ACAA5007EAF39CEFC00F785D62400BD9EE315]
[u] (ACTIVE) c:\windows\system32\msidle.dll	[PX5: F5E2BB25004ED55B1AA200D8C3344B00DD6DA31D]
[u] (ACTIVE) c:\windows\system32\wbem\wbemprox.dll	[PX5: DDD411AE00AE907F4A450018BBC4C70070D63DA1]
[u] (ACTIVE) c:\windows\system32\wbem\wbemcomn.dll	[PX5: 90BB2A00003E7DAB464A03A1AA30CA00B7BE2BAA]
[u] (ACTIVE) c:\windows\system32\certcli.dll	[PX5: 0ABE262A00259892009B031021A16100C0D18937]
[u] (ACTIVE) c:\windows\system32\actxprxy.dll	[PX5: 31AF9F5E0039EE54803601F681F7E700D2F2DBEF]
[u] (ACTIVE) c:\windows\system32\msutb.dll	[PX5: 8F03A42C007E95A5FCD702BAD6A1F500B46493BF]
[u] (ACTIVE) c:\windows\system32\linkinfo.dll	[PX5: 6FEAFA9C005DD1A14E4500A7AB34AE00D05E37AC]
[u] (ACTIVE) c:\windows\system32\pdh.dll	[PX5: A94958AE0025C9435EE704D9DE505F00D1923E2F]
[u] (ACTIVE) c:\windows\system32\odbcbcp.dll	[PX5: 892A6EFF006840EC609200BEE506EA00C95CE674]
[u] (ACTIVE) c:\windows\system32\ipsecsvc.dll	[PX5: 3232DDAC006BAB6FD23F0261AFA98D00202300FF]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\msvcp71.dll	[PX5: F133D4F000B92F08A0E107FD67B66E0015498C05]
[u] (ACTIVE) c:\windows\system32\oakley.dll	[PX5: 4C81D371004972C4248C04767CAA8500205A4216]
[u] (ACTIVE) c:\windows\system32\msxml3.dll	[PX5: DE8EF42C000D874CE47C10B82C506B00CECFF0D2]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\msvcr71.dll	[PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7]
[u] (ACTIVE) c:\windows\system32\winipsec.dll	[PX5: CFB55AEA008182E47EAA00A44BC788000E40678C]
[u] (ACTIVE) c:\windows\system32\pstorsvc.dll	[PX5: 22C386090028D02F860B006EFCACC1009F19E17C]
[u] (ACTIVE) c:\windows\system32\psbase.dll	[PX5: E172641E00AE2F5580B301D5E9B97900DDED954D]
[u] (ACTIVE) c:\windows\system32\dssenh.dll	[PX5: 852136D500ADC2641E2C02C25D98CE00E20035FE]
[u] (ACTIVE) c:\windows\system32\mfc42u.dll	[PX5: 74A4697B00B6ECC7FB5E0E2428CECF00BE23B318]
[u] (ACTIVE) c:\windows\system32\msdtcprx.dll	[PX5: EF744FF0005F998A840806CCA27CB700887DFAAD]
[u] (ACTIVE) c:\windows\system32\mtxclu.dll	[PX5: A9EB14E800E4F1DB049F0148F759CE006B69348E]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\kticonv.dll	[PX5: 16784D41003119EC90C00DB5131863001563EAD6]
[u] (ACTIVE) c:\windows\system32\upnp.dll	[PX5: E144CA6900A38FFD0AC00202E8E8690034DAB1D4]
[u] (ACTIVE) c:\windows\system32\ssdpapi.dll	[PX5: BC5D352100D64581882B006103745600376CC802]
[u] (ACTIVE) c:\windows\system32\mfc42loc.dll	[PX5: 50EC1EAC0042F609E0B8000596D265006CAB3F5E]
[u] (ACTIVE) c:\windows\system32\clusapi.dll	[PX5: EFDC38D70034534BE4A9009BD1249B003AFDD116]
[u] (ACTIVE) c:\windows\system32\resutils.dll	[PX5: A0D62CBC0056FF5CE622001F93C5B40099E19AB9]
[u] (ACTIVE) c:\windows\system32\webcheck.dll	[PX5: 2B157D1E00AFC4C590FE0345C862BF00C3C9AEE2]
[u] (ACTIVE) c:\windows\system32\wpdshserviceobj.dll	[PX5: 7176B495005E12B50A520234E7E1AF00FB8DD268]
[u] (ACTIVE) c:\windows\system32\stobject.dll	[PX5: 45963CB7003D6544DE84014DA54C1A002C52614B]
[u] (ACTIVE) c:\windows\system32\batmeter.dll	[PX5: 945E3F540037700272AC00CA94CB2900B0DF9171]
[u] (ACTIVE) c:\windows\system32\msi.dll	[PX5: 5E723F4A008F80A262032B270B9C1B00BA5944F5]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll	[PX5: 4A2EABCA00EEEF38AEDF10453CA10400EACE2231]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\pocofoundation.dll	[PX5: 4DA8B894004EDB5D1EDD0D83BCA3C600ACFE9076]
[u] (ACTIVE) c:\windows\system32\portabledevicetypes.dll	[PX5: 79585FF4007031758CF802904E46EE00DF2F75D4]
[u] (ACTIVE) c:\windows\system32\portabledeviceapi.dll	[PX5: 413BE4C6002C530256CD0467F46CFA0079ACDAE6]
[u] (ACTIVE) c:\windows\system32\traffic.dll	[PX5: AE0C2A5200F668ED7A56003B43DDFF0009AD94AC]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ita.dll	[PX5: C74297D100D4EC3FF0EE006709492A00060E5B2C]
[u] (ACTIVE) c:\windows\system32\netcfgx.dll	[PX5: E18F844600CD212F9E8109C147D51400258E0E9A]
[u] (ACTIVE) c:\windows\system32\spoolss.dll	[PX5: 7D74C5B80083DB872630017C46871B0088FF7ECE]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\pocoxml.dll	[PX5: 3AF2556200640D642C740791F12695000338CC3D]
[u] (ACTIVE) c:\windows\system32\localspl.dll	[PX5: F7F37B6000116B4D443505C2D00055002F4AD286]
[u] (ACTIVE) c:\windows\system32\adobepdf.dll	[PX5: 9246BB0F50E2DC5CB18B006DA2326800F203DF0A]
[u] (ACTIVE) c:\windows\system32\cnbjmon.dll	[PX5: AC0A61BF00C13C76C238009F710B75006122DBA9]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\pocoext.dll	[PX5: F96D5BEE00DD3F464828003EB2853700A2DEB18A]
[u] (ACTIVE) c:\windows\system32\pjlmon.dll	[PX5: B89593A60027901C3C3900D39AA4C900E74DCF08]
[u] (ACTIVE) c:\windows\system32\oledlg.dll	[PX5: E390E71B00606745E85301646E826B001CB6AD89]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\libeay32.dll	[PX5: 5BD1F9CE003F6342A0290C1C3DA9080007283986]
[u] (ACTIVE) c:\windows\system32\tcpmon.dll	[PX5: E45C6E2F002C2E3FB4D700587ACBD300A8381876]
[u] (ACTIVE) c:\windows\system32\usbmon.dll	[PX5: 971C113D0090645242A2001FC9FD440095F73A2D]
[u] (ACTIVE) c:\windows\system32\win32spl.dll	[PX5: 126D0FEE00ED582D92B5016F932ACB00A56B9613]
[u] (ACTIVE) c:\windows\system32\netrap.dll	[PX5: F8F41D8C002000852E2C00B32DAB9200950EF9F1]
[u] (ACTIVE) c:\windows\system32\inetpp.dll	[PX5: 0759BCEE009D287026D101E2A2A51D0088E9C74E]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnscan.dll	[PX5: 9E7FC1D300CC60C065F3022A9DF754006D1E3742]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnamon.dll	[PX5: C1105A37002DB828156D02AFD406FD0087730E1E]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\ssleay32.dll	[PX5: 20478D2E00C7AFE26003027A207C8C00F74C05D5]
[u] (ACTIVE) c:\windows\system32\utildll.dll	[PX5: 1D523D80001DF1C066F30000C6A46100D1C3CF87]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnemon.dll	[PX5: FD35D4BA00431F36958301CA96F7F60072677EC2]
[u] (ACTIVE) c:\programmi\sagem\sagem f@st 800-840\languages\italian.dll	[PX5: 88CC2F9E009D188F70180160F90DE100838596A5]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\curllib.dll	[PX5: C98F4C5C00092FC8709904C7BA1354008A1CA3BB]
[u] (ACTIVE) c:\windows\system32\loadperf.dll	[PX5: 27E71D310093970786FD012901E883008E89B8C2]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnepfw.dll	[PX5: CE6BEB2400D84DB1F5F80389B4B70300CC17D27D]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbpfwsc.dll	[PX5: D623B96A28A4150C354E01CD9CC1C800FE4F50BD]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\dbghelp\dbghelp.dll	[PX5: D6A2407A00594DF7AC000BB32142390035C06BE4]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnupdate.dll	[PX5: BD4DB856008DF716257902654AA444006D8541BE]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\updater.dll	[PX5: A346AED90094F4C4A5E702B364AFCD008BD0E92E]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbfwe.dll	[PX5: 9127FBC828F93004355404BA3F9B3E0074E8CA65]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\ekrnmailplugins.dll	[PX5: 56D491B9001390889570016B08871900138DBF1B]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbfw.dll	[PX5: 041EEDD6281D101575E201ADF0D61100AF0F0A49]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\sbfwim.dll	[PX5: 44B8746228324B2C655901C519F9E700A7A8A88B]
[u] (ACTIVE) c:\windows\system32\vssapi.dll	[PX5: 5ECFC33700FBE356924C064F9AECB100B7719F72]
[u] (ACTIVE) c:\windows\system32\colbact.dll	[PX5: 1896B8D8005F3CB2EC9C00A6EB4925007251BD5E]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\swriter.exe	[PX5: EDCBF0EF00684533A4A20417F52FEB001F78DD6D]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiscan.dll	[PX5: 26C8D723003B7544353C04B8D430A300DB847BDB]
[u] (ACTIVE) c:\windows\system32\comsvcs.dll	[PX5: 44834FC100A7749556F3131B0E1A1200CCE0005B]
[u] (ACTIVE) c:\windows\system32\wbem\wbemcore.dll	[PX5: A85F293B0031F3451CD3084F3A0E430098DF8AE6]
[u] (ACTIVE) c:\windows\system32\wbem\esscli.dll	[PX5: 78BF373B00E95E55C86603126A367700F7A43F1E]
[u] (ACTIVE) c:\windows\system32\wbem\fastprox.dll	[PX5: 27574A9B007FF819346107870FA1D000330365BA]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiamon.dll	[PX5: 8BE477190060F1F495D1018BCF85AA000244EB56]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiemon.dll	[PX5: 8AE655590095324BA58C016BC06D0900FE094796]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiepfw.dll	[PX5: 8954288A00C9AC64C5F70BD373C683001038CCF4]
[u] (ACTIVE) c:\windows\system32\wbem\wbemsvc.dll	[PX5: 64FE7A4100757EBFAAF7001203AB0C00753610BF]
[u] (ACTIVE) c:\windows\system32\wbem\wmiutils.dll	[PX5: AC3DED5D001A43638077015F4C53C000FE3A7268]
[u] (ACTIVE) c:\windows\system32\wbem\repdrvfs.dll	[PX5: 969DCDCE005E2F4CB8F20269B73C8700168EFBCB]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguiupdate.dll	[PX5: 155749AC00583AD375900315150A6A0019536475]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eguimailplugins.dll	[PX5: CB85FB3400D36B6865D301155D8421000C7F38BA]
[u] (ACTIVE) c:\windows\system32\jscript.dll	[PX5: 8AAF6CF50023B1A5D02607A91E63D000D10A3E80]
[u] (ACTIVE) c:\windows\system32\icaapi.dll	[PX5: 854A7140005CCAE92CC1008DAB5E1600967BAC21]
[u] (ACTIVE) c:\windows\system32\wbem\wmiprvsd.dll	[PX5: 37FA0B510035E61AACFC065320E6BD0019FB2BC3]
[u] (ACTIVE) c:\windows\system32\mstlsapi.dll	[PX5: 1FDF2ECE00566674C665015D4343B7009F67587E]
[u] (ACTIVE) c:\windows\system32\wbem\wbemess.dll	[PX5: A3B80C19002C4D2E2E690435AA58330058594C4B]
[u] (ACTIVE) c:\windows\system32\rastapi.dll	[PX5: 70213FCA0083DE05E42C009838627A009B490E72]
[u] (ACTIVE) c:\windows\system32\unimdm.tsp	[PX5: 3D45BFD900DD810D2CC90361DB79240028C9D137]
[u] (ACTIVE) c:\windows\system32\uniplat.dll	[PX5: C7F0DE5B009D7920361E002562779F0019669DF2]
[u] (ACTIVE) c:\windows\system32\kmddsp.tsp	[PX5: 900DB96500872B808232000FD8D3F7002B6FE098]
[u] (ACTIVE) c:\windows\system32\ndptsp.tsp	[PX5: 4CE09DFA0020D959E0C100B477E2F100FDAA7D32]
[u] (ACTIVE) c:\windows\system32\mfc71ita.dll	[PX5: 8C47BF9900C00236F0DE00B45623C60074094F00]
[u] (ACTIVE) c:\windows\system32\ipconf.tsp	[PX5: F8CEBAB4006414FA44B900F4A8ED7F008403CD71]
[u] (ACTIVE) c:\windows\system32\h323.tsp	[PX5: 6DCC5526007AD89E107A04A1457FDC003EA789AE]
[u] (ACTIVE) c:\windows\system32\hid.dll	[PX5: 7AB544F700315C2F526300FEBB2684000672D1F7]
[u] (ACTIVE) c:\programmi\sunbelt software\personal firewall\mfc71.dll	[PX5: 6CC9C2640078308D309410C7EE8D9E0004FCAA75]
[u] (ACTIVE) c:\windows\system32\wbem\ncprov.dll	[PX5: 5ED0A826001AC1BDB84000B6919D3F00E9097AD4]
[u] (ACTIVE) c:\windows\system32\rasqec.dll	[PX5: 3E2E3EFB007BFCF7F2FB003152A63F0019A4AC2F]
[u] (ACTIVE) c:\windows\system32\rasdlg.dll	[PX5: B19514EC00F1CC1C4E610A2C5D96C900DB9EEE5A]
[u] (ACTIVE) c:\programmi\openoffice.org 3\program\soffice.exe	[PX5: 946C12B4006701B648B8711E165EC000F6F003B4]
[u] (ACTIVE) c:\windows\system32\sti.dll	[PX5: 4B255A1C0056575F0EDD01BE167FE4003DA9F5FF]
[u] (ACTIVE) c:\windows\system32\cfgmgr32.dll	[PX5: 0F8DCBAF001D4D84423D0050939AA30034E94947]
[u] (ACTIVE) c:\windows\system32\mscms.dll	[PX5: 35E0CEA200497CAF221B011739894D00B44B29E2]
[u] (ACTIVE) c:\windows\system32\zipfldr.dll	[PX5: BF489D8F00DC10342E3B05F277D48C00FAD65B01]
[u] (ACTIVE) c:\windows\system32\ntdll.dll	[PX5: 490F683C006E3FB11AE50B0B9F728800FC1975C1]
[u] (ACTIVE) c:\windows\system32\kernel32.dll	[PX5: 74382DCB004F949AC6A00F0AF3F4F1002EB295A9]
[u] (ACTIVE) c:\windows\system32\rpcrt4.dll	[PX5: 11F723A000F4669BECB4084950903A0057AD45EE]
[u] (ACTIVE) c:\windows\system32\secur32.dll	[PX5: 5D63756C00A9AA1ADC79006544A9AE00619CEEF7]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll	[PX5: D7B3752300A22AAC168F10E8A4E5E500A9029F11]
[u] (ACTIVE) c:\windows\system32\msvcrt.dll	[PX5: 6786FBCD00A604243CC605978A362F0047479516]
[u] (ACTIVE) c:\windows\system32\gdi32.dll	[PX5: 5040FD9D00CC2C26602C04ED747E7A00DE1BA07A]
[u] (ACTIVE) c:\windows\system32\user32.dll	[PX5: 8D2FE23500FE1927D8C008C5B8637500651D4C2C]
[UP] (ACTIVE) c:\windows\system32\shlwapi.dll	[PX5: 576A118E00D6F40F3CC807BA0889E100DE680372]
[u] (ACTIVE) c:\windows\system32\comdlg32.dll	[PX5: A9241E4200D223D04A440478464A410020B92150]
[u] (ACTIVE) c:\windows\system32\msimg32.dll	[PX5: 25F0CF4400FBAF01125100CC1C82B700F868C905]
[u] (ACTIVE) c:\windows\system32\oleaut32.dll	[PX5: 562389F100939B5B6CB5087362AE530080541A4F]
[u] (ACTIVE) c:\windows\system32\version.dll	[PX5: 72DD0533003F26F04A6F00F9C3C0BF0021938452]
[u] (ACTIVE) c:\windows\system32\ole32.dll	[PX5: 8C38473E00863731A4D713E8E1EB56002957DA50]
[u] (ACTIVE) c:\windows\system32\wsock32.dll	[PX5: CE653C69007169C960BA00D23FB0BD00EEC48F49]
[u] (ACTIVE) c:\windows\system32\ws2_32.dll	[PX5: 3BB2796F00A10256423801F2C684DE0049FC67E2]
[u] (ACTIVE) c:\windows\system32\ws2help.dll	[PX5: 2F03D11F003A101D4E4C00E172F606004F41078C]
[u] (ACTIVE) c:\windows\system32\imm32.dll	[PX5: 1DD43B55004334A8AE2F014DB680150012DE5AAA]
[u] (ACTIVE) c:\windows\system32\uxtheme.dll	[PX5: E5D7F2E800824B405A3603AE38D2F600B9CC76D6]
[u] (ACTIVE) c:\programmi\eset\eset nod32 antivirus\eplghooks.dll	[PX5: 9292BD7C0071A69329090000E9575800AC4B0B76]
[u] (ACTIVE) c:\windows\system32\msctf.dll	[PX5: F0E2572800A034F38CF204E021343F00261B5B7D]
[u] (ACTIVE) c:\windows\system32\msctfime.ime	[PX5: 7067BC94004780DCB40902EBE043D700A615E886]
[u] (ACTIVE) c:\windows\system32\psapi.dll	[PX5: E35D9B0B00FEA8935A5E00283FFF700020BDE028]
[u] (ACTIVE) c:\windows\system32\msasn1.dll	[PX5: 171DDD460018FDFEE099001A630D9400DF589454]
[u] (ACTIVE) c:\windows\system32\wintrust.dll	[PX5: BBF3FE7400DC07F9B27E02AF374E86001CB2C26D]
[u] (ACTIVE) c:\windows\system32\imagehlp.dll	[PX5: E0EC5CAB0066DD3B342C025E6B2639005054F18F]
[u] (ACTIVE) c:\windows\system32\netapi32.dll	[PX5: 7462A9A40068AC15264705268CA7AC00B2D0EEE7]
[u] (ACTIVE) c:\windows\system32\clbcatq.dll	[PX5: 15FCF1DF004402F39C04073EB1C251005C38F195]
[u] (ACTIVE) c:\windows\system32\comres.dll	[PX5: 98DADC0600EB0B1EE8B90C7CE8FD78003677F052]
[u] (ACTIVE) c:\windows\system32\normaliz.dll	[PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC]
[u] (ACTIVE) c:\windows\system32\wldap32.dll	[PX5: 4FAF0CCF005A3487A41A02DEA0C6E600D4A134BA]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll	[PX5: AC5C497F0055FC0ABE1908A65B418300E537E4DE]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll	[PX5: 03159C9A00BD1DFF02E50A2E72C589000A8187C0]
[u] (ACTIVE) c:\windows\system32\wininet.dll	[PX5: 5501E6E600D89D2F9C060C6E6D5FC50032BD4EDA]
[u] (ACTIVE) c:\windows\system32\iertutil.dll	[PX5: 6946C4A20009ACA216050494706B560017AA3411]
[u] (ACTIVE) c:\windows\system32\userenv.dll	[PX5: 274E3C2F0024BF1B2E530B5A3AB5EA005966585D]
[u] (ACTIVE) c:\windows\system32\comctl32.dll	[PX5: 4F0A2D1A00E7D4E26C3A0997943FEB000329CD14]
[u] (ACTIVE) c:\windows\system32\ntmarta.dll	[PX5: CAEC3300005C7928D46401D2530266003B89D601]
[u] (ACTIVE) c:\windows\system32\samlib.dll	[PX5: 8D01FD2500585BE6FAB30073BDEFF800B80FA751]
[u] (ACTIVE) c:\windows\system32\sxs.dll	[PX5: 713555D00016AF6EE8430A4532698B00B2B0D6FB]
[u] (ACTIVE) c:\windows\system32\setupapi.dll	[PX5: A5C89CD9001856B348A00F7F17668400445A4D3A]
[u] (ACTIVE) c:\windows\system32\msvcr71.dll	[PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7]
[u] (ACTIVE) c:\windows\system32\mlang.dll	[PX5: 6E13A09800C70FA5F25108E1CB865E001459364F]
[u] (ACTIVE) c:\windows\system32\ieframe.dll	[PX5: 1B65A05100803F74925D5CDF2E87F60093DC333A]
[u] (ACTIVE) c:\windows\system32\apphelp.dll	[PX5: 7DD420CF00F6748FEC9D0116E0C40B00C00681B2]
[u] (ACTIVE) c:\windows\system32\urlmon.dll	[PX5: 1830714000B5A583B4D8114BB2FE140036679107]
[u] (ACTIVE) c:\windows\system32\printui.dll	[PX5: 57E3645B00F69FCCBE1508DC243AAB001B0A3450]
[u] (ACTIVE) c:\windows\system32\winmm.dll	[PX5: 978C27FA008570E1BA4602C184808000715F7906]
[u] (ACTIVE) c:\windows\system32\syncor11.dll	[PX5: 56E15181747BAE389F160001BE58ED00D2577DF5]
[u] (ACTIVE) c:\windows\system32\rasapi32.dll	[PX5: AA8193BD006AA0579EC20327E3F9F30087FD2DB4]
[u] (ACTIVE) c:\windows\system32\rasman.dll	[PX5: 77194E7400E5FB53F01C00AE34FFD9000A4CB783]
[u] (ACTIVE) c:\windows\system32\tapi32.dll	[PX5: C36F2E8700D12E04C6C302810580430078DCA789]
[u] (ACTIVE) c:\windows\system32\rtutils.dll	[PX5: F9B8224300F34E57AC8300EE0FFA3000F5CFE48E]
[u] (ACTIVE) c:\windows\system32\msv1_0.dll	[PX5: 9A88E7E7008A58EA065402F6DD6A1C000FA35A1D]
[u] (ACTIVE) c:\windows\system32\iphlpapi.dll	[PX5: 24772E090078A26F766401E3B6F17D00CC3B3674]
[u] (ACTIVE) c:\windows\system32\dnsapi.dll	[PX5: AAB816C7003C4D3542E702845D4F1A00ADA0B52F]
[u] (ACTIVE) c:\windows\system32\rasadhlp.dll	[PX5: AF995D430035502F1E80003B3C2E0700C3F1D82B]
[u] (ACTIVE) c:\windows\system32\hnetcfg.dll	[PX5: F713C38700FD77104A6B055D5FAF3E006317D673]
[u] (ACTIVE) c:\windows\system32\wtsapi32.dll	[PX5: 6C158B26004CDD7F48CB0056162141006D84B503]
[u] (ACTIVE) c:\windows\system32\winsta.dll	[PX5: 3F914A3A00E0D736D2B700CB4D57A000351EE079]
[u] (ACTIVE) c:\windows\system32\shfolder.dll	[PX5: D7C4D1810078CAFA6257006B0FCBCA007DD6FB27]
[u] (ACTIVE) c:\windows\system32\dbghelp.dll	[PX5: 1C3B1F7000AA9962C4DD09B7DE1BD70021E1A65D]
[u] (ACTIVE) c:\windows\system32\shimeng.dll	[PX5: 1C9AA7B7007DD654FEFC00788B6C1800612ED17B]
[u] (ACTIVE) c:\windows\system32\msacm32.dll	[PX5: 080EB6CD004E00D518E10174AB0E1E006A4BC771]
[u] (ACTIVE) c:\windows\apppatch\acgenral.dll	[PX5: 4D65F25E00FF9793461B1C7DEBB460009BA7A0FC]
[u] (ACTIVE) c:\windows\system32\winrnr.dll	[PX5: 41D0CEB60004FECC421A00697B818200CFEEC440]
[u] (ACTIVE) c:\windows\system32\winlogon.exe	[PX5: 38B01C05009EAAB8CA1307D21BFA8500D5209A80]
[u] (ACTIVE) c:\windows\system32\wbem\wbemcons.dll	[PX5: C4055E2F0069E1FB18EE014DE14F77006C2EEE4C]
[u] (ACTIVE) c:\windows\system32\xpsp2res.dll	[PX5: C51367FA002C624034732D6118710400C99F098E]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll	[PX5: 8D49CA8B0045989150E01A3D8ECF5200FFFD914A]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll	[PX5: 1CD79A6B00ACCCBD60660869F17C0900CE4B6B7D]
[u] (ACTIVE) c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll	[PX5: 9A45456900EE9D7990C909755A3A5C00A6DAF154]
[u] (ACTIVE) c:\windows\system32\msvcp60.dll	[PX5: AA21CEE700C12E8E50900683114B4B0004C88863]
[u] (ACTIVE) c:\windows\system32\sensapi.dll	[PX5: 98E3F7D700E71D181C6C0033011978003E0D282E]
[u] (ACTIVE) c:\programmi\java\jre6\bin\msvcr71.dll	[PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7]
[u] (ACTIVE) c:\windows\system32\rsaenh.dll	[PX5: 47100BA200180DA62E1F0385EB4B3E0076D11132]
[u] (ACTIVE) c:\windows\system32\browseui.dll	[PX5: F792BF8E0002533AA4770FCA84DCA600E655036B]
[u] (ACTIVE) c:\windows\system32\ntshrui.dll	[PX5: F959802D002AA3A138E5028649815A0083AB1AC6]
[u] (ACTIVE) c:\windows\system32\atl.dll	[PX5: 357BD57500B0B091E6D600D9FBC34C0036D5E702]
[u] (ACTIVE) c:\windows\system32\mydocs.dll	[PX5: F843A7AA00FE6D8764D20180D1DB9B0091287905]
[u] (ACTIVE) c:\windows\system32\cryptui.dll	[PX5: FC12AF700069F9D2FE0607E01D89BF009FFEAA01]
[u] (ACTIVE) c:\windows\system32\shdocvw.dll	[PX5: 3AD563BC000FEBCAE0031621E82892007791C9DF]
[u] (ACTIVE) c:\windows\system32\mpr.dll	[PX5: 7E26821800AF617DEA1E00393C441F008910575D]
[u] (ACTIVE) c:\windows\system32\aclui.dll	[PX5: D2BD0ADF00DF9254D867011A1BEEBF005606B51F]
[u] (ACTIVE) c:\windows\system32\powrprof.dll	[PX5: 47CD29DB00778E26447100327527F900E21B3CB0]
[u] (ACTIVE) c:\windows\system32\smss.exe	[PX5: FB45C9580064EFA6C69B00AD18ED030059F6B39B]
[u] (ACTIVE) c:\windows\system32\csrss.exe	[PX5: 7E2C457100B8DB47182600665DD0AE005A93CA97]
[u] (ACTIVE) c:\windows\system32\themeui.dll	[PX5: ECA32DB100FCED1CF4BB05B20510E40018102672]
[u] (ACTIVE) c:\windows\system32\msgina.dll	[PX5: 23935CBF00B404A2462E0FE2C0CB7E004CA3B2A2]
[u] (ACTIVE) c:\windows\system32\odbc32.dll	[PX5: EF73221700267D3DD05803C7ECF13C00D009DECD]
[u] (ACTIVE) c:\windows\system32\odbcint.dll	[PX5: 39D4A2AD00248E14806101AEBBE29A00FD9EFA81]
[u] (ACTIVE) c:\documents and settings\me\desktop\procexp.exe	[PX5: 3EC508198060D3EA2D5C36FD5B3C6000DF1706F5]
[u] (ACTIVE) c:\windows\system32\wdmaud.drv	[PX5: 49BE13F700CFB9ED5C2500DA53C34B005C35FEBB]
[u] (ACTIVE) c:\windows\system32\msacm32.drv	[PX5: F8EB7CDA00A2596F522700876A3BC9005F29A42B]
[u] (ACTIVE) c:\windows\system32\midimap.dll	[PX5: C932A298002D88084A000079BA6DCB001CD61712]
[u] (ACTIVE) c:\windows\system32\wuaueng.dll	[PX5: 96A8FDF31820FD8A9E1D1B88260572006ACE6A58]
[u] (ACTIVE) c:\windows\system32\winhttp.dll	[PX5: 67ED58D300BC635A687905931B10E900AAF235CB]
[u] (ACTIVE) c:\windows\system32\cabinet.dll	[PX5: 6B05D36F006B49D9EC6F009789851600A9D665FB]
[u] (ACTIVE) c:\windows\system32\mspatcha.dll	[PX5: 082417FC003C31E4749D001F964017002A684FB5]
[u] (ACTIVE) c:\windows\system32\esent.dll	[PX5: 91DCA05F007729B0AAFA1082F45464008F044772]
[u] c:\programmi\webteh\bsplayer\uninstall.exe	[PX5: 292735B62F82DF4F02DA011FBFB0CE0055626A5D]
[u] c:\documents and settings\me\desktop\ccsetup217_slim.exe	[PX5: 6F68B2EC185BE6A058940E85E64EAB00D27526EA]
[u] c:\windows\system32\wbem\tmplprov.dll	[PX5: 3E4F2573000CD2C5F29D00882B2450007E73BC49]
[u] c:\windows\system32\wbem\updprov.dll	[PX5: AC40FEF30018ECBEC68C0156F0891D007A1ABD8B]
[u] c:\windows\system32\wbem\dsprov.dll	[PX5: 34A8F87600EEC9EBD6D0019710DC3200BDAB7ECD]
[u] c:\windows\system32\wbem\fwdprov.dll	[PX5: C5882378005F233ED05E0053CB65BA00A0F65E6F]
[u] c:\programmi\eset\eset nod32 antivirus\callmsi.exe	[PX5: 03F6F5A6008BA546059D0191BA8BE9003A0D9D5E]
[u] c:\windows\system32\wbem\msiprov.dll	[PX5: 37D3D88500F4539C2EE804ECAA9C7A00D1BA1098]
[u] c:\windows\system32\wbem\smtpcons.dll	[PX5: F43CEC7700EA1EACA0DA00217410DF0071CA1FEB]
[u] c:\windows\system32\wbem\trnsprov.dll	[PX5: B49F52190036A998EA3F00A6D0516500F9E1985D]
[u] c:\windows\system32\wbem\wmitimep.dll	[PX5: FA04985A0019BB35CCB7008DA3321500D3FAF77A]
[u] c:\programmi\file comuni\microsoft shared\textconv\html32.cnv	[PX5: 4D9506A9385CE7D6C22D044B3348F800EABDC1BF]
[u] c:\windows\system32\wbem\wmimsg.dll	[PX5: 17DE9138001AC6F9F02A008F3DD1CA0059DAC10E]
[u] c:\windows\autoclk.exe	[PX5: 49A7C874003214CFB0CC02317EED1C0078A93FCA]
[u] c:\windows\system32\msxml4.dll	[PX5: EABA86F708DA1BE5A07B13076693B200CA2D7643]
[u] c:\windows\system32\audio3d.dll	[PX5: 06B57C0100809EEC006C0BEAA031B000E562E488]
[u] c:\windows\system32\dgsetup.dll	[PX5: 9D89C0B01C87746D4EB801AD614F2B004CCD0348]
[u] c:\windows\system32\dgrpsetu.dll	[PX5: 4193CE261D661EA8B055021EB52473004F54853A]
[u] c:\windows\syncor.exe	[PX5: DA6795E500A434BAD08A05E4121044008774B011]
[u] c:\windows\synthcorea.dll	[PX5: AEC35A9500BF542DF0F70E41E9DCC200DD95C635]
[u] c:\programmi\analog devices\soundmax\smax3cp.cpl	[PX5: 5CE5B10C00C2E52D90B901485B9F18000119BB01]
[u] c:\windows\system32\s11thk32.dll	[PX5: 80D7517400424463C02B0046C0DD7A00197F9813]
[u] c:\windows\system32\getuname.dll	[PX5: 5C6E9A5800D2E8D53E0009C7DF5B6700D7CC4B28]
[u] c:\windows\system32\avtapi.dll	[PX5: AEF2F5170097D78C900A03070F2E140011C6B698]
[u] c:\windows\isuninst.exe	[PX5: E4A984D4009E6674AE60043BB74BCC00D1649AF5]
[u] c:\windows\system32\avwav.dll	[PX5: 737DE91A00AE1AB21EAD012E3562E6001B580DF7]
[u] c:\windows\system32\virtear.dll	[PX5: 6C92F50500118DEE20670F884461A4000DFD432E]
[u] c:\windows\system32\smmedia.dll	[PX5: C42CE4D400AAC6119E6313D01536BB006C7AC7BB]
[u] c:\programmi\windows live\messenger\wlcstart.exe	[PX5: 3FE7169E60D42679F3E20017F2D91100F7E84F9F]
[u] c:\windows\system32\gdiplus.dll	[PX5: 221491A80896B6071B0119D37DDB5A005C35FA30]
[u] c:\programmi\java\jre6\bin\regutils.dll	[PX5: 8EAFD7310003D41400550406EA3CAF004A82D996]
[u] c:\programmi\malwarebytes' anti-malware\unins000.exe	[PX5: 7CABF2D39064C37182CF0A561A0FFB008E88A0B2]
[u] c:\programmi\a-squared free\unins000.exe	[PX5: 7CABF2D39864C371F4CF0A561A0FFB0087E3E8DB]
[u] c:\documents and settings\me\impostazioni locali\temp\esiasdrv.sys	[PX5: 7FA1864C088249E3848100B77E84EB0063CC303C]
[u] c:\windows\system32\acledit.dll	[PX5: 255F83BE0043299E06A2021433555A006FC8471F]
[u] c:\windows\system32\activeds.tlb	[PX5: 10C26EAA000E131CB251013AAA5AF100A6E55102]
[u] c:\windows\system32\adptif.dll	[PX5: BE23BE7B00CB1074666600322A403D005E6B2296]
[u] c:\windows\system32\adsnds.dll	[PX5: F175D6E8003F60697CAD02C6EADB3600E6EE5FEB]
[u] c:\windows\system32\apcups.dll	[PX5: 8A5CFE5E0040F8FA92490110BD0B5500BDF1FC59]
[u] c:\windows\system32\append.exe	[PX5: 33C5C530624423FA318100A9FC947F00128D8604]
[u] c:\windows\system32\arp.exe	[PX5: B453C16800D2308B4E4200977B246F009936C4DD]
[u] c:\windows\system32\asr_ldm.exe	[PX5: 098D535F002C268D90D500B692AD2600F23DC978]
[u] c:\windows\system32\atkctrs.dll	[PX5: ACD6366100FD2CBE364300CBB95F8A0044B4C060]
[u] c:\windows\system32\drivers\atmepvc.sys	[PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B]
[u] c:\windows\system32\atmpvcno.dll	[PX5: 6410E9350083298F88FA00FFF71A69006A254153]
[u] c:\windows\system32\drivers\atmuni.sys	[PX5: 92E7BF650082565E607E05AD216E0900953642D5]
[u] c:\windows\system32\autodisc.dll	[PX5: 0B854AE800BA46713EDB01807D955E00702D2DEC]
[u] c:\windows\system32\avicap32.dll	[PX5: 5C72577B0065F7A400FE01FA40091200384DCE93]
[u] c:\windows\system32\avicap.dll	[PX5: 8D50F512B0D5AAB0126C01BC85534E00FA0EC9E8]
[u] c:\windows\system32\avifile.dll	[PX5: 23078576D07C879BAB0E016052733100CC123BD6]
[u] c:\windows\system32\bootok.exe	[PX5: F569433D0008EB86125800A1B45900002310508A]
[u] c:\windows\system32\bootvrfy.exe	[PX5: 0A1BBDF400A1D9441454008215242C00640EF135]
[u] c:\windows\system32\drivers\cbidf2k.sys	[PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7]
[u] c:\windows\system32\ccfgnt.dll	[PX5: 971D08F9000641116C8E0071062D45000119820C]
[u] c:\windows\system32\chcp.com	[PX5: 62142BAC004172551EE000230CC13000B22EADAF]
[u] c:\windows\system32\chkdsk.exe	[PX5: 1086954400E415602E7900AC8CF8A6009AB081B6]
[u] c:\windows\system32\chkntfs.exe	[PX5: E8B96802005098632C3F00575B813700468EB6A8]
[u] c:\windows\system32\ciadmin.dll	[PX5: E4BB510900859F3886C702CD62B76F00EC06704E]
[u] c:\windows\system32\cidaemon.exe	[PX5: 294C30670067C14D209300448CFCAF0090848BF3]
[u] c:\windows\system32\drivers\cinemst2.sys	[PX5: 7C4B5F6480542F0A010D0467679A3400F24D4424]
[u] c:\windows\system32\ckcnv.exe	[PX5: 068269F8003758241E9400619EF00C001FF98947]
[u] c:\windows\system32\shellstyle.dll	[PX5: C331CBAC00F33620A65B06B5A6B1F50051532311]
[u] c:\windows\system32\cmpbk32.dll	[PX5: 9AE4F3510027B04D38540076225EFC008B85C319]
[u] c:\windows\system32\cnetcfg.dll	[PX5: B4E51ABC003C3F2880C600786A5A2D0017E0A6CA]
[u] c:\windows\system32\cnvfat.dll	[PX5: 49AD2A5C00BAC153684B004C45837D000270E8F3]
[u] c:\windows\system32\comcat.dll	[PX5: 0246801000C0A6C80E5A003B3C2E0700B79BCD14]
[u] c:\windows\system32\commdlg.dll	[PX5: D41FE74160643BD6833B006BB7E5A9004410FDC1]
[u] c:\windows\system32\compact.exe	[PX5: BCD1D91D00679CF548B900DC3BCE6800C5D6158C]
[u] c:\windows\system32\compobj.dll	[PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F]
[u] c:\windows\system32\drivers\pxscan.sys	[PX5: 11EEE13208526D6558A400F26A394F00E75A87AE]
[u] c:\windows\system32\console.dll	[PX5: 350F39E9006155800638013413E66C00F02E9B35]
[u] c:\windows\system32\control.exe	[PX5: 2549691E00D7FEE920C900E6B3BA7000953D4AE3]
[u] c:\windows\system32\convert.exe	[PX5: 592350C10039A1473628002D12444900FB693407]
[u] c:\windows\system32\drivers\cpqdap01.sys	[PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3]
[u] c:\windows\system32\csseqchk.dll	[PX5: E242EAF600C5D1D620BB019D6A836B0042F7831A]
[u] c:\windows\system32\ctl3dv2.dll	[PX5: C84734B440655DC66A4D00304EF8AC0014627D07]
[u] c:\windows\system32\d3dim.dll	[PX5: C4FFB71C0095035EA8C5063712F66B0078F5B1A5]
[u] c:\windows\system32\d3dpmesh.dll	[PX5: 7B3888C20007A1C4889B0041D3249200AC2C0BBD]
[u] c:\windows\system32\d3drm.dll	[PX5: 10917D680044F8D858BD05B8E8901C002B105CFE]
[u] c:\windows\system32\d3dxof.dll	[PX5: 13F18C7F00AA32C4BA5F00E79FE7D2000A893DE6]
[u] c:\windows\system32\ddeml.dll	[PX5: 87F926CB00F2CB349A1200182C7413003E6FB37C]
[u] c:\windows\system32\debug.exe	[PX5: 86C9E8109AC508EC52A300360575330053F48D3F]
[u] c:\windows\system32\deskadp.dll	[PX5: 1FEBC52C0075696A427B005EACC72200AF70D61C]
[u] c:\windows\system32\deskmon.dll	[PX5: E6AC7E1B00B4347342D70033642CB1001FC78895]
[u] c:\windows\system32\deskperf.dll	[PX5: DEBA621400871F794A8D0005514927006E3B795A]
[u] c:\windows\system32\dhcpsapi.dll	[PX5: 25DB6C9800998C8D24B501B008F53A0032B4B6EC]
[u] c:\windows\system32\diactfrm.dll	[PX5: 54B567AE008CF572082C06E3C74BAD00BB80B1C2]
[u] c:\windows\system32\dimap.dll	[PX5: A562A54A007E37CFAC93009CFA17FE006159AB7A]
[u] c:\windows\system32\diskcomp.com	[PX5: 8CD292D500E33AB824A100536EC85C00EF809D63]
[u] c:\windows\system32\diskcopy.com	[PX5: F30F3BB80016CEF71C05003B3C2E07009B70B4C9]
[u] c:\windows\zip.exe	[PX5: 6A67689000B47A4A0A0D017314D3030032CE2915]
[u] c:\windows\system32\diskperf.exe	[PX5: 2829F2BF00BF42304A6500D46E590900AC98C212]
[u] c:\windows\system32\dllhst3g.exe	[PX5: 3B83660A0079725C129A00667D2C7300AF333CC4]
[u] c:\windows\system32\dmconfig.dll	[PX5: FFDFA37900346E680CDD05DBC9A184000EE3D855]
[u] c:\windows\grep.exe	[PX5: 3135F7601CE57F623A270192F3A51400FAF55654]
[u] c:\windows\system32\dmdskres.dll	[PX5: 8D3B22C9007915AEF4F401E0E6650E000C2D506F]
[u] c:\windows\system32\dmintf.dll	[PX5: 847B69C400B22AC348B5003B3C2E0700BC6922E3]
[u] c:\windows\system32\dmview.ocx	[PX5: 6221709600445C13F0E30047CCD00F00125736CC]
[u] c:\windows\system32\docprop.dll	[PX5: 4D155A630014F006B8E7003E1F6CD600C0918C31]
[u] c:\windows\system32\doskey.exe	[PX5: 3DFF732F00B2A3A62AB7004F29AEE200BB284302]
[u] c:\windows\system32\dplay.dll	[PX5: 61D801A7107F7A7E816500549A0E46000B5D7981]
[u] c:\windows\system32\dpnmodem.dll	[PX5: 76FB127600B9C295F40E00D5C6DD8A0084143E48]
[u] c:\windows\system32\dpnwsock.dll	[PX5: A7FEB4F80038F77EF23A000037F94D009A0C4C3A]
[u] c:\windows\system32\dpserial.dll	[PX5: F3FA165910C5910FD3FB00906AFC6500E7FC7276]
[u] c:\windows\system32\dpwsock.dll	[PX5: A87A564D1063697CA792007F4D1002002C710E0E]
[u] c:\windows\system32\drwatson.exe	[PX5: FD38D29F60AF31A86E160029DCB43500291D0D31]
[u] c:\windows\system32\dsauth.dll	[PX5: 1276D2A700F7E6F5F67800EA938FEE00CB5E7A94]
[u] c:\windows\system32\dvdplay.exe	[PX5: 30AAA28A00FEB62EE27500F92FFA1100D6F8CE53]
[u] c:\windows\system32\edit.com	[PX5: B542A12F4E6E0DA414520148D1845800064EF6D9]
[u] c:\windows\system32\edlin.exe	[PX5: 9CDC2E17C2E71092323F005F0F7BFC0009639A5B]
[u] c:\windows\system32\wbem\wbemads.dll	[PX5: 9F454CF6000FCC0C30BA00C5B578C000397CC27A]
[u] c:\windows\system32\esent97.dll	[PX5: F1F57D5910A67BBA03A511F24777F500CC1949E5]
[u] c:\windows\system32\esentprf.dll	[PX5: 0756CBAA00C44459447700E07EEE4600CDA677D1]
[u] c:\windows\system32\wbem\wbemads.tlb	[PX5: 4C949150002C3C757A81002BC9900A00286938B5]
[u] c:\windows\system32\esentutl.exe	[PX5: 7C67F741006043B39A0D00C22981B2002E5514CD]
[u] c:\windows\system32\eventcls.dll	[PX5: 1A215A2A0036917D823B00C6E6618A000F9E4F3C]
[u] c:\windows\system32\eventvwr.exe	[PX5: 4EF8F67D007669A324390017AA36FA008DD4EB55]
[u] c:\windows\system32\exe2bin.exe	[PX5: 811C5CBE681FD35D21DA0092B5552E0021B4F928]
[u] c:\windows\system32\expand.exe	[PX5: CDCFF1B60077778E4018008D1F34CC008F3B49FB]
[u] c:\windows\system32\fastopen.exe	[PX5: 68062C0E72CE86AB03780001B5B47F00DC855A06]
[u] c:\windows\system32\fc.exe	[PX5: FCF485F1002C473C3A740081C9ECE80087407D56]
[u] c:\windows\system32\find.exe	[PX5: FE1EFFCB00504A2E244900DFA0ADA500233B1DF3]
[u] c:\windows\system32\finger.exe	[PX5: 1D15F85400745F88266500D8826896007EC3244E]
[u] c:\windows\system32\fixmapi.exe	[PX5: 8FEB7C6F0086FF5A0C6B00150530FA00B79BCD14]
[u] c:\windows\system32\fmifs.dll	[PX5: 3C050160004167A9407200F897DA0F0041897D56]
[u] c:\windows\system32\fsusd.dll	[PX5: C16BE175003AC012409301F524BCFA00B358516F]
[u] c:\windows\system32\fsutil.exe	[PX5: E5D52EDC00D893E9EED9005AF76777008FC9340F]
[u] c:\windows\system32\ftsrch.dll	[PX5: 9A53ABFF00A46317B25D02FF9535FA001423BE53]
[u] c:\windows\system32\g711codc.ax	[PX5: 14A6DC1E00D94176A2D300C57D8D6C0092897C4B]
[u] c:\windows\system32\gcdef.dll	[PX5: 04BD2A36002ABDBF302801B230A658000915B07D]
[u] c:\windows\system32\glmf32.dll	[PX5: 8FF86B8B009E6B145A5504566048B800605DFDDA]
[u] c:\windows\system32\kbdycl.dll	[PX5: E82543E9001C48FB1AE100DB66B55C003CDC71CA]
[u] c:\windows\system32\gpupdate.exe	[PX5: BA599EEF008C54ADE61E00A6195AA300BAF53FF8]
[u] c:\windows\system32\graftabl.com	[PX5: 0FE61FD6007A5D06668800223CE439003DD31168]
[u] c:\windows\system32\hnetmon.dll	[PX5: CBE83424008FC3CC3C9C0032FD1A7400CA71A6BC]
[u] c:\windows\system32\hostname.exe	[PX5: 01B352090062058222A800B871FA5600E4E416C3]
[u] c:\windows\system32\iasacct.dll	[PX5: 3A7BCE5A00767F135C6500C193B9D5001D83EF95]
[u] c:\windows\system32\iasads.dll	[PX5: B9182F9500A5D8B2A29B00B24D901400A4FBC32E]
[u] c:\windows\system32\iashlpr.dll	[PX5: 15E3B59D0007156C7E8500241F3DF700C70C209A]
[u] c:\windows\system32\iasnap.dll	[PX5: BF967F6B00819FE0F4CE00C3BAA44000FABE6FFA]
[u] c:\windows\system32\iaspolcy.dll	[PX5: 1112BD6B00DA039E469100E7A752A4008B2C43DB]
[u] c:\windows\system32\iasrecst.dll	[PX5: 41A4279C00C3CDFC287E02930A7A370026F417D8]
[u] c:\windows\system32\iassam.dll	[PX5: 4ACD95D40095E30B52FF01A122B85700B1A60437]
[u] c:\windows\system32\iassdo.dll	[PX5: B43DC82D001E1FE8DE6B03071346E800B94F0055]
[u] c:\windows\system32\iassvcs.dll	[PX5: 7A17C38500769ED6F05400E1A364A6002E27D06F]
[u] c:\windows\system32\icmui.dll	[PX5: 79852F4F004FA70AD8870036A8B3F300BFB6CC72]
[u] c:\windows\system32\tscupgrd.exe	[PX5: 96D9AEE500AC457BAE7E0047A234C30055FB12E0]
[u] c:\windows\system32\ifsutil.dll	[PX5: DC4770E5004B4BC614EA01969D3AD00059C904E8]
[u] c:\windows\system32\iissuba.dll	[PX5: 333870ED00C68D7524550033A8DA2200177D43CC]
[u] c:\windows\system32\inetcplc.dll	[PX5: 0301BC7300CE7D23D48901A9BAE490003EB7FEA2]
[u] c:\windows\system32\infosoft.dll	[PX5: 2CDB31710086C2C1E08406D1C61673004093D560]
[u] c:\windows\system32\iologmsg.dll	[PX5: C8F05831004D6A018CFC00CACD628D003F263C81]
[u] c:\windows\system32\iprop.dll	[PX5: A4B5F86400EACF0B0ED900CF73583500B79BCD14]
[u] c:\windows\system32\iprtprio.dll	[PX5: 5D17159F000ADB5F1093007AADDE9800B79BCD14]
[u] c:\windows\system32\ipsec6.exe	[PX5: E25FEFD2004F6932B21F001651F94600E6D28907]
[u] c:\windows\system32\ipxmontr.dll	[PX5: BEE4D98A00A0A8105C9401E75180D5005962F155]
[u] c:\windows\system32\ipxpromn.dll	[PX5: 319DEFB900B083C2183201383D84A3007C933D1C]
[u] c:\windows\system32\ipxrip.dll	[PX5: 859821B9009D40A9548200AD83A363008B36EF0D]
[u] c:\windows\system32\ipxrtmgr.dll	[PX5: 4718448E00AA1CC09C1B00C6E262700012078A35]
[u] c:\windows\system32\ipxsap.dll	[PX5: 85797B9500D099280499015DBB948C00AAAAF548]
[u] c:\windows\system32\jet500.dll	[PX5: F1809CDE009860DA88F00540571EF20054FEA15C]
[u] c:\windows\system32\reset.exe	[PX5: 6B0EA7C80018D2A72657007CF67DD1001015FA99]
[u] c:\windows\system32\jgaw400.dll	[PX5: CA1C6A7800F11936AEEA008D81474C006C116D0C]
[u] c:\windows\system32\jgmd400.dll	[PX5: 5FFB60E700258B788C7200A67647E20040E0BEBB]
[u] c:\windows\system32\jgsd400.dll	[PX5: 88E4D35400F6128BB2C100C538B800006F206129]
[u] c:\windows\system32\jgsh400.dll	[PX5: 290048820064052A006701039E424E004626EA67]
[u] c:\windows\system32\jobexec.dll	[PX5: B8417B505085E1D6BFDE00D8D37A4D003E439A2E]
[u] c:\windows\system32\jsit.dll	[PX5: 4213EAF52FB0CAF270110031787A4700B8739C7E]
[u] c:\windows\system32\kbdbe.dll	[PX5: 48FDB2CB00F2B06518CA009E462900005E1643BF]
[u] c:\windows\system32\kbdbene.dll	[PX5: FE3101B600DD63A218C80009E1A04B002AE7F7EB]
[u] c:\windows\system32\kbdbr.dll	[PX5: 74070A8C000919F6185500B353B4DE0006588985]
[u] c:\windows\system32\kbdca.dll	[PX5: B92ED5B9005792E61812006E944F61000D940D14]
[u] c:\windows\system32\kbdcan.dll	[PX5: CAA133DE00AAFC421E1300B54A38DF0007D9EFA6]
[u] c:\windows\system32\kbdda.dll	[PX5: 24881EF000533D04186F006E8E5F5600C3AAD043]
[u] c:\windows\system32\kbddv.dll	[PX5: ED34EFC80039728214BF0032CFF4740071E095D3]
[u] c:\windows\system32\kbdes.dll	[PX5: 01EDE1B000E0CA0118A600B2E97B8C00E65CBEF1]
[u] c:\windows\system32\kbdfc.dll	[PX5: DF58154C0001E3F8181F007524BE200037E64113]
[u] c:\windows\system32\kbdfi.dll	[PX5: 48EE580D00FA4A861834002C6F0F8800375CF580]
[u] c:\windows\system32\kbdfo.dll	[PX5: DEE8FDE6002F2C97189B00C43AC78500739A4BF6]
[u] c:\windows\system32\kbdfr.dll	[PX5: DEC48D3900347DDF18ED005F331E3F00B4872F43]
[u] c:\windows\system32\kbdgae.dll	[PX5: F3512D80001A356F16DA00323386BA002E2F5555]
[u] c:\windows\system32\kbdgr1.dll	[PX5: 02EEA6A0005F3E741851005D3FDF7500C13DD479]
[u] c:\windows\system32\kbdgr.dll	[PX5: 4DF569E700DDEF701857000515A4BD009E9A507D]
[u] c:\windows\system32\kbdic.dll	[PX5: 55372CE0006CADDD18E60006EECB72006BA6A430]
[u] c:\windows\system32\kbdir.dll	[PX5: AD3FC81F00A34AFC1695004F6DE2EF00725D3CD6]
[u] c:\windows\system32\kbdit142.dll	[PX5: 413B35DE003D58931634005028DDC7001F6B26BC]
[u] c:\windows\system32\kbdla.dll	[PX5: A782AF5C002D56391AB8009D936AAA00646DF1FA]
[u] c:\windows\system32\kbdmac.dll	[PX5: E08CD36F00422D15180100CFAAD195008FE0678E]
[u] c:\windows\system32\kbdne.dll	[PX5: 19C8E4DD00463E6A186A00C65262CD00BB11DB57]
[u] c:\windows\system32\kbdno.dll	[PX5: A133804400BBA4A1186200204D642800A4FFC514]
[u] c:\windows\system32\kbdpo.dll	[PX5: 66DAE7380041832E184800C349947E002B6C82B9]
[u] c:\windows\system32\kbdsf.dll	[PX5: 6EA394E80094BFD4183A0046A2D29E0088783429]
[u] c:\windows\system32\kbdsg.dll	[PX5: 1428B5DE00FED1001A8300A507FDC000681433B7]
[u] c:\windows\system32\kbdsp.dll	[PX5: 782E990F000A4D37182F008DCC476C00EEAB2228]
[u] c:\windows\system32\kbdsw.dll	[PX5: 70FEA55C00F764DC18BE000C911EAA004C6FF86D]
[u] c:\windows\system32\kbduk.dll	[PX5: A085C50C0063ABE816A700AD836F5200D503ABC4]
[u] c:\windows\system32\kbdusl.dll	[PX5: ECD942B7004D75CF18740098D9D9F600E199B78A]
[u] c:\windows\system32\kbdusr.dll	[PX5: 4002D2E900F6D8061892000AE393F800DDA2AFB7]
[u] c:\windows\system32\kbdusx.dll	[PX5: 38E4317A003AC90F18CE006CD6D0E200133C6897]
[u] c:\windows\system32\label.exe	[PX5: 531189560038E51F26C200B58B3D600024A237E3]
[u] c:\windows\system32\langwrbk.dll	[PX5: 9D631F11006B809B5E3F01D350AD5A00BB8049E3]
[u] c:\windows\system32\lanman.drv	[PX5: A797EACD0BCFF4C3663403FC8369B500D2DCA4A2]
[u] c:\windows\system32\lights.exe	[PX5: BA6737C4005510D574B600F420A96700DE563870]
[u] c:\windows\system32\lodctr.exe	[PX5: 91495D390002F7261418001888D3DF0078863D42]
[u] c:\windows\system32\loghours.dll	[PX5: 5BF574DE00661463C6C600FA855DD400DD3CA2D3]
[u] c:\windows\system32\lpq.exe	[PX5: 1F0E55AF00A1F08A182800282F2C2900AAC28C38]
[u] c:\windows\system32\lpr.exe	[PX5: 82062E7200C988DB22A300948AE4CC0002953983]
[u] c:\windows\system32\lprmonui.dll	[PX5: 03B568AA00796F2C24BE0058CC761300D852FE7D]
[u] c:\windows\system32\lzexpand.dll	[PX5: 91470E2FD0E18E01263D006490DF71006BAC8026]
[u] c:\windows\system32\mag_hook.dll	[PX5: CFFACE9100DAB49F20920015EE4079008CDF98B7]
[u] c:\windows\system32\mapistub.dll	[PX5: 77CE006E0094CBFAB6940177F1356D0035600D22]
[u] c:\windows\system32\mcd32.dll	[PX5: 2A9594C100E3B83A28C100B6FADBE900CFDF34AA]
[u] c:\windows\system32\drivers\mcd.sys	[PX5: 874B185900D5916B1EF900C2FE181D00136FAB22]
[u] c:\windows\system32\mcdsrv32.dll	[PX5: AC1B62C900A6751929F000CAA4211200005F1832]
[u] c:\windows\system32\mciavi.drv	[PX5: 8B09E9FBC0AC80C41F5801300F1C5F00B1E6B4D8]
[u] c:\windows\system32\mcicda.dll	[PX5: 0DA6E175000EA08A4439008461784F00C0D40C82]
[u] c:\windows\system32\mciole16.dll	[PX5: 60D6406C00FB0E4220DE00EE027C8A002D7CC3BB]
[u] c:\windows\system32\mciole32.dll	[PX5: F6DE324D00A468C91E00003B3C2E07009BA3DCAB]
[u] c:\windows\system32\mciseq.drv	[PX5: 6F3561B8D089079262B000F61C353D001FC85F9C]
[u] c:\windows\system32\mciwave.drv	[PX5: 2D1A8D9600222A826E980084C50D45003B805765]
[u] c:\windows\system32\mdhcp.dll	[PX5: CDAA471C00BD4952C44300F8565CA9008B33804A]
[u] c:\windows\system32\mdwmdmsp.dll	[PX5: 8929DBC10006A516425D021FD20C8800227CA1D7]
[u] c:\windows\system32\mem.exe	[PX5: 6AD026121A847E269AD1009E08067900987AFFEC]
[u] c:\windows\system32\mfc40.dll	[PX5: 16D6E43310507C451B300EED26A0AE008707D019]
[u] c:\windows\system32\mfc40loc.dll	[PX5: 4515B8A4002C295AB0DA00FCDF067200DD5F6EF9]
[u] c:\windows\system32\wdmioctl.dll	[PX5: F269D3FA0031705B7636000BFAA5BC0047BC2AFC]
[u] c:\windows\system32\mll_hp.dll	[PX5: 664063F9001CB3AA0EBA00D509413200B79BCD14]
[u] c:\windows\system32\mll_mtf.dll	[PX5: 89BFACBB000C60AB1E55003B3C2E070065476AE8]
[u] c:\windows\system32\mll_qic.dll	[PX5: 08E2A6F500223E5116320085CE9DF00024578A17]
[u] c:\windows\system32\mmdrv.dll	[PX5: 10FFA6C500BC1E2E30680013AA59C6006C47E52F]
[u] c:\windows\system32\mmtask.tsk	[PX5: AAB73D4B80F9CFED040D00CDD00A1100133751C6]
[u] c:\windows\system32\mmutilse.dll	[PX5: 5B19A7C30025B470D44C014442CA0700E4019219]
[u] c:\windows\system32\mode.com	[PX5: 2E93A30400625BBF4CE400E712EA290044D98CF0]
[u] c:\windows\system32\modex.dll	[PX5: 095BD1948070B81D273000FFF5669A005A8E109B]
[u] c:\windows\system32\mountvol.exe	[PX5: 950D5FA80073BAFC2086006B5E8AEA003FC4D46E]
[u] c:\windows\system32\mpnotify.exe	[PX5: 5E082F3600FBCDFB56B7003B7441B300D2B4C13B]
[u] c:\windows\system32\mprddm.dll	[PX5: D700F4F90099829D0EFA01D9BB898C00B9BE1A0F]
[u] c:\windows\system32\mprui.dll	[PX5: 0177A32A00359BAAB80400603DBC0500BE96B1E3]
[u] c:\windows\system32\mqcertui.dll	[PX5: 05E28EF900505A972A980062E46D5A001E753199]
[u] c:\windows\system32\mqgentr.dll	[PX5: 772BBC130064B836EE5C00C399F4C400AF7617D2]
[u] c:\windows\system32\mqoa10.tlb	[PX5: 890539B100B9EDB7901000117E1B4900F43C71DE]
[u] c:\windows\system32\mqoa20.tlb	[PX5: 225AC36C00DB27AED80E002EE74ADF0006AD44A3]
[u] c:\windows\system32\mqoa.tlb	[PX5: 8312043700FA29423EC8014E4E2C9C000754A541]
[u] c:\windows\system32\mqperf.dll	[PX5: 4280D4F600AF2546201D000321D4360018CA2389]
[u] c:\windows\system32\mrinfo.exe	[PX5: B670D28200A973AF38CC008DB4842B00C4FEF66B]
[u] c:\windows\system32\msaatext.dll	[PX5: C4C283F1002389DA925D01FDC9418A008225E293]
[u] c:\windows\system32\msacm.dll	[PX5: 9509859960B48961EF3C0048E192C7002EB67DBB]
[u] c:\windows\system32\msaudite.dll	[PX5: 56340F75009355082629013C5B67AB001024352D]
[u] c:\windows\system32\mscat32.dll	[PX5: F6CF2A340087129C1CF2000A3C3556004FD28ABB]
[u] c:\windows\system32\msencode.dll	[PX5: F34AEEE64A28C8C7702E01989094D9005447DE3B]
[u] c:\windows\system32\msobjs.dll	[PX5: 4C7693F6007A43309AD900017A01FD005C932F40]
[u] c:\windows\system32\msports.dll	[PX5: 60CA55A400EE0C1AA68A00332E0FE9003A46FBD8]
[u] c:\windows\system32\msratelc.dll	[PX5: C1FA8CEE000E8B57FA0B00DF08A1AA008FE6B39B]
[u] c:\windows\system32\mssign32.dll	[PX5: E8DA9AA8004C4EB88E25006991013C00013194A0]
[u] c:\windows\system32\mssip32.dll	[PX5: 421532B400EBAD1512DB002CBACA7F0056EFEC9E]
[u] c:\windows\system32\msswch.dll	[PX5: DB83982900370724340E00B83641740065D23472]
[u] c:\windows\system32\msswchx.exe	[PX5: ABE92CDE0015D4071A2800C101B17F00CE29F367]
[u] c:\windows\system32\kbdblr.dll	[PX5: 3A6EE5860029A0B51678008DE1F1DE0042AF5F06]
[u] c:\windows\system32\kbdbu.dll	[PX5: BA8C93540032EFE2167E0013D1916A00447F56A2]
[u] c:\windows\system32\msvbvm50.dll	[PX5: AB1E8FA100B911FAB06314723D5B3D00FCADA405]
[u] c:\windows\system32\msvcp50.dll	[PX5: 4BB90EF900B92922A216081EDED87300EAD1CE5E]
[u] c:\windows\system32\msvideo.dll	[PX5: 790EE65FC0939660F0F4012F00509C00EF668BF3]
[u] c:\windows\system32\msxml2r.dll	[PX5: 0C84D0FB10E4977AAD8E003B3C2E0700B4E0D38C]
[u] c:\windows\system32\msxmlr.dll	[PX5: E89F740100EFB7857A1100B6632176007D489053]
[u] c:\windows\system32\mapi32.dll	[PX5: 77CE006E0094CBFAB6940177F1356D0035600D22]
[u] c:\windows\system32\narrhook.dll	[PX5: D6BAA4C7009812448E6200B4AC571B0025CCFD5C]
[u] c:\windows\system32\nbtstat.exe	[PX5: BF04663A005F4021569800FC697D4B001F11AD3B]
[u] c:\windows\system32\ncpa.cpl	[PX5: F96D363E009B4BD58C3D00A5C785D900C31CB145]
[u] c:\windows\system32\ncxpnt.dll	[PX5: 88EBDE83004225C51EC00003BE720300A994E7C7]
[u] c:\windows\system32\netapi.dll	[PX5: 3B2621E2C04DF3B2A77E0156CAF52A0029A06ED9]
[u] c:\windows\system32\neth.dll	[PX5: 8C1735C700D9C6606C250425C196AD00E912E270]
[u] c:\windows\system32\netui2.dll	[PX5: 0A3C6E24008D22B0BCC6044CDC2A0000CFE8CCD1]
[u] c:\windows\system32\netware.drv	[PX5: EDF56E466001B55B0AA60041140247008D222BEB]
[u] c:\windows\system32\drivers\nikedrv.sys	[PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9]
[u] c:\windows\system32\nlsfunc.exe	[PX5: A4D1F0AFBC3190781B71004FE07BA7005F811B97]
[u] c:\windows\system32\ntdsbcli.dll	[PX5: B11829BE002229D566A10036DAA52100D5962C16]
[u] c:\windows\system32\ntmsevt.dll	[PX5: 590B963C00EEE1ABAC570064E789180025A384F4]
[u] c:\windows\system32\nw16.exe	[PX5: 1C9B00C8B43E1DAB0C9E000EA41604005E45243C]
[u] c:\windows\system32\nwapi16.dll	[PX5: 77A3859500EA47B84437008354A14B00F8FEE881]
[u] c:\windows\system32\nwc.cpl	[PX5: 3F7F3A37008DD755927F001FFE8E6700C62C8C01]
[u] c:\windows\system32\nwcfg.dll	[PX5: 950CBF560042048050000025EBA96D005CF62FF6]
[u] c:\windows\system32\nwevent.dll	[PX5: 891AFBCD005BD67A18A700B6E45CDF00C6FA2066]
[u] c:\windows\system32\drivers\nwlnknb.sys	[PX5: 04BB889700AAB944F73D0096D8122400A0912260]
[u] c:\windows\system32\drivers\nwlnkspx.sys	[PX5: 38D410228045AB3DDA820098A4E752008EA9780C]
[u] c:\windows\system32\nwscript.exe	[PX5: 3B3753F100D6782AF88C01016864D500B1E9E452]
[u] c:\programmi\malwarebytes' anti-malware\mbamgui.exe	[PX5: A3F88E9990E9E8631869066471B2760063DB16D1]
[u] c:\windows\system32\ole2.dll	[PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31]
[u] c:\windows\system32\ole2disp.dll	[PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7]
[u] c:\windows\system32\wbem\winmgmt.exe	[PX5: 9C10452000CBBED8366D005C26A46E00A2CA36C3]
[u] c:\windows\system32\ole2nls.dll	[PX5: 09B13294B021FA9E558F026E08072F00900228B5]
[u] c:\windows\system32\olecli.dll	[PX5: B5F4F24400858B0246DF0121D0BC320031CB25FD]
[u] c:\windows\system32\olesvr.dll	[PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F]
[u] c:\windows\system32\panmap.dll	[PX5: 82434ADA006A9EDB283200714DA25900A90B792C]
[u] c:\windows\system32\pathping.exe	[PX5: DB32D2D400CAC0BD58E800597717C400035340B7]
[u] c:\windows\system32\kbdru.dll	[PX5: 7E9E7F6F00689AD216A800B9E05CFE007379647D]
[u] c:\windows\system32\kbdru1.dll	[PX5: F78CD54300BE7A5716410073AD735B00BC18AAD7]
[u] c:\windows\system32\kbdycc.dll	[PX5: D5D525F30029A795163300526880C200CEFEEB97]
[u] c:\windows\system32\kbdur.dll	[PX5: F67486210059386D16530005D2674D0049AFC121]
[u] c:\windows\system32\kbdkaz.dll	[PX5: 9C60E7270020E3381611009CFCA71800B367CE4F]
[u] c:\windows\system32\kbduzb.dll	[PX5: 08CBFA1B009B5FC9162B00341E918C00437DEA64]
[u] c:\windows\system32\kbdaze.dll	[PX5: 9B72CA830012D1061679007C84FE8800C4F6549E]
[u] c:\windows\system32\kbdtat.dll	[PX5: 57244493000E4A0A166900B8D1F1A400CB7C2EEE]
[u] c:\windows\system32\kbdmon.dll	[PX5: 590AFBD300F132321664000844395400B2DD7613]
[u] c:\windows\system32\kbdkyr.dll	[PX5: 0FB75D67000B1AE21611002F983C48000D4B729B]
[u] c:\windows\system32\perfnw.dll	[PX5: 5B7BD89D00CF445716BF00A78523C7009F85134F]
[u] c:\windows\system32\pifmgr.dll	[PX5: 1D1E2515002D40F98AE600A417A793008C16C21D]
[u] c:\windows\system32\ping6.exe	[PX5: E85E900B00A1BA7E84A80030DFE16B00ECC7AB3F]
[u] c:\windows\system32\plustab.dll	[PX5: FA9BF76500A83A1678E500D926C7170058367E58]
[u] c:\windows\system32\pmspl.dll	[PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93]
[u] c:\windows\system32\prflbmsg.dll	[PX5: D73CF96B00561B2A465900894BEB8E0086109E9C]
[u] c:\windows\system32\print.exe	[PX5: 58C5064400E46753241F0026DEFDC400C59495C7]
[u] c:\documents and settings\me\impostazioni locali\temp\nsv59e.tmp\system.dll	[PX5: DBA0831C006BD10B283E00AE3D1A680042DAA1A3]
[u] c:\windows\system32\psnppagn.dll	[PX5: A9455AA300B76328206A008264082B00786A2043]
[u] c:\windows\system32\qosname.dll	[PX5: 3B881B9400403ACB2036003533585000C8DC08DD]
[u] c:\windows\system32\rasautou.exe	[PX5: 073BF7D4002FAA822EB30020FA40FF002798F70A]
[u] c:\windows\system32\rasdial.exe	[PX5: 8E03551B0027E8D42E16003F40470300DF228951]
[u] c:\windows\system32\rasmontr.dll	[PX5: 5EFCD02C009A94B04CEE020963240D006211D43F]
[u] c:\windows\system32\rasmxs.dll	[PX5: CA7649DA00CA55BE58650061B2F99600AF38F0E3]
[u] c:\windows\system32\rasrad.dll	[PX5: 151345050063D9585CD4005AF61A1000175757E3]
[u] c:\windows\system32\rasser.dll	[PX5: 8B74EB6C005C5DA53293002798B87C0063B6FFA9]
[u] c:\windows\system32\drivers\rawwan.sys	[PX5: 3623B25780ED679386B1006F511AA700A8DBED63]
[u] c:\windows\system32\recover.exe	[PX5: FAD8ED58001F25BA1CD20093F9699A00D6B3F4BE]
[u] c:\windows\system32\regedt32.exe	[PX5: 5F666904007EF47D0EEF00DEA6EA0000B79BCD14]
[u] c:\windows\system32\regwiz.exe	[PX5: 005D1C7F005FD1421250007D29C16F0094D14B57]
[u] c:\windows\system32\relog.exe	[PX5: 415C16A2005019B8847D00F136A51A00D90C9F94]
[u] c:\windows\system32\rend.dll	[PX5: 7C449AC8006ECBE5A4C5016FB47FF9009A3AE71F]
[u] c:\windows\system32\replace.exe	[PX5: 4FF2D81E006A9B2A3299003E2DA87B001A343D41]
[u] c:\windows\system32\drivers\rio8drv.sys	[PX5: 689BF8B80051228F2F8000540597A5009049C8B5]
[u] c:\windows\system32\drivers\riodrv.sys	[PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7]
[u] c:\windows\system32\rnr20.dll	[PX5: 0408AABF00AD1CD40C64008EBFD8A800B79BCD14]
[u] c:\windows\system32\drivers\rootmdm.sys	[PX5: F3E7979300A8EEA3177100743639FF0080591A18]
[u] c:\windows\system32\route.exe	[PX5: 84958A9500289CDA52A6001BCA4EB40057400E7A]
[u] c:\windows\system32\routemon.exe	[PX5: 4341611B0085F58A64BD0070A6DB9F0090820F7E]
[u] c:\windows\system32\routetab.dll	[PX5: 8E7D33650076C19B1AFA0070AD348700EE0C2E24]
[u] c:\windows\system32\rpcns4.dll	[PX5: 5BB0403400976F1356BC0073DC6DDF00FD9A758A]
[u] c:\windows\system32\rsfsaps.dll	[PX5: A83F991C0078B05B70D800A4E5C76A001237E50B]
[u] c:\windows\system32\rsm.exe	[PX5: FA316BCF000B02A4CE630054E512E200FF84D29D]
[u] c:\windows\system32\rsmsink.exe	[PX5: 3D269E7000AFAF5B600200C8B3DD6300817104C1]
[u] c:\windows\system32\rsmui.exe	[PX5: C1AE9A9100BD61ABC0D300A5320A7F00FE6A647A]
[u] c:\windows\system32\rsopprov.exe	[PX5: 52A96E5500A753C7F64A00BC5F3FED0046AD4E55]
[u] c:\windows\system32\rsvpmsg.dll	[PX5: BFF34EF400CF99BB6C1F001D8D7360006DEBB56E]
[u] c:\windows\system32\rtm.dll	[PX5: 29FCF43800EF1161805D01E1B052720021E21CAA]
[u] c:\windows\system32\runas.exe	[PX5: DC8BFE320070554B42CE005983C0F10083BCD01F]
[u] c:\windows\system32\sc.exe	[PX5: 18AC565A00FD9A7B7A3E0057919B90002615258F]
[u] c:\windows\system32\scardssp.dll	[PX5: BBE6956C00DEFBBED09D017C8DC2610008492107]
[u] c:\windows\system32\scoit.dll	[PX5: 6CFAB33330BB407D60D90039737CA100E12D525B]
[u] c:\windows\system32\scredir.dll	[PX5: 80F128F600A49C14680D0061FCC70700A9EE0593]
[u] c:\windows\system32\scriptpw.dll	[PX5: C3E79BBD006D878628BF0031096C500061FC6A52]
[u] c:\windows\system32\scrrnit.dll	[PX5: 5D2157E032708907600700B1C7F6E10036FED01E]
[u] c:\windows\system32\sdpblb.dll	[PX5: 5A351F4B00F0D5EAFCB1011BAE3B1C00F43EAB07]
[u] c:\windows\system32\serialui.dll	[PX5: 5B8E3AD70048CA563AAC00B9A3135500CE747FE3]
[u] c:\windows\system32\serwvdrv.dll	[PX5: 333C393F004074D63A01009289D1B9001CF63C09]
[u] c:\windows\system32\setupdll.dll	[PX5: E5E0965D002355945E97064AECABE1003585EB2A]
[u] c:\windows\system32\setver.exe	[PX5: CC846963C31918572E88007E55285C00DBD8EDF9]
[u] c:\windows\system32\sfc.exe	[PX5: 845E610C000EDEE7282D0020F754BC00E632D4B5]
[u] c:\windows\system32\sfmapi.dll	[PX5: FDC3472B00CAD4085C0A006DCFB3A20086BEAC28]
[u] c:\windows\system32\share.exe	[PX5: 68062C0E72CE86AB03780001B5B47F00DC855A06]
[u] c:\windows\system32\sisbkup.dll	[PX5: FB99A7550065F075364300B2346CEE0039F770F2]
[u] c:\windows\system32\skdll.dll	[PX5: 743D46BE00A7FBD1163D007BFAC9F400EA2FE43D]
[u] c:\windows\system32\slbrccsp.dll	[PX5: F5C9E377005CB34D3CC50035F47D03007EFF86DF]
[u] c:\windows\system32\drivers\smclib.sys	[PX5: 8A9722BD003AC63939580092009AC20088FC78D8]
[u] c:\windows\system32\softpub.dll	[PX5: F195FD93008423D1165800B78E475500D6E40F59]
[u] c:\windows\system32\spnike.dll	[PX5: 99092AC800B95387106001B9947B870061A888C2]
[u] c:\windows\system32\sprio600.dll	[PX5: EC32816D00CAB07514FB014882329300CD6D9802]
[u] c:\windows\system32\sprio800.dll	[PX5: ED26A9C200020FF41AD901E7578A220075886C66]
[u] c:\windows\system32\sqlwid.dll	[PX5: B093CF0A1B5445C96052006431D8C7002B11BDF9]
[u] c:\windows\system32\sqlwoa.dll	[PX5: 69487F1D1B401CB7C0C2005765E5B1005EC2274D]
[u] c:\windows\system32\storage.dll	[PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292]
[u] c:\windows\system32\subst.exe	[PX5: BA677B8C005AD7C924CD0036E3ACC60076D8542B]
[u] c:\windows\system32\svcpack.dll	[PX5: 35CC295C00E1D4A118A10075B36A9B003E044349]
[u] c:\windows\system32\swprv.dll	[PX5: D41A6178006E0E581E66026FDF4D2F003047EC2C]
[u] c:\windows\system32\syncapp.exe	[PX5: E34EA18E003E8C6EC8FA00E884C83D00C14BA38C]
[u] c:\windows\system32\sysedit.exe	[PX5: 48EBFA4F6771787B4B6600FBD5C7AF009D2F3E6A]
[u] c:\windows\system32\sysinv.dll	[PX5: 560E63A100E374613E20008721EE29003C5157ED]
[u] c:\windows\system32\syskey.exe	[PX5: 1B8610A40092A668924800A1C95DD3005950DB1C]
[u] c:\windows\system32\tapi.dll	[PX5: EE5CF04A00F6C1534B5500976A056A00B9458478]
[u] c:\windows\system32\tapiui.dll	[PX5: 2FD8C31A0010857750EB01AEE8B36E00E631A8D8]
[u] c:\windows\system32\taskman.exe	[PX5: 3F2A394F00E022653CEA00BD2EAB5600006CD7F7]
[u] c:\windows\system32\tcmsetup.exe	[PX5: 0A2189FB004EF5EC3238005BF620B40046A23963]
[u] c:\windows\system32\tcpsvcs.exe	[PX5: 67AA759E004C70D04C7F00C5C1C4F70009E2F216]
[u] c:\windows\system32\telephon.cpl	[PX5: EAA4FBDC00B97C6E6E7E008543C54B002A19C0EB]
[u] c:\windows\system32\tftp.exe	[PX5: 8835A79100B0226D44F100D59B3E0400B19607DF]
[u] c:\windows\system32\toolhelp.dll	[PX5: 87219368400265353643009B30E21C003936EBD7]
[u] c:\windows\system32\drivers\tosdvd.sys	[PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE]
[u] c:\windows\system32\tracert6.exe	[PX5: 107ACA8D0004AA7D7E39000D5F25EB00AE9DDD2A]
[u] c:\windows\system32\drivers\tsbvcap.sys	[PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD]
[u] c:\windows\system32\tsd32.dll	[PX5: 987997CF00B055B33C8D000A392BC4002C255B4F]
[u] c:\windows\twain.dll	[PX5: A27BE63E602EB21172A80198A1207F0013B910A1]
[u] c:\windows\twunk_16.exe	[PX5: F36A27171006EDD2C23C0094956AFB0056981184]
[u] c:\windows\twunk_32.exe	[PX5: 5D53387700CBFAF764B000A2172748007BC630AF]
[u] c:\windows\system32\typelib.dll	[PX5: C0620321C004C14EB60D020DCCE16200701F9AEA]
[u] c:\windows\system32\typeperf.exe	[PX5: F6F17B700046868192F2006CF0460F00D3D78179]
[u] c:\windows\system32\ufat.dll	[PX5: E1F0D54100187CFA4295014192528700FA283031]
[u] c:\windows\system32\umdmxfrm.dll	[PX5: 6B37195800BBCADC34F3008CAF26D3000A7FB4E2]
[u] c:\windows\system32\unlodctr.exe	[PX5: B1ACD2830091C7CF102C0077FDE76000B79BCD14]
[u] c:\windows\system32\ureg.dll	[PX5: 40EB02030059304E460F008633E6290042BF4B01]
[u] c:\windows\system32\vbsit.dll	[PX5: 85149F4630B1E8D160F2005A709C39005605A9E5]
[u] c:\windows\system32\vcdex.dll	[PX5: 0E0F742F00A896FB1E4E003B3C2E07007421EAED]
[u] c:\windows\system32\drivers\vdmindvd.sys	[PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF]
[u] c:\windows\system32\ver.dll	[PX5: 92D3F081D312817123B8004A4A48DC00442A6851]
[u] c:\windows\system32\verifier.exe	[PX5: E1A2F01E004E29308E70017243870300A76A1DBB]
[u] c:\windows\system32\vfpodbc.dll	[PX5: 8D89E13037A1B4C450B1002DDDE82A0017C24646]
[u] c:\windows\fonts\vgaoem.fon	[PX5: 6CA95C4D3080777B140100C1C8350800A078F465]
[u] c:\windows\system32\vjoy.dll	[PX5: D286A0960086839812D6002870F0FF000FC9523F]
[u] c:\windows\system32\vss_ps.dll	[PX5: A5E867BA005B2F5342B8008937BB7300FE60BBE7]
[u] c:\windows\system32\vssadmin.exe	[PX5: CD77247800A711D18448004A4C3BDF00C6D8B1E7]
[u] c:\windows\system32\vwipxspx.dll	[PX5: C131DD3D00BFFDF24CDA00848840E800711E306A]
[u] c:\windows\system32\vwipxspx.exe	[PX5: F773625B744A8F7B042400A2998D2E00B79BCD14]
[u] c:\windows\system32\w32tm.exe	[PX5: BB6EFD6900672B9FCCCC001305D6EA006C72D3FB]
[u] c:\windows\system32\webhits.dll	[PX5: 77C7549F00B02E68A0830037FA360900F3E6870E]
[u] c:\windows\system32\wiasf.ax	[PX5: BEEB200C00716B439E9E00E632314E00E293AE62]
[u] c:\windows\system32\wiavusd.dll	[PX5: CC2C64DB009D9F813874022307DBEE003E1E8A5C]
[u] c:\windows\system32\wifeman.dll	[PX5: 88232AF200852544242E00CD95A0FD0002EE7140]
[u] c:\windows\system32\win87em.dll	[PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F]
[u] c:\windows\system32\win.com	[PX5: 4E1E179E00A1B00F481B003D92602E007213FB7F]
[u] c:\windows\system32\winfax.dll	[PX5: 1C7F1A930009050E24C200B8704D5100A126C26C]
[u] c:\windows\winhelp.exe	[PX5: CE4758B55BC6012FEB2303D72C946900E7446DFD]
[u] c:\windows\system32\winhlp32.exe	[PX5: 959922AE00476AA820F300DF4BE16100DEFA2832]
[u] c:\windows\system32\winmsd.exe	[PX5: 2AC194120007524F2EEA003A8F5AE300B146CA6A]
[u] c:\windows\system32\winsock.dll	[PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14]
[u] c:\windows\system32\winspool.exe	[PX5: F5BB157440E5748C08D600021F9AD300B79BCD14]
[u] c:\windows\system32\winstrm.dll	[PX5: A28B81D200D5D4D8526C00229DB14A000D8ACBD3]
[u] c:\windows\system32\wmerrita.dll	[PX5: 8A34235D00AC92A7E0440092B47FA100165D02CE]
[u] c:\windows\system32\wmiprop.dll	[PX5: 38D580FF00291BD74AC4003F048E500087980CDD]
[u] c:\windows\system32\wmiscmgr.dll	[PX5: E91D8ACF00D4DD20DC720020927B910036DD2AB6]
[u] c:\windows\system32\wowdeb.exe	[PX5: C1613D5DB0A80A260ABB006471357400B79BCD14]
[u] c:\windows\system32\wowfax.dll	[PX5: 189AEFAF802D73790CD7007E71B0C700B79BCD14]
[u] c:\windows\system32\wowfaxui.dll	[PX5: 50FD453B0082D3D1387E0069EC5CD6003AAF27C0]
[u] c:\windows\system32\drivers\ws2ifsl.sys	[PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545]
[u] c:\windows\system32\wshatm.dll	[PX5: AB33A7F400D0B9B22452001B0A9A62007D8946D7]
[u] c:\windows\system32\wshisn.dll	[PX5: 181A93030081DC642E79005B77A90C00564D61B7]
[u] c:\windows\system32\wshnetbs.dll	[PX5: 0B83A119000A99EB1CE9006990E88A00848A7CBB]
[u] c:\windows\system32\wupdmgr.exe	[PX5: 0D7ADEAF00C0A6797E4400E6788704005199B257]
[u] c:\windows\system32\ctl3d32.dll	[PX5: FC3528660045E00E6A0C00635FEFF200D16F8729]
[u] c:\windows\system32\d3dramp.dll	[PX5: 9D3CF90F00EBE45B0296095363D8D400F527F57E]
[u] c:\windows\system32\drivers\fsvga.sys	[PX5: 78ACD409008333CF30C90046F776F800BAB458CE]
[u] c:\windows\system32\idndl.dll	[PX5: 61E0320500ECAE9B66FE004F233969009BE70567]
[u] c:\windows\system32\l3codecx.ax	[PX5: 997E95DB00B47DE44618015A5D379D00AC2785D5]
[u] c:\windows\system32\lnkstub.exe	[PX5: B7EEE0D400145875687200521BB55C0029DB8F26]
[u] c:\windows\system32\migpwd.exe	[PX5: 336A1A2A00F484F6CC3500BCD852650080D020FF]
[u] c:\windows\system32\msfeedssync.exe	[PX5: FA0E4E60004D610F30FB00727688CF008D2D9800]
[u] c:\windows\system32\msr2c.dll	[PX5: A604F9A300FDBCC4101901D751665500520647C7]
[u] c:\windows\system32\msr2cenu.dll	[PX5: 2C9DB74400747F6E1C580080B256FE00460E35DF]
[u] c:\windows\system32\msrclr40.dll	[PX5: 0B3ACE4A4A26088C205901F2E00DCD0082B4AAC1]
[u] c:\windows\system32\msrecr40.dll	[PX5: 8713FF0D4A8F84F970B1008FBC4042008D92F865]
[u] c:\windows\system32\msvcrt20.dll	[PX5: 6566538900FFFAB7E0D703DC77F39900C0D36C47]
[UP] c:\windows\system32\nhelper.exe	[PX5: 079EEC0E00102765A63200D45E5D3B000F8F5CB1]
[u] c:\windows\system32\nlsdl.dll	[PX5: A241FEE800B5407C605300CCC4620600715D2FFE]
[u] c:\windows\system32\osuninst.exe	[PX5: 15811BF900720B5EA04E00A32D10BF00E9AAC7D2]
[u] c:\windows\system32\paqsp.dll	[PX5: CFF5BD7A000F465868EE02B7F6EC6200E5FC949C]
[u] c:\windows\system32\pentnt.exe	[PX5: 9911CD37009E1BF33C3400A20578F60082519B56]
[u] c:\windows\system32\rdpcfgex.dll	[PX5: 648184F200AE0568123C00C1F661D900A8042FB8]
[u] c:\windows\system32\wbem\winmgmtr.dll	[PX5: D47427AE00F6C8BD44BB0069DFB3CE00E557B805]
[u] c:\windows\system32\usrcntra.dll	[PX5: 114DC3B03CADF53EF0E500B0109D2800348FA0AD]
[u] c:\windows\system32\usrcoina.dll	[PX5: 51B8010B43DA8A93105B011D8DC7090004CCBE52]
[u] c:\windows\system32\usrdpa.dll	[PX5: 1A2C212842C286DC30EB016869B8EE0001657092]
[u] c:\windows\system32\usrdtea.dll	[PX5: F08EFB65392E343BF0B10471443E2F003B21FB49]
[u] c:\windows\system32\usrfaxa.dll	[PX5: 9882066F39AA3AED506A017693849A009709731B]
[u] c:\windows\system32\usrlbva.dll	[PX5: F3EF7D6B39F01C1AD070009BB622ED00F0667E8B]
[u] c:\windows\system32\usrmlnka.exe	[PX5: 875743FC4374140730F5013A65F269004FCAFAE7]
[u] c:\windows\system32\usrprbda.exe	[PX5: 2DE730A944775F19F07C0038288B24009F1357D0]
[u] c:\windows\system32\usrrtosa.dll	[PX5: 632368733B345AB030840176289F7A000917C72D]
[u] c:\windows\system32\usrsdpia.dll	[PX5: 391E6D863B547BA4C05C00AA74A9C100C649DD26]
[u] c:\windows\system32\usrshuta.exe	[PX5: BF8E9F49445F76501093018A4F91D7004F29A4A0]
[u] c:\windows\system32\usrsvpia.dll	[PX5: 0EAEEE7A3BA2956AA02100FA28A172003C5D8C52]
[u] c:\windows\system32\usrv42a.dll	[PX5: 8FB8F48839B81AED908201D99708C900B31AE85B]
[u] c:\windows\system32\usrv80a.dll	[PX5: 3E101E1839C4CFFEC00900D048B7940018D7E028]
[u] c:\windows\system32\usrvoica.dll	[PX5: 918ABC413CBB8D91B03800A09723AD00FD9982D4]
[u] c:\windows\system32\usrvpa.dll	[PX5: 879D6E703B8B1009C09F001E2B1066001B7F3862]
[u] c:\windows\vmmreg32.dll	[PX5: 335647CF0034A84E4AE000B273D0BD00326B6A91]
[u] c:\windows\fdsv.exe	[PX5: 6F7A62FCA077B08A5D6001A3FD295E0099F540C9]
Darshee è offline   Rispondi citando il messaggio o parte di esso
Old 13-03-2009, 19:39   #16
wjmat
Senior Member
 
L'Avatar di wjmat
 
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
x Darshee

i log caricati secondo le regole di sezione, grazie
wjmat è offline   Rispondi citando il messaggio o parte di esso
Old 13-03-2009, 20:53   #17
Darshee
Junior Member
 
Iscritto dal: Mar 2009
Messaggi: 11
Mi spiace ma posso solo metterli sotto CODE: per qualche motivo non mi funziona l'upload nei siti indicati (e nemmeno come allegati nelle email).

Se ci sono altri modi alternativi che mi sono sfuggiti fatemi sapere per favore così li metto giusti...

Edit: mi accorgo ora che è arrivato il post con la prima parte del log di prevxcsi (prima mi compaivasolo una pagina bianca); lo tolgo o aggiungo anche la seconda parte?

Ultima modifica di Darshee : 13-03-2009 alle 21:30.
Darshee è offline   Rispondi citando il messaggio o parte di esso
Old 13-03-2009, 22:45   #18
wjmat
Senior Member
 
L'Avatar di wjmat
 
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
hjt non è completo
per caricarlo negli allegati va rinominato in .txt perchè originariamente viene salvato come .log
wjmat è offline   Rispondi citando il messaggio o parte di esso
Old 17-03-2009, 18:26   #19
Darshee
Junior Member
 
Iscritto dal: Mar 2009
Messaggi: 11
Ora ho disinstallato il firewall e riesco a uploadare i files... Che faccio, li cancello dai log precedenti e li metto tutti qui?

Quello di HJT di quel giorno è tutto lì...
Se può servire fatto ora, l'ho messo qui
Darshee è offline   Rispondi citando il messaggio o parte di esso
Old 18-03-2009, 21:03   #20
bozzato
Senior Member
 
L'Avatar di bozzato
 
Iscritto dal: Feb 2009
Messaggi: 479
navigavo dal cel e scaricando qualcosa ho infettato la memory sd...
messa sul pc, per cautela, l'ho scansionata con avast...
a trovato su 2 serial di avast (scaricati dal cel) virtumonde TT e vitro...

la memory l'ho inserita nel pc con shift premuto...(quindi senza autoplay)...
domani farò subito una scansione con MBAM...

ho il pc nuovo e...mi secca essere colpito già di brutto...


secondo voi sono molte le possibilità che sono ancora infetto?
domani farò tutta la guida....



20:36

"...Premessa:
Virtumonde è un Trojan che fa comparire principalmente fastidiose finestre popup, grandi come tutto lo schermo, che pubblicizzano programmi Antispyware truffa, grossi rallentamenti del pc, sostituzione dello screensaver con uno che riproduce i crasch di sistema con schermate blu (BSOD), ecc..
E' correlato al Trojan horse WinFixer...."
nessuna di questi segnali mi succedono...



PS:mi scuso con chill-out....non mi sn ricordato della disc
bozzato è offline   Rispondi citando il messaggio o parte di esso
 Rispondi


Guida all'acquisto e offerte: confronto fra i migliori smartphone di fascia alta Guida all'acquisto e offerte: confronto fra i mi...
E’ Federico Borella il Photographer of the year 2019 E’ Federico Borella il Photographer of the year ...
Darktrace, la protezione per le aziende basata sull'intelligenza artificiale Darktrace, la protezione per le aziende basata s...
MSI P65 Creator 8RF: pensato per i creativi. La recensione MSI P65 Creator 8RF: pensato per i creativi. La ...
Xiaomi Mi 9 Italia: sempre meglio soprattutto con la fotocamera. La recensione Xiaomi Mi 9 Italia: sempre meglio soprattutto co...
Asus ROG Rapture GT-AX11000: il Wi-Fi 6 ...
Leica APO-Summicron-SL 35 f/2 ASPH.: ora...
Apple: un nuovo iPhone 8 aggiornato nel ...
Ulefone Note 7, con tripla fotocamera e ...
GIGABYTE, dissipatore Aorus ATC800: desi...
Vodafone propone ''tutto illimitato'' co...
Dropbox e Google Suite insieme per crear...
Canon: la nuova reflex per sostituire la...
Il mercato italiano dell'Internet of Thi...
Canon: una mirrorless full-frame più eco...
Notre Dame: anche Apple si impegna nelle...
OnePlus 7 Pro: ecco le possibili specifi...
Samsung Galaxy Fold: gravi problemi al d...
Samsung sperimenta i chip del futuro, co...
Smartphone 5G: pochi nel 2019, ma oltre ...
Skype
Avira Free Security Suite
EZ CD Audio Converter
AIDA64 Extreme Edition
K-Lite Codec Pack Update
K-Lite Mega Codec Pack
K-Lite Codec Pack Full
K-Lite Codec Pack Standard
K-Lite Codec Pack Basic
WinRAR
VirtualBox
Backup4all
Chromium
Windows 7 Codec Pack
Windows 10 Manager
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi

Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 16:25.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Served by www2v