www.MegaLab.it

[rednax]

salve a tutti,
è il mio primo post, e dal titolo si capisce che sono un po alterato.....
il problema è che da qualche giorno mi è entrato qualche virus nel pc che ha fatto tanti casini.
ho windows xp con SP3 e al momento dell'intrusione avevo avira antivirus.
dopo l'intrusione ho cancellato avira e messo kaspersky.
dopo un po di battaglie qualche virus l'ho cacciato fuori, ma mi resta ancora qualcosa e proprio non riesco a risolvere.
attualmente la mia protezione è: kaspersky internet antivirus, spywareterminator.
l'ultima scansione con prevx mi rileva quanto segue:

[B<00210020>] c:\windows\system32\ovfsthpcguyudmfyqurj... 08872D6200DA1951486600A31F618100BCF36FDF... Group: High Risk Cloaked Malware

[B<00210020>] c:\windows\system32\drivers\ovfsthhdlhno... 2E6BE300005C8BF8484901E0DAE2F300C8EEF246... Group: High Risk Cloaked Malware

[B<00210020>] c:\windows\system32\ovfsthqqdwtpowhahdqp... 39623C04000F0DA8EE5B0016DF65EC0075CEFB4D... Group: High Risk Cloaked Malware

[B<00210020>] c:\windows\system32\ovfsthlddnohrrrcdkxs... EC86CEC4007CA2A24AE50068B086880004F51596... Group: High Risk Cloaked Malware

ho usato, con la speranza di rimuoverli, questi programmi; kaspersky antivirus, spyware terminator, spybot, sophos,malwarebytes antimalware, avz, cClean, hijackthis, e sicuramente ne dimentico qualcuno.
ho provato a cancellarli anche manualmente ma segunedo il percorso anche con la spunata a "visualizza cartelle e file nascosti" non li trovo.
con sophos quando provo a scansionare mi da questi errori:
Warning: Error reading list of user profiles. You may not have access rights to the whole registry.
Error: Unable to open any local hard drives. Disk scan may not be supported on this version of Windows.

altro messaggio di errore quando provo ad installare qualche software:
exception processing message c0000013 parameters 75b1bf7c 75b1bf7c 75b1bf7c

e per finire, se metto una chiavetta usb nel pc, il pc non la rileva, ovvero si sente anche il suono del dispositivo che si collega ma non lo legge.
mentre i cd partono da soli se li metto su, quindi secondo me il problema non è l'autorun ma i dispostivi dotati di memoria.

vi prego non ditemi che devo formattare, non voglio la vittoria della macchina sull'uomo.
p.s. sono arrivato quà grazie ad un suggerimento sul forum di ubuntu, visto che l'idea era quella di far partire ubuntu in dualboot e risolvere il tutto.

per finire, ecco come si presentava il mio pc prima della battaglia:

[B] c:\windows\system32\ovfsthpcguyudmfyqurjcuoadvtmqdturcwtet.dll [PX5: 08872D6200DA1951486600A31F618100BCF36FDF] Malware Group: High Risk Cloaked Malware
[B] c:\windows\system32\ovfsthqqdwtpowhahdqpgqponcacsejahllcuk.dll [PX5: 39623C04000F0DA8EE5B0016DF65EC0060BBFF5E] Malware Group: High Risk Cloaked Malware
[B] c:\windows\system32\ovfsthlddnohrrrcdkxsdvuaucpvjllegjyiva.dll [PX5: EC86CEC4007CA2A24AE50068B086880004F51596] Malware Group: High Risk Cloaked Malware
[BP] c:\windows\system32\sdra64.exe [PX5: FC3371E3006B4BE7E69B0599A73BE400FEAD09C0] Malware Group: Low Risk Adware
[BP] c:\windows\system32\__c0090874.dat [PX5: EA0B8A830080764D6C740095B59E1B002311ABE7] Malware Group: High Risk Fraudulent Security Program
[BP] c:\windows\temp\arag4qgfgdf.exe [PX5: 78DE81F09823DE1F3AB700DDBC9CC4006E63284A] Malware Group: Medium Risk Malware Downloader
[BP] c:\windows\temp\wqiil.exe [PX5: 78DE81F09923DE1F3AB700DDBC9CC4004473FDA5] Malware Group: Medium Risk Malware Downloader
[B] c:\windows\system32\drivers\utm2mtcz.sys [PX5: 16590770003B863E1CA000B5C14F3D00CCFB2D16] Malware Group: High Risk Cloaked Malware

[ste_95]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[rednax]

allora, ecco com è andata la scansione con combofix:

ComboFix 09-05-07.03 - _AAA_ 07/05/2009 20.32.16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.690 [GMT 2:00]
Eseguito da: c:\documents and settings\_Fioreste_\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated)
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\windows\system32\1.tmp
c:\windows\system32\drivers\ovfsthhdlhnofoofdoblalyuyrlvxsykbxqvuu.sys
c:\windows\system32\ovfsthglykewjghaqjosxahbpxnpxihamtidpu.dat
c:\windows\system32\ovfsthlddnohrrrcdkxsdvuaucpvjllegjyiva.dll
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthpcguyudmfyqurjcuoadvtmqdturcwtet.dll
c:\windows\system32\ovfsthqqdwtpowhahdqpgqponcacsejahllcuk.dll
c:\windows\system32\ovfsthrnbbawvlavxrharhtoicoajtstorjkxh.dat

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthplcntjuaiupukoukaswgklynsvkxeeqg


((((((((((((((((((((((((( Files Creati Da 2009-04-07 al 2009-05-07 )))))))))))))))))))))))))))))))))))
.

2009-05-07 18:30 . 2009-05-07 18:37 196640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 18:30 . 2009-05-07 18:41 494624 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-06 16:00 . 2009-05-06 16:00 -------- d-----w c:\documents and settings\_AAA_\Dati applicazioni\Help
2009-05-06 16:00 . 2009-05-06 16:00 -------- d-----w c:\documents and settings\_AAA_\Impostazioni locali\Dati applicazioni\Help
2009-05-06 15:32 . 2009-05-06 15:39 -------- d--h--r c:\documents and settings\_AAA_\Recent
2009-05-06 15:27 . 2009-05-06 15:27 -------- d-----w c:\programmi\Sophos
2009-05-05 16:20 . 2009-05-05 16:20 -------- d-----w c:\programmi\Crawler
2009-05-05 16:20 . 2009-05-05 16:20 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-05 16:20 . 2009-05-07 18:20 -------- d-----w c:\documents and settings\_AAA_\Dati applicazioni\Spyware Terminator
2009-05-05 16:20 . 2009-05-05 16:29 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-05-05 16:20 . 2009-05-07 18:22 -------- d-----w c:\programmi\Spyware Terminator
2009-05-05 16:03 . 2009-05-05 16:03 -------- d-----w c:\programmi\CCleaner
2009-05-04 16:56 . 2009-05-04 16:56 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-05-04 16:48 . 2009-05-04 16:49 -------- d-----w c:\programmi\TritaFile
2009-05-04 15:04 . 2009-05-04 17:02 -------- d-----w c:\programmi\a-squared Anti-Malware
2009-04-29 21:34 . 2009-05-05 16:19 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-29 21:34 . 2009-05-05 16:19 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-29 15:58 . 2009-04-29 15:58 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-04-29 15:58 . 2009-04-29 15:58 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-04-29 15:58 . 2009-04-29 15:58 -------- d-----w c:\programmi\Prevx
2009-04-29 15:57 . 2009-05-05 16:53 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-04-27 18:27 . 2009-04-27 18:37 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 18:27 . 2009-04-27 18:37 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 18:26 . 2009-04-27 18:26 -------- d-----w c:\programmi\Kaspersky Lab
2009-04-27 18:26 . 2009-05-07 18:41 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-27 18:23 . 2009-04-27 18:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-04-27 18:18 . 2009-04-27 18:18 153744 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-27 18:17 . 2009-04-27 18:17 -------- d-----w c:\programmi\MSBuild
2009-04-27 18:17 . 2009-04-27 18:17 -------- d-----w c:\windows\system32\XPSViewer
2009-04-27 18:17 . 2009-04-27 18:17 -------- d-----w c:\programmi\Reference Assemblies
2009-04-27 18:17 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-27 17:06 . 2009-04-27 17:06 -------- d-----w c:\documents and settings\_AAA_\Dati applicazioni\Malwarebytes
2009-04-27 17:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 17:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 17:06 . 2009-04-27 17:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-27 17:05 . 2009-04-27 17:06 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-27 15:55 . 2009-04-27 15:55 -------- d-----w c:\programmi\Trend Micro
2009-04-24 16:29 . 2009-04-24 16:29 -------- d-----w c:\documents and settings\_AAA_\Dati applicazioni\vlc
2009-04-24 16:27 . 2009-04-24 16:27 -------- d-----w c:\programmi\VideoLAN
2009-04-21 17:36 . 2009-04-21 17:36 361344 ----a-w c:\windows\system32\dllcache\TCPIP.SYS
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\documents and settings\_AAA_\Impostazioni locali\Dati applicazioni\Conduit
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\programmi\Conduit
2009-04-19 15:48 . 2009-04-25 14:08 -------- d-----w c:\documents and settings\_AAA_\Impostazioni locali\Dati applicazioni\Gossiper
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\programmi\Gossiper
2009-04-19 15:48 . 2009-04-19 15:55 -------- d-----w c:\programmi\BitTorrent Acceleration Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 18:41 . 2009-05-07 18:30 5992 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 18:37 . 2009-05-07 18:30 1752 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-04 09:48 . 2009-02-26 17:32 -------- d-----w c:\programmi\eMule
2009-04-27 18:37 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-27 18:21 . 2009-02-26 16:10 65336 ----a-w c:\documents and settings\_Fioreste_\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-27 18:18 . 2001-08-31 11:00 80664 ----a-w c:\windows\system32\perfc010.dat
2009-04-27 18:18 . 2001-08-31 11:00 482224 ----a-w c:\windows\system32\perfh010.dat
2009-04-21 17:36 . 2009-04-21 17:36 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-04-21 17:36 . 2007-01-03 10:51 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-03-27 22:19 . 2009-03-22 18:36 230432 ----a-w C:\SPC230NC.DAT
2009-03-22 18:26 . 2009-03-22 18:25 -------- d-----w c:\programmi\Philips
2009-03-22 18:25 . 2009-03-22 18:25 -------- d-----w c:\programmi\ArcSoft
2009-03-22 18:25 . 2009-02-26 16:43 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-04 14:10 . 2009-03-04 14:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 19:35 . 2009-02-27 19:35 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-26 18:24 . 2009-02-26 18:24 0 ----a-w c:\windows\nsreg.dat
2009-02-26 16:37 . 2009-02-26 16:05 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-26 16:05 . 2001-08-31 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-26 16:02 . 2009-02-26 16:02 21840 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2007-01-03 10:51 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 11:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-04-21 17:36 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-21 17:36 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "c:\programmi\Gossiper\tbGoss.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0A452A47-C5A8-4854-A237-4B9B06B376F0}"= "c:\programmi\Gossiper\tbGoss.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-04 148888]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-27 206088]
"a-squared"="c:\programmi\a-squared Anti-Malware\a2guard.exe" [2009-02-25 2799760]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-05 2176000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-01-03 123904]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-26 113664]
PLANET WL-8315 Utility.lnk - c:\programmi\PLANET\Common\RaUI.exe [2009-2-27 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/04/2009 17.58.01 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [29/04/2009 17.58.01 27656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [05/05/2009 18.20.26 142592]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [29/04/2009 17.58.01 4403256]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S3 Dac48esd;Dac48esd; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp c:\windows\system32\4.tmp
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [22/03/2009 20.25.12 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [22/03/2009 20.25.12 461056]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {197DFD3A-4341-4512-97C6-5F119DEE6AAE} = 85.37.17.9,85.38.28.75
TCP: {F053A095-089D-4D3A-9DF0-5E31C852B799} = 192.168.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\_Fioreste_\Dati applicazioni\Mozilla\Firefox\Profiles\vrs96pgh.fiore\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xwsg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 20:42
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\a-squared Anti-Malware\a2service.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-07 20.44.22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-07 18:44

Pre-Run: 27.323.748.352 byte disponibili
Post-Run: 27.239.411.712 byte disponibili

213

alla fine del processo ho avviato di nuovo combofix e il secondo log generato è questo:

ComboFix 09-05-07.03 - _AAA_ 07/05/2009 21.15.00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.604 [GMT 2:00]
Eseguito da: c:\documents and settings\_Fioreste_\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated)
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-04-07 al 2009-05-07 )))))))))))))))))))))))))))))))))))
.

2009-05-07 18:30 . 2009-05-07 19:15 237600 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 18:30 . 2009-05-07 19:11 845856 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-06 16:00 . 2009-05-06 16:00 -------- d-----w c:\documents and settings\_xxx_\Dati applicazioni\Help
2009-05-06 16:00 . 2009-05-06 16:00 -------- d-----w c:\documents and settings\_xxx_\Impostazioni locali\Dati applicazioni\Help
2009-05-06 15:32 . 2009-05-06 15:39 -------- d--h--r c:\documents and settings\_xxx_\Recent
2009-05-06 15:27 . 2009-05-06 15:27 -------- d-----w c:\programmi\Sophos
2009-05-05 16:20 . 2009-05-05 16:20 -------- d-----w c:\programmi\Crawler
2009-05-05 16:20 . 2009-05-05 16:20 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-05 16:20 . 2009-05-07 19:11 -------- d-----w c:\documents and settings\_xxx_\Dati applicazioni\Spyware Terminator
2009-05-05 16:20 . 2009-05-05 16:29 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-05-05 16:20 . 2009-05-07 19:11 -------- d-----w c:\programmi\Spyware Terminator
2009-05-05 16:03 . 2009-05-05 16:03 -------- d-----w c:\programmi\CCleaner
2009-05-04 16:56 . 2009-05-04 16:56 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-05-04 16:48 . 2009-05-04 16:49 -------- d-----w c:\programmi\TritaFile
2009-05-04 15:04 . 2009-05-04 17:02 -------- d-----w c:\programmi\a-squared Anti-Malware
2009-04-29 21:34 . 2009-05-05 16:19 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-29 21:34 . 2009-05-05 16:19 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-29 15:58 . 2009-04-29 15:58 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-04-29 15:58 . 2009-04-29 15:58 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-04-29 15:58 . 2009-04-29 15:58 -------- d-----w c:\programmi\Prevx
2009-04-29 15:57 . 2009-05-07 19:08 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-04-27 18:27 . 2009-04-27 18:37 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 18:27 . 2009-04-27 18:37 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 18:26 . 2009-04-27 18:26 -------- d-----w c:\programmi\Kaspersky Lab
2009-04-27 18:26 . 2009-05-07 18:50 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-27 18:23 . 2009-04-27 18:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-04-27 18:18 . 2009-04-27 18:18 153744 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-27 18:17 . 2009-04-27 18:17 -------- d-----w c:\programmi\MSBuild
2009-04-27 18:17 . 2009-04-27 18:17 -------- d-----w c:\windows\system32\XPSViewer
2009-04-27 18:17 . 2009-04-27 18:17 -------- d-----w c:\programmi\Reference Assemblies
2009-04-27 18:17 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-27 17:06 . 2009-04-27 17:06 -------- d-----w c:\documents and settings\_xxx_\Dati applicazioni\Malwarebytes
2009-04-27 17:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 17:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 17:06 . 2009-04-27 17:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-27 17:05 . 2009-04-27 17:06 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-27 15:55 . 2009-04-27 15:55 -------- d-----w c:\programmi\Trend Micro
2009-04-24 16:29 . 2009-04-24 16:29 -------- d-----w c:\documents and settings\_xxx_\Dati applicazioni\vlc
2009-04-24 16:27 . 2009-04-24 16:27 -------- d-----w c:\programmi\VideoLAN
2009-04-21 17:36 . 2009-04-21 17:36 361344 ----a-w c:\windows\system32\dllcache\TCPIP.SYS
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\documents and settings\_xxx_\Impostazioni locali\Dati applicazioni\Conduit
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\programmi\Conduit
2009-04-19 15:48 . 2009-04-25 14:08 -------- d-----w c:\documents and settings\_xxx_\Impostazioni locali\Dati applicazioni\Gossiper
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\programmi\Gossiper
2009-04-19 15:48 . 2009-04-19 15:55 -------- d-----w c:\programmi\BitTorrent Acceleration Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 19:15 . 2009-05-07 18:30 1892 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-07 19:11 . 2009-05-07 18:30 8736 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 09:48 . 2009-02-26 17:32 -------- d-----w c:\programmi\eMule
2009-04-27 18:37 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-27 18:21 . 2009-02-26 16:10 65336 ----a-w c:\documents and settings\_xxx_\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-27 18:18 . 2001-08-31 11:00 80664 ----a-w c:\windows\system32\perfc010.dat
2009-04-27 18:18 . 2001-08-31 11:00 482224 ----a-w c:\windows\system32\perfh010.dat
2009-04-21 17:36 . 2009-04-21 17:36 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-04-21 17:36 . 2007-01-03 10:51 361344 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-03-27 22:19 . 2009-03-22 18:36 230432 ----a-w C:\SPC230NC.DAT
2009-03-22 18:26 . 2009-03-22 18:25 -------- d-----w c:\programmi\Philips
2009-03-22 18:25 . 2009-03-22 18:25 -------- d-----w c:\programmi\ArcSoft
2009-03-22 18:25 . 2009-02-26 16:43 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-04 14:10 . 2009-03-04 14:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 19:35 . 2009-02-27 19:35 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-26 18:24 . 2009-02-26 18:24 0 ----a-w c:\windows\nsreg.dat
2009-02-26 16:37 . 2009-02-26 16:05 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-26 16:05 . 2001-08-31 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-26 16:02 . 2009-02-26 16:02 21840 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2007-01-03 10:51 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 11:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-04-21 17:36 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-21 17:36 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-05-07_18.42.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 18:50 . 2009-05-07 18:50 16384 c:\windows\Temp\Perflib_Perfdata_244.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "c:\programmi\Gossiper\tbGoss.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0A452A47-C5A8-4854-A237-4B9B06B376F0}"= "c:\programmi\Gossiper\tbGoss.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-04 148888]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"a-squared"="c:\programmi\a-squared Anti-Malware\a2guard.exe" [2009-02-25 2799760]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-05 2176000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-01-03 123904]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-26 113664]
PLANET WL-8315 Utility.lnk - c:\programmi\PLANET\Common\RaUI.exe [2009-2-27 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/04/2009 17.58.01 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [29/04/2009 17.58.01 27656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [05/05/2009 18.20.26 142592]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [29/04/2009 17.58.01 4403256]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S3 Dac48esd;Dac48esd; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp c:\windows\system32\4.tmp
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [22/03/2009 20.25.12 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [22/03/2009 20.25.12 461056]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {197DFD3A-4341-4512-97C6-5F119DEE6AAE} = 85.37.17.9,85.38.28.75
TCP: {F053A095-089D-4D3A-9DF0-5E31C852B799} = 192.168.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\_Fioreste_\Dati applicazioni\Mozilla\Firefox\Profiles\vrs96pgh.fiore\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\programmi\Crawler\Toolbar\firefox\components\xwsg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 21:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2009-05-07 21.18.22
ComboFix-quarantined-files.txt 2009-05-07 19:18
ComboFix2.txt 2009-05-07 18:44

Pre-Run: 27.245.621.248 byte disponibili
Post-Run: 27.234.914.304 byte disponibili

186

[rednax]

per finire ho dato una scansione con prevx e sorpresa...
prevx mi ha trovato un nuovo malware mai trovato fino ad ora "vfind.exe"
è possobile che il malware cambia nome? oppure si tratta di un falso positivo? comunque ecco il log:

Prevx Scan Log - Version v3.0.1.65
Log Generated: 7/5/2009 23:33, Type: 0,1
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1040
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Thu 2009-05-07 23:32:28 ora solare Europa occidentale. Number of Scans: 29. Last Scan Duration: 7 minutes 26 seconds.
[B] (ACTIVE) c:\documents and settings\_AAA_\desktop\kaspersky2009trialreset_.exe [PX5: 51F9CD3900221CF0EECE08210FE87C00B55BB7FF] Malware Group: High Risk Cloaked Malware
[BP] (ACTIVE) c:\windows\vfind.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[U] (ACTIVE) c:\windows\system32\spc230nc.ax [PX5: 378178C000E4E569123E028B85602200E4A62486]
[U] (ACTIVE) c:\documents and settings\_AAA_\dati applicazioni\mozilla\firefox\profiles\vrs96pgh.fiore\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll [PX5: EAD3874B0080E563964003641CB5F200FC522F5A]
[U] (ACTIVE) c:\documents and settings\_AAA_\dati applicazioni\mozilla\firefox\profiles\vrs96pgh.fiore\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll [PX5: 5021418600F3761744E305F098E665002958E13A]
[U] (ACTIVE) c:\programmi\crawler\toolbar\ctbcomm.dll [PX5: A661ED3F00B5B364647911133018B80025E09BA7]
[U] (ACTIVE) c:\programmi\crawler\toolbar\firefox\components\xshared.dll [PX5: 232DE7D3005F81B792FB05CFB25FA400611D0094]
[U] (ACTIVE) c:\programmi\crawler\toolbar\websecurityguard.dll [PX5: 135F0F9000E23CCD28033C9529BC400063D12F15]
[UP] (ACTIVE) c:\windows\nircmd.exe [PX5: 7A13E04900C503117A1800DBA8E1990091A6F065]
[U] (ACTIVE) c:\documents and settings\_AAA_\dati applicazioni\mozilla\firefox\profiles\u6ppseys.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll [PX5: 47CC367600B7A7C0922D030911AF28006D04994C]
[U] (ACTIVE) c:\documents and settings\_AAA_\dati applicazioni\mozilla\firefox\profiles\u6ppseys.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll [PX5: 680326E800B24CDDBEB60371313CF9002E60E830]
[U] (ACTIVE) c:\programmi\crawler\toolbar\ctipsdef.dll [PX5: 6CE848BF00A04569BC0E03D882219D00A070AB51]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_ct.dll [PX5: 1F68EB8A008CEDFFD4CB01B898CB25007688E122]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_cz.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB250059958949]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_es.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB2500846CF734]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_fr.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB2500E8BE5E01]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_hu.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB25008AE9F090]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_it.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB250001C4DACC]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_ja.dll [PX5: 1F68EB8A008CEDFFD6CB01B898CB2500162E6FE8]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_ko.dll [PX5: 1F68EB8A008CEDFFD6CB01B898CB2500162E6FE8]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_nl.dll [PX5: 1F68EB8A008CEDFFDCCB01B898CB250024B07989]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_pl.dll [PX5: 1F68EB8A008CEDFFDCCB01B898CB25007CE12A0C]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_pt.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB25006393745D]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_ro.dll [PX5: 1F68EB8A008CEDFFDECB01B898CB2500FBB827AF]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_sv.dll [PX5: 1F68EB8A008CEDFFDCCB01B898CB2500E4CA79FE]
[U] (ACTIVE) c:\programmi\philips\intelligent agent\languages\language_tr.dll [PX5: 1F68EB8A008CEDFFDCCB01B898CB250055E1AEB6]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\paeaflt.sys [PX5: 9B08C5BE80240E3F1BE200280B0CC300421FC29C]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\spc230nc.ax [PX5: 378178C000E4E569123E028B85602200E4A62486]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\spc230nc.ds [PX5: 00D1241900E1CF2650E7099DDC0B2700A8991A64]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\spc230nc.sys [PX5: B57CD7AF00362E61F7ED060580CDCE001063AEC7]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\ia32\paeaflt.sys [PX5: 0B63863A80F0366321D30013CA6C4A00AB710EEE]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\wnt\coinst.dll [PX5: 8735EBD4002FF5281A9A004C03AE5600878D8AF1]
[U] (ACTIVE) c:\programmi\philips\philips spc230nc webcam\wnt\spc230nc.sys [PX5: C36387FB0099029809F0072A690BC200F5E66EEF]
[U] (ACTIVE) c:\programmi\reference assemblies\microsoft\framework\v3.0\system.runtime.serialization.dll [PX5: 56F9E530009E9FE330C50E68E81E17004DFC3574]
[U] (ACTIVE) c:\programmi\reference assemblies\microsoft\framework\v3.0\presentationcore.dll [PX5: CC161B8200497D9BB23D3F50B40E29003A71A5AF]
[U] (ACTIVE) c:\programmi\reference assemblies\microsoft\framework\v3.0\system.servicemodel.dll [PX5: 9351D0F3009EE36B20B15BFF156CA8007D06A137]
[U] (ACTIVE) c:\programmi\reference assemblies\microsoft\framework\v3.5\system.web.extensions.dll [PX5: 6DB45C1A00C28389208A133D86155B00DED83AF5]
[U] (ACTIVE) c:\programmi\reference assemblies\microsoft\framework\v3.5\it\system.net.resources.dll [PX5: FB768160005221AB707300E5DD2DDE0009DC299B]
[U] (ACTIVE) c:\programmi\microsoft office\office11\vs runtime\vsbrowse.dll [PX5: EE6D1FEF0068006540BD039645D7AB00F7C8BC5D]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\liblogger_plugin.dll [PX5: F946B262003CC0DF2E2A00E63BE6F20053A1AF7E]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libremoteosd_plugin.dll [PX5: F4A3C4E8003EDE3278F405C5EB900A00ACBF6F57]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_dummy_plugin.dll [PX5: 0360AFD600E27FA514BF00069B012900A41B14A8]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libvc1_plugin.dll [PX5: 4D46BDFF00F364711ECD00D1481A270033D062DC]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi420_rgb_plugin.dll [PX5: D5E5F05A0001C56878D5007D2D762E001061AABA]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi420_rgb_sse2_plugin.dll [PX5: 725A73BD00625448C6CF01B2DE32B900829C8474]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi420_ymga_plugin.dll [PX5: 595ED32300569ECC16890070AE0661008E1E6E14]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi420_yuy2_mmx_plugin.dll [PX5: 90FE0B5100215BF5360800778515D40054881423]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi420_yuy2_plugin.dll [PX5: 1C76D7B700237ABA30F3000F979D910000311B91]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi420_yuy2_sse2_plugin.dll [PX5: DADCAB2E00A6E9FB5EFE0059485D63008A97FAB9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi422_i420_plugin.dll [PX5: 8AEEAC760027C48C20FD00257A7C27002AB54E69]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi422_yuy2_mmx_plugin.dll [PX5: DF1371F50023DEE0329800C24318B9001467E5E0]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi422_yuy2_plugin.dll [PX5: 8EEA5B8600E3260030C200CEE43B4F00D9D4B253]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libi422_yuy2_sse2_plugin.dll [PX5: B27E868000B3722A54E300573C4EEA008E4F70C9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libid3tag_plugin.dll [PX5: 16D1A5F70028FA2AC23C0176023E0700FC7221B9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libimage_plugin.dll [PX5: 2CD919050006103226820027C4C378000D31E4A8]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libinvert_plugin.dll [PX5: 6AD13B4B00C8A0BC18C7003CDB125800A2E46DA2]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libkate_plugin.dll [PX5: 8F7BCC470030E2B4729501479002B00075DDDCB1]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmagnify_plugin.dll [PX5: 605D390F00AD1D06340400E46C665A0004C6E76C]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmarq_plugin.dll [PX5: 0A2E53DA00725C59322000FC899D7F0068FDA59E]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmemcpy3dn_plugin.dll [PX5: 259DFD680084FDEA202D0020D5DF51007EE4A421]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmemcpymmx_plugin.dll [PX5: 547C4B780015B4CC2060003B3C2E07001508951A]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmemcpy_plugin.dll [PX5: 69CBE574002BB5AB147900FCECB5AF00C2277B23]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmono_plugin.dll [PX5: 118FA5AD003D53EC3276007EFC4BA000AA6485BB]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmosaic_plugin.dll [PX5: E20BA25B0015D7DD64E9009EB81107007DC3B93A]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmotiondetect_plugin.dll [PX5: 1E036B550067C69840FE0098FC0BDB00D7F5C7DB]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmsn_plugin.dll [PX5: 2224372900A1AA96202E00B556747E007CC0E9D2]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_asf_plugin.dll [PX5: 5711CA910020953C9EB00023FECE5C003C51E4D7]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_avi_plugin.dll [PX5: 7CAB0174005AADA84E5E0015DCB8C400F29BAFBA]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_dummy_plugin.dll [PX5: FF2DE67800D383A31A3400C3D8E69400F10FF82F]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_mp4_plugin.dll [PX5: 312F58420009992FF270003D9F8E1C00CEDEF3E9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_ogg_plugin.dll [PX5: 4727AA51001F3D3E5EDC002AF8555800259ABA51]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_ps_plugin.dll [PX5: 99906EED0047A5FCFABA002E056ABA00E1FF7382]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_ts_plugin.dll [PX5: 61A763A1003701B0902F012993868A003DDD214C]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libmux_wav_plugin.dll [PX5: 740C78940076CA441E61006B742CD3002190B36E]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libnormvol_plugin.dll [PX5: 8793954B00B13217202400F282E82B00AD6513EE]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libntservice_plugin.dll [PX5: 308CD5340040B6F3288900ECD5340100034F4193]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libosdmenu_plugin.dll [PX5: 801C756C00F7887C32D600A014C085003B950BE5]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libosd_parser_plugin.dll [PX5: 5DCA937F00A72EEF36F40081B050FC00E2F4EA02]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libpanoramix_plugin.dll [PX5: 15F694BE0040C10EC0760041B1BEF30036309684]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libparam_eq_plugin.dll [PX5: 3913128B003EFBFC28C5001C31FDC80079EE3ECE]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libpodcast_plugin.dll [PX5: EF1B8A7500CE477020DD00ABCB80120072F5C1F2]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libportaudio_plugin.dll [PX5: DBDA65E2001D2D4EF8A80020CA7065000C39E7F9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libpostproc_plugin.dll [PX5: F5D039F200EC6B739A5C020D0A928C00370E3C0C]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libpsychedelic_plugin.dll [PX5: 8637B55A00FC8D252AAF007D9881EA00ADFDA892]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libpuzzle_plugin.dll [PX5: 25619A1300A6C6E43E9900F4C4C2480068CF4586]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libquicktime_plugin.dll [PX5: EE98F7CD00728A8824D1004A1E3CCE00AA7F0393]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librc_plugin.dll [PX5: 43041DB50005D399A20C00E39622E700E90E33C9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librealaudio_plugin.dll [PX5: 0792D4BB006A13B86E8B00473064FF002622C7B8]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librealvideo_plugin.dll [PX5: E75DA83700D389CD22C50062FF7527001A4FE267]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libripple_plugin.dll [PX5: D310F84800AD0CFA203200CC57BC2E00CF25211F]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librotate_plugin.dll [PX5: CF29E7000005FD3D32B300C926AE780058175480]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librss_plugin.dll [PX5: B2427B4400578D6C4C8700C1804CA100F0BFEF4D]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librtp_plugin.dll [PX5: 06197B5C00736F8D5E780551598CAC00E99DC38E]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\librv32_plugin.dll [PX5: 157A4A1800D3DC9B16B900314A4ABF00B95C1C78]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libscaletempo_plugin.dll [PX5: 1437BB02005CDDCE288D00BDC09B11000F8ED308]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libscreen_plugin.dll [PX5: 0540B7080099C5D72EB40053D3782600DD0E5CC3]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libsdl_image_plugin.dll [PX5: FD13DFBC0030762C54A80466B2D53000133C6CF0]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libsharpen_plugin.dll [PX5: 401C6CE9000B19F71E0000BF6F49EA00D4ED2604]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libshout_plugin.dll [PX5: 636A7C9B00333C6622D000EAAB934E00343DA050]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libshowintf_plugin.dll [PX5: E853DF6300577F9C1A4700F0E3AF73001FE3E4D6]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libspatializer_plugin.dll [PX5: 4660E8D800CB88B7249301EBD2050F0049A4DCAA]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libspdif_mixer_plugin.dll [PX5: 8AAD0E8700FD8165142700E89B530D0074D0852B]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstats_plugin.dll [PX5: 7AFEFAA50036A78C285B008E2E050500899D8017]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_autodel_plugin.dll [PX5: DAE594B4006B002B1AD3003F8A9ADB0067479803]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_bridge_plugin.dll [PX5: 10592E59006A8B1628A5005CA00ACA0069D2CCB9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_description_plugin.dll [PX5: 0D138B60002A0A0C18E90074D584D900560F9F1F]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_duplicate_plugin.dll [PX5: AD48286C00B0D54228A800E7F04E13008E2F0F21]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_es_plugin.dll [PX5: FB35C6700059DDBF26F2007D3694E400C9393F88]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_gather_plugin.dll [PX5: A6943DE4001376621EE400BF92EEB0007901771E]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_mosaic_bridge_plugin.dll [PX5: 25FA77C900A79B8140F600C9524C9C0035419E87]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_standard_plugin.dll [PX5: 61E2F11800AB9ED5808300D6EE188800577D5477]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libstream_out_transcode_plugin.dll [PX5: FDE3C98C00E91D698E1E00FC9F68DF005DF95CDA]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libsubsdec_plugin.dll [PX5: 5C3522B9000603155004001A99436F00383D28F8]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libsubtitle_plugin.dll [PX5: FE81F2DC00C6C0B85EA60094B280B700CB4AA88A]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libswscale_plugin.dll [PX5: 2152F077000BBF95FE4A05E33B3180005BA2E435]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libt140_plugin.dll [PX5: 9E209B33001B025816E7007EC43CD000FBB59A80]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libtelnet_plugin.dll [PX5: 48FCD6B1002884D23C6E00FEA9E55A0096D36997]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libtelx_plugin.dll [PX5: 8AC20A7B00C803E33CC90060275C6B00C8BAE9D2]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libtransform_plugin.dll [PX5: B70CE5AF005755BC400D00AF72376D00008F6597]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libtrivial_mixer_plugin.dll [PX5: D70946370001ABDA183C00E9EDDD46005ECD24B4]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libtrivial_resampler_plugin.dll [PX5: 11D932EA005B7970186D001318E1F700FD164D7F]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libtwolame_plugin.dll [PX5: FB3CF93C0011DEEAD41801FA53E17C0054FF0AD6]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libvisual_plugin.dll [PX5: A7698F78002FBB468CA600723CC0D500EBC73032]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libvobsub_plugin.dll [PX5: 8123A199001AFC32889400ECAEBD9200549B21E8]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libvod_rtsp_plugin.dll [PX5: DBA8D29000CD8A5FD4730087CCE9F5006180097A]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libwall_plugin.dll [PX5: C4326CE400B2FFF33AAA00C04B734300EF64E9FF]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libwingdi_plugin.dll [PX5: 80EC629D000DA6CE5EBF00267235DA002EA7A4B7]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libx264_plugin.dll [PX5: 608AAABE005E212B9A370B3865726300227058AB]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libxtag_plugin.dll [PX5: 8CAF114200B2EFFC30F3000F02601C00FA37E046]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libyuy2_i420_plugin.dll [PX5: 3EC2C46900941F2E3CC3007202B3A300D1980BD9]
[U] (ACTIVE) c:\programmi\videolan\vlc\plugins\libyuy2_i422_plugin.dll [PX5: F19D9B0A006A798D2E0D00CCBED0CD00DBBA557B]
[U] (ACTIVE) c:\programmi\windows nt\accessori\mswrd8.wpc [PX5: E691840D00FD0A9C4A9C04370828FD00A3D8061F]
[U] (ACTIVE) c:\programmi\windows nt\accessori\write.wpc [PX5: FF972FDE004AA473605F01403FB9270075579744]
[U] (ACTIVE) c:\windows\assembly\gac_msil\system.servicemodel.install\3.0.0.0__b77a5c561934e089\system.servicemodel.install.dll [PX5: D9C52A8A00A2D97D70A5026F68FAD600C74F1F2F]
[U] (ACTIVE) c:\windows\assembly\gac_msil\system.net.resources\3.5.0.0_it_b03f5f7f11d50a3a\system.net.resources.dll [PX5: FB768160005221AB707300E5DD2DDE0009DC299B]
[U] (ACTIVE) c:\windows\philips\spc230nc\pxiinst-32\remove.exe [PX5: 6F280EB700E23C59BE9100DD9E5CE60019DB5B23]
[U] (ACTIVE) c:\windows\philips\spc230nc\pxiinst-32\remover.exe [PX5: 09BB2F9800BA4586D2B1009FD3C0600057177EE1]
[UP] (ACTIVE) c:\windows\system32\mui\0410\icardres.dll.mui [PX5: CF1E7F29081FE13CF637099223099B004C754734]
[U] (ACTIVE) c:\windows\system32\mui\0410\mscorees.dll [PX5: 8E09F88500D722BD1A7F0015B041420075D33ADA]
[U] (ACTIVE) c:\windows\system32\it-it\scrrun.dll.mui [PX5: 2670B921005DF9B92E3200F07B6FD5009B9BECC5]
[U] (ACTIVE) c:\windows\system32\it-it\aaclient.dll.mui [PX5: 0C0272FC00A4E1B6105800EFCFF3EC00B79BCD14]
[U] (ACTIVE) c:\windows\system32\it-it\cscript.exe.mui [PX5: 77DAE00A001C541434B7009664B3B1002FA7B7E7]
[U] (ACTIVE) c:\windows\system32\it-it\msscript.ocx.mui [PX5: A9DF5C310003FF611696007F577EBE002896B817]
[U] (ACTIVE) c:\windows\system32\it-it\mstsc.exe.mui [PX5: BAE1A53D00EBD4D3E03C00D308CDBA008FAAAC9A]
[U] (ACTIVE) c:\windows\system32\it-it\scrobj.dll.mui [PX5: 6E58426200E30E9428DE007778CD4A0062985600]
[U] (ACTIVE) c:\windows\system32\it-it\vbscript.dll.mui [PX5: 51F5CBD9002D5E73322100E0E653CA00EA733966]
[U] (ACTIVE) c:\windows\system32\it-it\wshext.dll.mui [PX5: E524346D00A6DB8818E100DEA0D37E00C2FD428C]
[U] (ACTIVE) c:\windows\system32\it-it\wshom.ocx.mui [PX5: 6F3A27680061E0781EF80002762F75006A9BB62C]
[U] (ACTIVE) c:\windows\twain_32\spc230nc\spc230nc.ds [PX5: 00D1241900E1CF2650E7099DDC0B2700A8991A64]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\aaclient.mui [PX5: 0C0272FC00A4E1B6105800EFCFF3EC00B79BCD14]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\hypertrm.dll [PX5: 6DD43B420028E1BF62B505CE012D6F00A084E601]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\iasrad.dll [PX5: CE2CBC970014AE50D42A01708C578900725E74E3]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dhtmled.ocx [PX5: 5C6B34D2003F0066F66D01CC15242200C5973A6D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\diskpart.exe [PX5: D361AE6600697B8C862302E75A4B5900E0B004CB]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dpvoice.dll [PX5: 111B8F280099E830429F0316DF54C40022A5A51D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\qdv.dll [PX5: CCF2540700E81E80426D04EF7D4EE70083BC1BEC]
[UP] (ACTIVE) c:\windows\servicepackfiles\i386\qedwipes.dll [PX5: 834AF8CA00B7FA3A32F40B73C7B9B100CD5B3F91]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mslwvtts.dll [PX5: BAF1E00B00F932CA9C2C0008AB268D009E3DC982]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msmqocm.dll [PX5: 86AC3F1A00A2400C9A5D0284049353003224C9C2]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\write.wpc [PX5: FF972FDE004AA473605F01403FB9270075579744]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\evtgprov.dll [PX5: 00DA712300D13E3DB06F007C3BE5FF005DFE8989]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\evtrig.exe [PX5: 908AA73100D97C1450D1016CA9C7E20072FD7555]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\expsrv.dll [PX5: 711053231D670552CEF105E3C6F139004068C4F3]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\fde.dll [PX5: F5C5785C009D0992ECAA01A220072C0099697C05]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\taskkill.exe [PX5: D3FBBB5A006F60EE348A01A4765494009F84B240]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\tasklist.exe [PX5: E3CA692A005738A938AB0144BB3F0A006D04D50B]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\tcpmonui.dll [PX5: BCA2A7C6006E7136B69B00E8BC7EA100F5BBBEED]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\safrcdlg.dll [PX5: EAEC99200031D174AA84009FF802F50009CF8A2A]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\safrslv.dll [PX5: 4A7AA5D30013FD1AB2CE00E7A8846600BC058F9C]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\sapi.dll [PX5: 7E3E75D9005AEB7D50EA0B49E8F5240034F5291C]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\offfilt.dll [PX5: C2C4ECEC0019E824EE8B022878A78E0065DABB26]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\oleprn.dll [PX5: AE789F4B00AF9DB3AA0501B9AC034700B6C00926]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\cipher.exe [PX5: 63DBBEC0006625A2E05D0050FE96E200D074F1C3]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\intl.cpl [PX5: DAA2546B006C7EA40678029C5B327400E3A88EC2]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\ipmontr.dll [PX5: 4CE9BB5C00D05EF38AA502A83EA65700E305DCE4]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\appmgr.dll [PX5: 14E050F1009DC3FA962204C3022F2F007B48AE23]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\getmac.exe [PX5: B004AAD70057A5AEF20400F03A72AF00661214DE]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\glu32.dll [PX5: 68401C1200F3FFD9E2170177014DE200B41D368A]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\gpedit.dll [PX5: 985EB5320090EDC7C62B085D3744DC00A54AEE93]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\gprslt.exe [PX5: 0E860C630098A448E6DE01C3F72214007912FE84]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dpvsetup.exe [PX5: F400625700872389464E01DE815C2900E51926E3]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dpvvox.dll [PX5: EA93004E001D5922C883016D479DDF009316A924]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\drvqry.exe [PX5: B3358E44003F9D5A00BB01816C0E940000FEB3DB]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dsdmo.dll [PX5: A3358ACC00B2FAFAC45202FBE3429E001666053A]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dsdmoprp.dll [PX5: 9A722B150074163C1867017C0CE619001A8E7610]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dsound3d.dll [PX5: 75385BDD006C2F38BEA913867AB51E001085D69D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dsprop.dll [PX5: C9BFA5CF000F6DED382B020CC45B9600B1750E4B]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\cscript.mui [PX5: 77DAE00A001C541434B7009664B3B1002FA7B7E7]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\icwphbk.dll [PX5: 68A4A2C2005E680500B4012150E96B00983707BA]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\idq.dll [PX5: 2FFD33E00097A854DA510170E116D500030BC62C]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\iernonce.dll [PX5: D086159900EADBECC07300BA527928003892BF78]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\iexpress.exe [PX5: E830EDEF0094433AC086017FE90B550089D4265A]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\ifmon.dll [PX5: FC6D2A3100179FC722F302AD7DD492004DF44217]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\agentctl.dll [PX5: 4E25C7D5006784C0447C0358F46BDA0043567BF5]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\agentdp2.dll [PX5: F8F5D98500FF026DA64D0099E62B8900CD4BEE06]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\agentdpv.dll [PX5: 6207B7590054F55FE089000825C466008D17E4B8]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\agentmpx.dll [PX5: F9BACE8500ED5679C01A0026A33FA7002D9A4F33]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\agentsr.dll [PX5: 251D37CE00201869ACA500FBC016F1003BD2F958]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\agentsvr.exe [PX5: 4E8B868A00746E93EA3A03D296EC17002FF7F347]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\rdchost.dll [PX5: 2EE3DCAA00BCBA39425C02889A4D0500F94997D2]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\rdpdd.dll [PX5: 8C22800F08746B55697D01E5E2DD240028E0AA45]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\rdshost.exe [PX5: F1636A8A0071E54D06C7013147755E00E076C1C6]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\ntmsdba.dll [PX5: 9F5D2BBF00E2B421C24402840A08D1000499FCFA]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\ntmsmgr.dll [PX5: A1BE9C2E00A4D0C1866E07D02C3CA900A826FCC3]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\nusrmgr.cpl [PX5: 3DB65FAF001A1CE2F45F03419C890C0070AC8597]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\nwapi32.dll [PX5: 708E2AA300771948FAD70019CE750E003E224524]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\nwwks.dll [PX5: FA6FB0D40000790E00C201FBF9C136007877D88A]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msscript.mui [PX5: A9DF5C310003FF611696007F577EBE002896B817]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\objsel.dll [PX5: 63104EE4007417C264AE04C3D83FB00035BD4F94]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\scarddlg.dll [PX5: E13DCEFE0050AF3D10250125105197001EDC3801]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\lhmstsc.mui [PX5: BAE1A53D00EBD4D3E03C00D308CDBA008FAAAC9A]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqad.dll [PX5: 84D290020073D6B41C7D02DB628DBD007E85DCD0]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqdscli.dll [PX5: E979791D00F8C274BAE80063F9CC0D000C26CDEA]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqlogmgr.dll [PX5: 3A6B034B00E7127A5C0801932AC1D7006F22FFE4]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqoa.dll [PX5: AFF5B213006F2F4D70D003BDD853740013DC413F]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqqm.dll [PX5: 17686CDF002DDF671E780A570E738500F949547D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqrt.dll [PX5: 3CCB4EFD0022D497B426025A54766B0056DF267D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqrtdep.dll [PX5: 84C385FA0021519BE4BD0157884C8400F2FABFD4]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqsec.dll [PX5: 8DA7D5DF00DE658C7622013E816B7700473497A2]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqsnap.dll [PX5: 32EA6A96007A1B65E6ED070D280044009DC0BD7E]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqtrig.dll [PX5: 1CAE0E8500DDAB04DCFB02D286D0FA00FFD5D83B]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqupgrd.dll [PX5: CEBF53AB007C508BC0140037E71AF0003E2F9FFE]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mqutil.dll [PX5: A86043AB000C673AECCA0744EF6B530056EE28C7]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dx7vb.dll [PX5: 8692A6C300599AB3725C09566543CF00CF90D802]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dx8vb.dll [PX5: 8E465E22002D5AA5BA5A128AA072BE00F3D800C7]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dxdiag.exe [PX5: 9D9BF40600A974CBD05B138BF85951006D27A721]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\xactsrv.dll [PX5: 25B4E54900499E4D66BF01676FD87500374CB63F]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dmdlgs.dll [PX5: 9EF055CC0058152D5AFC0493CD7A7500724BB2FE]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dmdskmgr.dll [PX5: E9D79F9D006B8A4B10D9035FB8AAFD0058C00AD1]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dmime.dll [PX5: A9B088C800AB155FC435023B3EDA86001510A874]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dmscript.dll [PX5: 07848CDC002CA1F942A901F26A7FC900B879770E]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dmstyle.dll [PX5: BF23F67500650E419E4A012CA42A5800EBA2E4F0]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\dmsynth.dll [PX5: 7E5489D300521B7F945A0126FD08D500E2FE2AC2]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\vbscript.mui [PX5: 51F5CBD9002D5E73322100E0E653CA00EA733966]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\rsnotify.exe [PX5: 52286BF60093B06EA4DC01C79FAA850091BBD494]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\policman.dll [PX5: 2F7A4524004A3EAB6AD601CE3716AE002A99D65D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\polstore.dll [PX5: D141FD52002FE59B9E21011186D6CF007DB34F54]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\proctexe.ocx [PX5: 182AB8FC0090ADA740D701139A68E500CA6A68B0]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\proquota.exe [PX5: B2077D3C005C3CC4C6530091F44F4D004D03E287]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\sccsccp.dll [PX5: 8A0F682F003DDE2F9E0D02EB589E7300EC7E3D86]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\scrobj.mui [PX5: 6E58426200E30E9428DE007778CD4A0062985600]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\scrrun.mui [PX5: 2670B921005DF9B92E3200F07B6FD5009B9BECC5]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\sctasks.exe [PX5: 77C64A4000953BA3FCD4018C2F8E8700AEC9ACEF]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\adsnw.dll [PX5: 1C8E0201006DAD6CE2E7017B10DF1B006E9C6070]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\opengl32.dll [PX5: A5B285B60082B779E4A00AAF30E7DF00F831C549]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\opnfiles.exe [PX5: D198F60C004C16521627015482A140009833EBC8]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\osloader.ntd [PX5: 99B57A980037E2EC44D60444CF0C8400FBF981E6]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\ocmanage.dll [PX5: ECE07D2F004EA4E30C4A01DD4E9F9200FA847DA6]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\odbccr32.dll [PX5: 186BBEC80076455B00C901E3734E470030370E49]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\odbcji32.dll [PX5: 1B7B1CE01F8ED770E0DA00746136F70005E0CA73]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\odbcjt32.dll [PX5: FA0CEC951FE6C856403104BA12FF1800E6763D6D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\odbctrac.dll [PX5: 171624EB004163FC406E02A743B563009C6DE933]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\bootcfg.exe [PX5: 2E1C671C009BC088622802C6E47E5400ECEC4890]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\sysinfo.exe [PX5: 8146ED4300A7819220AA0180DACDD000D1A1C59B]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\ils.dll [PX5: D7D5292F002921A6401701561ABA5000027F802F]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\tlntadmn.exe [PX5: 7FF74E86001111E9F8D5007245A5BF009FF9E9F8]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\tlntsess.exe [PX5: 89EB358100381DB7380C01C7E177E600A438F0CA]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\tracerpt.exe [PX5: C841B12100980775F8140322274DE000C204970E]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\triedit.dll [PX5: F38E5E66003C57CB569A0225325404003BBE8BBD]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msinfo.dll [PX5: 071CFA4F00D09D51CED405C372DE1A00A33C652B]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\h323msp.dll [PX5: CBC77E1B00EC852D626509BCE6987B00EE8B06EC]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\helpctr.exe [PX5: 810FD23E002D21C1BC170B350325AE003F84BD4C]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\racpldlg.dll [PX5: 960AFF5C00656BD2AA410006BFC326009891C8DA]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\rasphone.exe [PX5: 605C267900DBC541E0BB00141E9DCE0007046AA2]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msvidctl.dll [PX5: 314361E0004C9988E6E915A8D95C320068B941E3]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msw3prt.dll [PX5: 45B5BD15001908EA1CE7010A7448FB00C75B3D95]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mswdat10.dll [PX5: DCAC3C7C206C0652CB780CF3C1EF1B00CE9C6005]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mswebdvd.dll [PX5: 1FD7ED2200E2540520EA03759F0DFE0022F341EC]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\mswrd8.wpc [PX5: E691840D00FD0A9C4A9C04370828FD00A3D8061F]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msxbde40.dll [PX5: 4F5993FD206C50E86B7C05BCE6CAA50046392AAC]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\msxml.dll [PX5: 19311EF60043E8C5BA1F0742985400008A800607]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\eudcedit.exe [PX5: 96B33B3500BA82E4FE6E025A2952F800DE28E692]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\evcreate.exe [PX5: 6C7133E80002E156CEDE00E66D58990015AB1652]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\netsh.exe [PX5: B04422F300553CCB54E1014E63E4A900F02D4D98]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\untfs.dll [PX5: C8C0491E00C1D892D412041C643AA3006A4E771B]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\regwizc.dll [PX5: F436D18E009761501C0806120F20EB00DC2D150D]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\remotesp.tsp [PX5: 7F10B084003E927C2CE901F7C3A760009F704798]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\icwdial.dll [PX5: 9E7F1C4000DB8AE42053018F822E1F006B45A701]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\initpki.dll [PX5: 6E290E2700815199401C02E7D4075C0014617DFA]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\input.dll [PX5: E8AE6C2100240A25EAA5016918F9DE000FF234C6]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\wshext.mui [PX5: E524346D00A6DB8818E100DEA0D37E00C2FD428C]
[U] (ACTIVE) c:\windows\servicepackfiles\i386\wshom.mui [PX5: 6F3A27680061E0781EF80002762F75006A9BB62C]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\system.runtime.remoting.dll [PX5: 4AE821C100B452A190D904C3E698F50052AC6FDE]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\system.transactions.dll [PX5: C7FABFD500358818FCE703227832CE002BADB0BC]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\system.configuration.dll [PX5: D41613CA002309F8805F060C00E6B400FEF30CDA]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\system.configuration.install.dll [PX5: EBC59CF7009EAD074047017BD5A2C800A361F5AA]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\system.data.dll [PX5: 39BD714E001051FE54B52EEBACED4E00AFFA1197]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\system.design.dll [PX5: D8D16BB7007A9919601F4D8ECA15C900E28C0B7B]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\1040\cvtresui.dll [PX5: 7476DB3C00739F0E14A400533E402D00B9417E5F]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\it\aspnet_compiler.resources.dll [PX5: 73251EE2008C747B22FE009483EF410032C786B0]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\it\aspnet_regbrowsers.resources.dll [PX5: B79ABD7E0045FB72164E001165DAF80093CDBF3C]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\it\aspnet_regsql.resources.dll [PX5: 9A2FF8FC00169524A009007A92C39F00B40BFF4C]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\it\installutil.resources.dll [PX5: C187037300B07C8910FD00CB7D607700B79BCD14]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\it\msbuild.resources.dll [PX5: 0960E67000A562363228002FD7E62700A6CD7355]
[U] (ACTIVE) c:\windows\microsoft.net\framework\v2.0.50727\mui\0410\mscorsecr.dll [PX5: DDAC45E6005F3DA158940087F878A200AA4B9598]
[U] c:\windows\system32\qdvd.dll [PX5: E73D72210013708CE61E0591A2BDD00055C3CA4A]
[U] c:\programmi\gossiper\tbgoss.dll [PX5: 043B70271804B458C27C1FF80373BC00C0FCC177]
[U] c:\windows\system32\coinst.dll [PX5: 8735EBD4002FF5281A9A004C03AE5600878D8AF1]
[U] c:\windows\system32\ipsmsnap.dll [PX5: CFD4EFD400334EABE6B005F8BCFE6F0088023BB7]
[U] c:\programmi\philips\intelligent agent\uninst\unins000.exe [PX5: F61B8FB359550E74165B0C1B8473C00075272629]
[U] c:\windows\system32\drivers\paeaflt.sys [PX5: 0B63863A80F0366321D30013CA6C4A00AB710EEE]
[U] c:\windows\system32\drivers\spc230nc.sys [PX5: C36387FB0099029809F0072A690BC200F5E66EEF]
[U] c:\windows\system32\skincrafter3_vs2005.dll [PX5: 4B5910CF00F29C61D0770815E9C68800A95416F0]
[U] c:\programmi\videolan\vlc\plugins\libpacketizer_mpeg4video_plugin.dll [PX5: D3BF748600E25C3A46EA00F4B98C3500BE7F7AEE]
[U] c:\programmi\videolan\vlc\plugins\libstream_out_rtp_plugin.dll [PX5: 40FB0BEF00DFD076E6AD05F8913171008E730619]
[X] c:\windows\system32\logman.exe [PX5: FCCB56FB00724B86F0E30000F7C845001D037896]
[U] c:\windows\servicepackfiles\i386\qdvd.dll [PX5: E73D72210013708CE61E0591A2BDD00055C3CA4A]
[U] c:\windows\servicepackfiles\i386\ipsmsnap.dll [PX5: CFD4EFD400334EABE6B005F8BCFE6F0088023BB7]
[U] c:\windows\microsoft.net\framework\v2.0.50727\it\jsc.resources.dll [PX5: 45A4161B000795F11CFD00B99D56E10085470CDF]
[U] c:\programmi\videolan\vlc\plugins\libi420_ymga_mmx_plugin.dll [PX5: C5382AEA006E13441C7400F8B25BF90051BBEFEF]
[U] c:\programmi\videolan\vlc\plugins\libm4v_plugin.dll [PX5: 29ADCBC000AFCE781C3F006E00B6D600790B1B40]
[U] c:\programmi\videolan\vlc\plugins\libmotionblur_plugin.dll [PX5: 1751DA240020444E1CC200F0B2B00B0009E0D5F6]
[U] c:\programmi\videolan\vlc\plugins\libmux_mpjpeg_plugin.dll [PX5: 76FDA1D900CF1EE01C3200914D38BD00FE725554]
[U] c:\programmi\videolan\vlc\plugins\libnoise_plugin.dll [PX5: B94BAE5C00DBA6801CB000CEA9C134002E6378BF]
[U] c:\programmi\videolan\vlc\plugins\libpacketizer_copy_plugin.dll [PX5: 2078BCB2005BD0161CE900C6B0CF8700C1C27121]
[U] c:\programmi\videolan\vlc\plugins\libwave_plugin.dll [PX5: DF0EEC33007820FF1CBD006F18AA4D00758F0532]
[U] c:\programmi\videolan\vlc\plugins\libsubsusf_plugin.dll [PX5: 29A93FDD0088C673466200AB35D47200F8103C43]
[U] c:\programmi\videolan\vlc\plugins\libopengl_plugin.dll [PX5: 2A77171A001A2AB9461800E9D7D34400B7A14EEB]
[X] c:\windows\servicepackfiles\i386\logman.exe [PX5: FCCB56FB00724B86F0E30000F7C845001D037896]
[U] c:\programmi\reference assemblies\microsoft\framework\v3.5\it\system.core.resources.dll [PX5: 8FC1BBC400B878EBF0230097959E3800929FAC25]
[U] c:\windows\assembly\gac_msil\system.core.resources\3.5.0.0_it_b77a5c561934e089\system.core.resources.dll [PX5: 8FC1BBC400B878EBF0230097959E3800929FAC25]
[U] c:\programmi\spyware terminator\spywareterminatorshield.exe [PX5: 0253DD0D00DD7019342921B599E30A009F9055DD]
[U] c:\windows\system32\drivers\sp_rsdrv2.sys [PX5: 0BD527A5009954562D2202019E735800A6455698]
[U] c:\programmi\spyware terminator\sp_rsser.exe [PX5: 7D9117EB00F5977E70EA07CF3A71B8009C52519C]
[U] c:\documents and settings\_AAA_\desktop\spywareterminatorsetup.exe [PX5: 5CF34E4DD857EBCEDE0D09B0B62D4900CAF8DBFB]
[U] c:\programmi\crawler\toolbar\ctbr.dll [PX5: 6724F8F000BD8FF68CFB129824F32100C9B3D79F]
[U] c:\programmi\crawler\toolbar\ctoolbar.exe [PX5: 6084B668D0F274E7095F25C39B93020012A476BB]
[U] c:\documents and settings\_AAA_\desktop\combofix.exe [PX5: 1341F994A108C1E0102F2E500F9923008C6D89EE]



Previously Detected Files:
[B] c:\programmi\emule\incoming\ps_cs3_cht.exe [PX5: 6865DB79645C4DFCE1440D50518955007E7E1530] Malware Group: Medium Risk Malware
[BP] c:\windows\system32\sdra64.exe [PX5: FC3371E3006B4BE7E69B0599A73BE400FEAD09C0] Malware Group: Low Risk Adware
[BP] c:\windows\system32\__c0090874.dat [PX5: EA0B8A830080764D6C740095B59E1B002311ABE7] Malware Group: High Risk Fraudulent Security Program
[BP] c:\windows\temp\arag4qgfgdf.exe [PX5: 78DE81F09823DE1F3AB700DDBC9CC4006E63284A] Malware Group: Medium Risk Malware Downloader
[BP] c:\windows\temp\wqiil.exe [PX5: 78DE81F09923DE1F3AB700DDBC9CC4004473FDA5] Malware Group: Medium Risk Malware Downloader
[BP] c:\programmi\trend micro\hijackthis\backups\backup-20090427-181758-269.dll [PX5: 35DB3246987B30FC3AE4006073A7570047B39DA7] Malware Group: High Risk Fraudulent Security Program
[B] c:\windows\system32\drivers\utm2mtcz.sys [PX5: 16590770003B863E1CA000B5C14F3D00CCFB2D16] Malware Group: High Risk Cloaked Malware
[BP] c:\documents and settings\_AAA_\desktop\mbr.exe [PX5: 90F86FAA00CBF5F814FD0103DE96AF004328898F] Malware Group: High Risk Worm
[BP] c:\mbr.exe [PX5: 90F86FAA00CBF5F814FD0103DE96AF004328898F] Malware Group: High Risk Worm
[dopo] c:\windows\system32\ak1.exe [PX5: B805065F00C0CB7C46E6002C402E640074D02E56] Malware Group: Community.OuterEdge
[dopo] c:\windows\temp\pmnuuk.exe [PX5: 4DCBBB67990ED53F3A8D00EFF7F53400F9FC8646] Malware Group: Community.OuterEdge
[dopo] c:\windows\system32\afnoinkdsfe.dll [PX5: BDC3A263986FAB183ABA0026F94BA2000EF31B1B] Malware Group: Community.OuterEdge
[dopo] c:\windows\temp\sfsdfdf.exe [PX5: 4DCBBB67980ED53F3A8D00EFF7F53400D3EC53A9] Malware Group: Community.OuterEdge
[B] c:\windows\system32\drivers\cczvcap.sys [PX5: 0D0120F6002DA0A9F00500511CA22500289EA8D6] Malware Group: High Risk Worm
[BP] c:\combofix\pev.cfexe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[BP] c:\combofix\pev.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[BP] c:\32788r22fwjfw\pev.cfexe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[BP] c:\system volume information\_restore{14507c77-fe0f-4216-b981-edbe660bc115}\rp0\a0000012.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[BP] c:\system volume information\_restore{14507c77-fe0f-4216-b981-edbe660bc115}\rp0\a0001059.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[BP] c:\system volume information\_restore{14507c77-fe0f-4216-b981-edbe660bc115}\rp0\a0001084.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
[BP] c:\system volume information\_restore{14507c77-fe0f-4216-b981-edbe660bc115}\rp0\a0001142.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware

End of Prevx Scan Log - http://www.prevx.com

qualcosa alla fine ho fatto!?
per questione di num. max di caratteri nel log di prevx ho cancelleato tutte le voci segnate con [G]

[crazy.cat]

qualcosa è stato rimosso ma ci sono parecchi nomi strani nei log. (cosa sono tutti quei file con Previously Detected Files: del log di prevx?)
Hai fatto una scansione con malwarebytes e/o superantispyware?
Per qualsiasi file dubbio lo puoi fare analizzare sul sito www.virustotal.com

[rednax]

i file nella sezione Previously Detected Files se bene ho capito sono quelli che prevx aveva rilevato nelle precedento scansioni. infatti il compito di combofix era proprio quello di eliminare quelle voci.
ora la scansione di prevx come malevolo mi da solo queste due voci:
(ACTIVE) c:\documents and settings\_AAA_\desktop\kaspersky2009trialreset_.exe [PX5: 51F9CD3900221CF0EECE08210FE87C00B55BB7FF] Malware Group: High Risk Cloaked Malware (che è una patch di kaspersky)
e poi
[BP] (ACTIVE) c:\windows\vfind.exe [PX5: F8B1CE87006684ABCA8901BE6505AF008413DBFC] Malware Group: High Risk Cloaked Malware
questo vfind è un malware oppure è un file di combofix?
prevx non mi aveva mai rilevato questo file prima dell'installazione di combofix.
oppure il malware cambia nome per non farsi trovare?
la scansione sul http://www.virustotal.com è andata cosi:
File prevX.log ricevuto il 2009.05.08 10:42:45 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO
Risultato: 1/40 (2.5%) che significa 2.5%?
l'unico antivirus che mi ha dato qualcosa:
McAfee-GW-Edition 6.7.6 2009.05.08 Heuristic.Exploit.CodeExec.NKJM
nel frattempo

[crazy.cat]

Ma quale file hai caricato?

File prevX.log ricevuto il 2009.05.08 10:42:45 (CET)

Io volevo il file vfind.exe

[rednax]

ops,
io ho caricato il log di prevx, tutto intero!
invece se bene ho capito devo caricare solo quel file giusto? "vfind.exe"

[crazy.cat]

si solo vfind.exe deve essere analizzato.

[rednax]

il file appena analizzato mi ha dato questo risultato:
File vFind.exe ricevuto il 2009.05.08 17:25:58 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO
Risultato: 2/38 (5.27%)

Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.101 2009.05.08 -
AhnLab-V3 5.0.0.2 2009.05.08 -
AntiVir 7.9.0.160 2009.05.08 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.07 -
Avast 4.8.1335.0 2009.05.07 -
AVG 8.5.0.327 2009.05.08 -
BitDefender 7.2 2009.05.08 -
CAT-QuickHeal 10.00 2009.05.08 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.05.08 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.08 -
eSafe 7.0.17.0 2009.05.07 Suspicious File
eTrust-Vet 31.6.6496 2009.05.08 -
F-Prot 4.4.4.56 2009.05.07 -
Fortinet 3.117.0.0 2009.05.08 -
GData 19 2009.05.08 -
Ikarus T3.1.1.49.0 2009.05.08 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.08 -
McAfee 5608 2009.05.07 -
McAfee+Artemis 5608 2009.05.07 -
McAfee-GW-Edition 6.7.6 2009.05.08 -
Microsoft 1.4602 2009.05.08 -
NOD32 4062 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.08 -
Panda 10.0.0.14 2009.05.07 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.08 -
Rising 21.28.41.00 2009.05.08 -
Sophos 4.41.0 2009.05.08 -
Sunbelt 3.2.1858.2 2009.05.08 -
Symantec 1.4.4.12 2009.05.08 -
TheHacker 6.3.4.1.321 2009.05.07 -
TrendMicro 8.950.0.1092 2009.05.08 -
ViRobot 2009.5.8.1725 2009.05.08 -
VirusBuster 4.6.5.0 2009.05.08 -
Informazioni addizionali
File size: 117248 bytes
MD5...: 93a891bfe2648cf9f9ce06dbf5b79928
SHA1..: 2ebaaa4e5ca4167d9b33fc902bffd9601078ceb3
SHA256: 6dedb5cb8ac3cd11f1822849c036743617703c8d57e0597503bdefe541bca871
SHA512: a77dad538481503cbcffaf7d3af51a77c86dfe799c56906cbc7ceb7779f401ec
5e5912f1dfe5def2082621d581daf208823b09ed71d9a06e22aac37be50d1845
ssdeep: 3072:Lzs3yw+/tzupOCQeN2rMdGz67AnxiEjz1:GONKOCQ/rMV7mXj
PEiD..: PECompact 2.xx BitSum Technologies
TrID..: File type identification
Win32 EXE PECompact compressed (v2.x) (48.9%)
Win32 EXE PECompact compressed (generic) (34.4%)
Win32 Executable Generic (7.0%)
Win32 Dynamic Link Library (generic) (6.2%)
Generic Win/DOS Executable (1.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x49fa2bbd (Thu Apr 30 22:52:45 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x52000 0x1b400 8.00 3adef3181671ff6cdcfe8a635f9b02f2
.rsrc 0x53000 0x1000 0x1000 7.57 a90d3742ab349428a0195236443f8cdb
.reloc 0x54000 0x200 0x200 0.22 2d46b9adceafdb13eabf70c53441b558

( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): PecBundle, PECompact
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact

che faccio cancello?

[crazy.cat]

che faccio cancello?

Non sembra niente di pericoloso.
Adesso il pc come va visto che combofix ha rimosso varie cose.
Quali problemi sono rimasti?

[rednax]

sembra quasi tutto risolto, nel senso che è solo un po, un po troppo, lento.
adesso come protezione ho kaspersky, cosa posso associargli come spyware in realtime e non farlo andare in contrasto?
magari qualcosa con licenza free.
visto che uso utorrent, e di sicuro l'infezione è passata di li, c'è qualcosa di specifico?
all'epoca dell'intrusione avevo solo avira, troppo poco!
meno male che ho scoperto questo forum, ormai ero prossimo alla formattazione,

p.s. per sicurezza è megli cancellare quel vfind? corro rischi?

[gioia271965]

Il kaspersky ha la protezione antispyware in realtime insieme al servizio antivirus. E ha anche il firewall attivo. Sempre che quello che hai installato sia la suite completa e non solo l'antivirus...

[rednax]

allora, io ho kaspersky antivirus2009, non so se sia o meno la suite!?
per il resto vale sempre la domanda precedente, per lentezza,il pc mi è diventato diesel!!! per vfind, e per un programma che tiene sotto controllo l'attivita dei torrent.

EDIT:
ho installato prevx su un'altro pc, ho scansionato e non mi ha dato nulla.
poi ho installato combofix, l'ho fatto andare, non ho fatto danni vero?, e poi alla fine del processo ho fatto un'altra scansione con prevx.
risultato? prevx ha trovato vfind.exe come malware.
per pignoleria ho cancellato combofix con combofix /u e poi riscansionato con prevx e questa volta il log è uscito pulitissimo.
quindi confermo, e credo che possa essere per tutti, che vfind.exe è un falso positivo.

[gioia271965]

Hai installato solo l'antivirus di Kaspersky. Anche se aggiornata al 2009 ti protegge solo dai virus e, forse, dai trojan. Il programma completo si chiama Kaspersky Internet Security 2009. Quella versione è davvero completa.

[rednax]

in effetti la mia versione è kaspersky internet security 2009.
ad esso ho associato Spyware terminator, puo essere questo che rallenta il pc? secondo voui solo kaspersky puo bastare.
ma per i torrent non esiste un qualcosa tipo peerguardian2?

[gioia271965]

Ti assicuro che la suite di Kaspersky basta e avanza. Avere due programmi che fanno lo stesso servizio in tempo reale è un inutile spreco di CPU E RAM. . Fidati.