Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Nome del virus:Worm/Esfury.A.355
Scoperto:02/11/2010
Tipo:Worm
In circolazione (ITW):Si
Numero delle infezioni segnalate:Medio-Basso
Potenziale di propagazione:Basso
Potenziale di danni:Medio-Basso
File statico:Si
Dimensione del file:57.856 Byte
Somma di controllo MD5:3f6cf53fe5016c0c22993e2591778eef
Versione VDF:7.10.06.29
Versione IVDF:7.10.13.107 - martedì 2 novembre 2010

 Generale Metodo di propagazione:
   • Nessuna propria procedura di propagazione


Alias:
   •  Symantec: W32.Rontokbro@mm
   •  Kaspersky: Trojan.Win32.VBKrypt.wms
   •  F-Secure: Trojan.Win32.VBKrypt.wms
     Microsoft: Worm:Win32/Esfury
   •  Eset: Win32/AutoRun.VB.UG
     DrWeb: Win32.HLLW.Autoruner.34728


Piattaforme / Sistemi operativi:
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Effetti secondari:
   • Blocca l'accesso a certi siti web
   • Disattiva le applicazioni di sicurezza
   • Modifica del registro

 File Si copia alle seguenti posizioni:
   • %HOME%\%numeri casuali%\winlogon.exe
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogon.exe
   • C:\winlogon.exe

 Registro Le seguenti chiavi di registro vengono aggiunte per eseguire i processi dopo il riavvio:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "13032325543555"="%HOME%\%numeri casuali%\winlogon.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "13032325543555"="%HOME%\%numeri casuali%\winlogon.exe"



Vengono aggiunte le seguenti chiavi di registro:

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\consent.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashreporter.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe]
     "Debugger"="%HOME%\%numeri casuali%\winlogon.exe"




Vengono cambiate le seguenti chiavi di registro:

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
   Valore precedente:
   • "Local Page"="%impostazioni definite dell'utente%"
   • "Default_Page_URL"="%impostazioni definite dell'utente%"
   • "Default_Search_URL"="%impostazioni definite dell'utente%"
   • "Search Page"="%impostazioni definite dell'utente%"
   • "Start Page"="%impostazioni definite dell'utente%"
   Nuovo valore:
   • "Local Page"="http://r4kz**********.com"
   • "Default_Page_URL"="http://vs703**********.com"
   • "Default_Search_URL"="http://1lak2b**********.com"
   • "Search Page"="http://i88od1**********.com"
   • "Start Page"="http://ytn282**********.com"

[HKCU\S-1-5-21-343818398-1935655697-839522115-500\Software\
   Microsoft\Internet Explorer\Main]
   Valore precedente:
   • "Default_Search_URL"="%impostazioni definite dell'utente%"
     "Default_Page_URL"="%impostazioni definite dell'utente%"
     "Start Page"="%impostazioni definite dell'utente%"
     "Search Page"="%impostazioni definite dell'utente%"
     "Local Page"="%impostazioni definite dell'utente%"
   Nuovo valore:
   • "Default_Search_URL"="http://2u673l**********.com"
     "Default_Page_URL"="http://00l7z1**********.com"
     "Start Page"="http://d1wv47**********.com"
     "Search Page"="http://or3esz**********.com"
     "Local Page"="http://yae6c**********.com"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
   Nuovo valore:
   • "AntiVirusDisableNotify"=dword:00000001
     "AntiVirusOverride"=dword:00000001
     "FirewallDisableNotify"=dword:00000001
     "FirewallOverride"=dword:00000001
     "FirstRunDisabled"=dword:00000001
     "UpdatesDisableNotify"=dword:00000001
     "UacDisableNotify"=dword:00000001

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   Nuovo valore:
   • "ConsentPromptBehaviorAdmin"=dword:00000000
     "EnableLUA"=dword:00000000
     "PromptOnSecureDesktop"=dword:00000001

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   Nuovo valore:
   • "NoFolderOptions"=dword:00000001

[HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   Nuovo valore:
   • "NoAutoRebootWithLoggedOnUsers"=dword:00000001

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   Valore precedente:
   • "EnableFirewall"="%impostazioni definite dell'utente%"
   Nuovo valore:
   • "EnableFirewall"=dword:00000000

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
   Valore precedente:
   • "EnableFirewall"="%impostazioni definite dell'utente%"
   Nuovo valore:
   • "EnableFirewall"=dword:00000000

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Nuovo valore:
   • "%HOME%\%numeri casuali%\winlogon.exe"="%HOME%\%numeri casuali%\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Nuovo valore:
   • "%HOME%\%numeri casuali%\winlogon.exe"="%HOME%\%numeri casuali%\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"

[HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Nuovo valore:
   • "%HOME%\%numeri casuali%\winlogon.exe"="%HOME%\%numeri casuali%\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   Nuovo valore:
   • "NoRun"=dword:00000001
     "NoFile"=dword:00000001
     "NoFolderOptions"=dword:00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   Nuovo valore:
   • "DisableRegistryTools"=dword:00000001
     "DisableTaskMgr"=dword:00000001

[HKCU\Software\Policies\Microsoft\Windows\System]
   Nuovo valore:
   • "DisableCMD"="1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Nuovo valore:
   • "DisableSR"=dword:00000001

[HKLM\SYSTEM\ControlSet001\Services\sr]
   Nuovo valore:
   • "Start"=dword:00000004

[HKLM\SYSTEM\ControlSet001\Services\wscsvc]
   Nuovo valore:
   • "Start"=dword:00000004

[HKLM\SYSTEM\CurrentControlSet\Services\sr]
   Nuovo valore:
   • "Start"=dword:00000004

[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   Nuovo valore:
   • "Start"=dword:00000004

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuovo valore:
   • "Hidden"=dword:00000002
     "HideFileExt"=dword:00000003
     "SuperHidden"=dword:00000001

 Host L'host del file viene modificato come spiegato:

In questo caso i dati immessi gi esistenti vengono cancellati.

L'accesso ai seguenti domini effettivamente bloccato:
   • 208.109.220.95 viabcp.com
   • 208.109.220.95 www.viabcp.com
   • 208.109.220.95 bcpzonasegura.viabcp.com
   • 173.236.69.80 www.produbanco.com
   • 173.236.69.80 produbanco.com
   • 173.236.69.80 www.bancoguayaquil.com
   • 173.236.69.80 bancoguayaquil.com
   • 173.236.69.80 www.pichincha.com
   • 173.236.69.80 pichincha.com
   • 173.236.69.80 wwwp1.pichincha.com
   • 173.236.69.80 wwwp2.pichincha.com
   • 173.236.69.80 wwwp3.pichincha.com
   • 173.236.69.80 wwwp4.pichincha.com
   • 173.236.69.80 wwww01.pichincha.com
   • 173.236.69.80 wwww02.pichincha.com
   • 173.236.69.80 wwww03.pichincha.com
   • 173.236.69.80 wwww04.pichincha.com
   • 69.162.96.137 bn.com.pe
   • 69.162.96.137 www.bn.com.pe
   • 69.162.96.137 zonasegura1.bn.com.pe
   • 69.162.96.137 www.zonasegura1.bn.com.pe
   • 173.236.69.68 www.interbank.com.pe
   • 173.236.69.68 interbank.com.pe
   • 210.224.183.50 iniciorapido.info
   • 125.88.10.177 www.iniciorapido.info
   • 188.33.174.196 buscalo.in
   • 9.60.163.229 www.buscalo.in
   • 166.99.233.87 buscafacil.com
   • 81.219.128.214 www.buscafacil.com
   • 144.165.36.166 emsisoft.com
   • 221.191.25.10 ahnlab.com
   • 123.230.95.56 antivir.es
   • 37.95.178.251 antiy.net
   • 101.40.86.203 authentium.com
   • 177.66.75.236 avast.com
   • 79.106.146.94 avg.com
   • 249.38.41.32 bitdefender.com
   • 57.171.205.240 quickheal.com
   • 134.197.194.17 clamav.net
   • 35.49.8.131 comodo.com
   • 206.169.91.2 drweb.com
   • 13.114.255.21 aladdin.com
   • 90.73.244.54 ca.com
   • 179.180.58.100 f-prot.com
   • 162.44.141.39 f-secure.com
   • 157.246.117.247 fortinet.com
   • 46.16.106.24 gdata.es
   • 136.55.108.137 ikarus.at
   • 118.176.3.76 jiangmin.com
   • 114.121.167.28 kaspersky.com
   • 2.147.156.61 mcafee.com
   • 92.187.227.175 microsoft.com
   • 74.51.54.45 eset.es
   • 70.252.30.65 norman.com
   • 147.22.19.98 nprotect.com
   • 48.62.21.144 pandasecurity.com
   • 31.182.172.83 pctools.com
   • 26.127.80.34 prevx.com
   • 103.154.69.67 rising-global.com
   • 4.5.139.181 sophos.com
   • 243.125.222.120 sunbeltsoftware.com
   • 238.71.130.72 symantec.com
   • 59.29.119.105 hacksoft.com.pe
   • 217.136.189.218 trendmicro.com
   • 199.1.84.89 anti-virus.by
   • 195.202.248.109 hauri.net
   • 15.160.237.142 virusbuster.hu
   • 173.12.52.0 www.emsisoft.com
   • 155.132.135.126 www.ahnlab.com
   • 151.77.43.78 www.antivir.es
   • 228.103.32.111 www.antiy.net
   • 129.143.102.225 www.authentium.com
   • 112.7.185.164 www.avast.com
   • 107.208.161.115 www.avg.com
   • 184.235.150.148 www.bitdefender.com
   • 85.18.152.6 www.quickheal.com
   • 68.138.47.133 www.clamav.net
   • 63.84.211.153 www.comodo.com
   • 140.110.200.185 www.drweb.com
   • 42.149.14.43 www.aladdin.com
   • 24.82.97.170 www.ca.com
   • 20.27.73.122 www.f-prot.com
   • 96.241.62.155 www.f-secure.com
   • 254.93.65.13 www.fortinet.com
   • 168.213.216.207 www.gdata.es
   • 232.158.124.159 www.ikarus.at
   • 53.116.113.192 www.jiangmin.com
   • 210.224.183.50 www.kaspersky.com
   • 125.88.10.177 www.mcafee.com
   • 188.33.174.196 www.microsoft.com
   • 9.60.163.229 www.eset.es
   • 166.99.233.87 www.norman.com
   • 81.219.128.214 www.nprotect.com
   • 144.165.36.166 www.pandasecurity.com
   • 221.191.25.10 www.pctools.com
   • 123.230.95.56 www.prevx.com
   • 37.95.178.251 www.rising-global.com
   • 101.40.86.203 www.sophos.com
   • 177.66.75.236 www.sunbeltsoftware.com
   • 79.106.146.94 www.symantec.com
   • 249.38.41.32 www.hacksoft.com.pe
   • 57.171.205.240 www.trendmicro.com
   • 134.197.194.17 www.anti-virus.by
   • 35.49.8.131 www.hauri.net
   • 206.169.91.2 www.virusbuster.hu
   • 13.114.255.21 www.emsisoft.com
   • 90.73.244.54 www.anti-trojan.net
   • 179.180.58.100 malwarescan.emsisoft.com
   • 162.44.141.39 forum.emsisoft.com
   • 157.246.117.247 www.emsisoft.net
   • 46.16.106.24 www.emsisoft.it
   • 136.55.108.137 www.emsisoft.de
   • 118.176.3.76 www.anti-trojan-software.net
   • 114.121.167.28 mamutu.com
   • 2.147.156.61 www.emsisoft.es
   • 92.187.227.175 malwarescan.emsisoft.de
   • 74.51.54.45 ww.emsisoft.com
   • 70.252.30.65 www.emsisoft.fr
   • 147.22.19.98 www.emsisoft.nl
   • 48.62.21.144 onlinecheck.emsisoft.com
   • 31.182.172.83 onlinecheck.emsisoft.de
   • 26.127.80.34 www.emsisoft.org
   • 103.154.69.67 scan.anti-trojan.net
   • 4.5.139.181 www.trojaner.info
   • 243.125.222.120 onlinecheck.emsisoft.org
   • 238.71.130.72 onlinecheck.emsisoft.net
   • 59.29.119.105 blitzblank.com
   • 217.136.189.218 www.emsisoft.at
   • 199.1.84.89 www.emsisoft.jp
   • 195.202.248.109 www.mamutu.com
   • 15.160.237.142 malwarescan.emsisoft.es
   • 173.12.52.0 www.mamutu.de
   • 155.132.135.126 download5.emsisoft.com
   • 151.77.43.78 download1.emsisoft.com
   • 228.103.32.111 download4.emsisoft.com
   • 129.143.102.225 global.ahnlab.com
   • 112.7.185.164 www.hackshields.com
   • 107.208.161.115 www.internationalservicecheck.com
   • 184.235.150.148 www.irangoals.com
   • 85.18.152.6 ixomodels.com
   • 68.138.47.133 www.indielisboa.com
   • 63.84.211.153 www.latin-mass-society.org
   • 140.110.200.185 www.arpia.be
   • 42.149.14.43 www.owen.org
   • 24.82.97.170 www.prdouglas.co.uk
   • 20.27.73.122 www.zarya.info
   • 96.241.62.155 www.willsee.com
   • 254.93.65.13 halmapr.com
   • 168.213.216.207 karuna-shechen.org
   • 232.158.124.159 www.barder.com
   • 53.116.113.192 www.antivir.es
   • 210.224.183.50 www.buraka.tv
   • 125.88.10.177 www.dr-bull.com
   • 188.33.174.196 www.manchester-offices.co.uk
   • 9.60.163.229 saverssite.com
   • 166.99.233.87 canada.karuna-shechen.org
   • 81.219.128.214 developmentdrums.org
   • 144.165.36.166 www.imddomains.co.uk
   • 221.191.25.10 cutlines.org
   • 123.230.95.56 elblogdemanu.com
   • 37.95.178.251 ruben.bzin.net
   • 101.40.86.203 welkam.co.jp
   • 177.66.75.236 www.cambridge-steiner-school.co.uk
   • 79.106.146.94 naturesimages.net
   • 249.38.41.32 www.1stavenuelimousines.co.uk
   • 57.171.205.240 www.mtr-design.com
   • 134.197.194.17 dev.depeuter.org
   • 35.49.8.131 www.emeraldclassic.co.uk
   • 206.169.91.2 www.peterhearnwaste.co.uk
   • 13.114.255.21 etrr.co.uk
   • 90.73.244.54 www.avoncourt.com
   • 179.180.58.100 sarahmcconnellphotography.net
   • 162.44.141.39 www.ixomodels.com
   • 157.246.117.247 natsko.com
   • 46.16.106.24 www.nottinghampoetryseries.com
   • 136.55.108.137 www.sheffieldmind.co.uk
   • 118.176.3.76 ixostore.ixomodels.com
   • 114.121.167.28 www.flairweddings.co.uk
   • 2.147.156.61 www.fimasys.com
   • 92.187.227.175 cohartuk.com
   • 74.51.54.45 qqjkw.net
   • 70.252.30.65 vivo-austin.com
   • 147.22.19.98 www.freeality.com
   • 48.62.21.144 bestofewan.com
   • 31.182.172.83 www.handwritingforkids.com
   • 26.127.80.34 cowsmo.com
   • 103.154.69.67 www.2xlgames.com
   • 4.5.139.181 kimzimmer.net
   • 243.125.222.120 basetendencies.com
   • 238.71.130.72 trackingtheworld.com
   • 59.29.119.105 www.reviewsofbooks.com
   • 217.136.189.218 www.collectedcurios.com
   • 199.1.84.89 www.renningers.com
   • 195.202.248.109 ccslaughterspdx.com
   • 15.160.237.142 www.briarhurst.com
   • 173.12.52.0 www.smf.org
   • 155.132.135.126 ribbonwarehouse.com
   • 151.77.43.78 www.garryowen.com
   • 228.103.32.111 45pounds.com
   • 129.143.102.225 isotopecomics.com
   • 112.7.185.164 roysephotos.com
   • 107.208.161.115 www.stadiumpage.com
   • 184.235.150.148 www.elvis-express.com
   • 85.18.152.6 www.tomorrowsedge.net
   • 68.138.47.133 www.beautybar.com
   • 63.84.211.153 pineleafboys.com
   • 140.110.200.185 www.mountainlakeslodge.com
   • 42.149.14.43 pvtc.org
   • 24.82.97.170 bhsbees.com
   • 20.27.73.122 baristamagazine.com
   • 96.241.62.155 www.gokidding.com
   • 254.93.65.13 defalcos.com
   • 168.213.216.207 www.celticmerchant.com
   • 232.158.124.159 www.hxproduction.com
   • 53.116.113.192 www.wellgousa.com
   • 210.224.183.50 blog.titanium-jewelry.com
   • 125.88.10.177 www.brightoctober.com
   • 188.33.174.196 hishomeforchildren.com
   • 9.60.163.229 www.phoenixtrikeworks.com
   • 166.99.233.87 www.professorbeyer.com
   • 81.219.128.214 www.secondchanceboxer.com
   • 144.165.36.166 www.residentphotography.com
   • 221.191.25.10 woottonfootball.com
   • 123.230.95.56 www.deborahshelton.net
   • 37.95.178.251 bobbondart.com
   • 153.92.138.255 www.authentium.com
   • 229.118.127.32 asap.authentium.com
   • 131.158.198.146 www.authentium.com.au
   • 45.90.93.84 avast.com
   • 109.223.1.36 www.avast.com
   • 186.250.246.69 files.avast.com
   • 87.101.60.183 download535.avast.com
   • 2.221.143.54 avg.com
   • 65.166.51.73 www.avg.com
   • 142.125.40.106 grisoft.com
   • 231.232.110.152 www.grisoft.com
   • 214.96.193.91 antivirus-tools.com
   • 210.42.169.43 archive.bitdefender.com
   • 98.68.158.76 avx.rob-have.net
   • 188.107.160.189 b-have.orgbitdefender-ar.com
   • 170.228.55.128 bitdefender.com
   • 166.173.219.80 bitdefender.org
   • 54.199.208.113 bitdefenderchina.com
   • 144.239.23.227 bitdefenderguatemala.com
   • 126.103.106.97 bitdefendermalaysia.com
   • 122.48.82.117 bitdefendertaiwan.com
   • 199.75.71.150 bitdefenderuruguay.com
   • 100.114.73.196 bitdefenderusa.com
   • 83.234.224.135 buy.bitdefender-es.com
   • 78.179.132.86 buy.bitdefender.com
   • 155.206.121.119 buy.bitdefender.de
   • 56.57.191.233 de.bitdefender.com
   • 39.177.18.172 fr.bitdefender.com
   • 35.123.182.124 futurenow.bitdefender.com
   • 111.81.171.157 it.bitdefender.com
   • 13.188.241.14 jobs.bitdefender.com
   • 251.53.136.141 kb.bitdefender.com
   • 247.254.44.161 kb.bitdefender.de
   • 67.212.33.194 kb.bitdefender.us
   • 225.64.104.52 latin.bitdefender.com
   • 207.184.187.178 linux.bitdefender.com
   • 203.129.95.130 malwarecity.com
   • 24.156.84.163 malwarecity.netmalwarecity.org
   • 181.195.154.21 malwarepedia.com
   • 164.59.237.216 neunet.orgnews.bitdefender.com
   • 159.4.213.167 nl.bitdefender.com
   • 236.31.202.200 renewals.bitdefender.com
   • 137.70.204.58 sales.bitdefender.com
   • 120.190.99.185 square.bitdefender.com
   • 116.136.7.205 store.bitdefender.com
   • 192.162.252.238 store.de.bitdefender.com
   • 94.201.66.95 us.bitdefender.com
   • 76.134.149.222 virusscanonline.net
   • 72.79.125.174 wedoantivirus.com
   • 148.37.114.207 www.antivirus-tools.com
   • 50.145.117.65 www.avx.ro
   • 220.9.12.3 www.bit-defender.de
   • 28.210.176.211 www.bitdefende.de
   • 105.169.165.244 www.bitdefender-es.com
   • 6.20.235.102 www.bitdefender.be
   • 177.140.62.229 www.bitdefender.cl
   • 240.85.226.248 www.bitdefender.co.uk
   • 61.112.215.25 www.bitdefender.com
   • 218.151.29.139 www.bitdefender.com.au
   • 133.15.180.10 www.bitdefender.com.sg
   • 197.217.88.218 www.bitdefender.com.tw
   • 17.243.77.63 www.bitdefender.com.vn
   • 175.26.147.108 www.bitdefender.de
   • 89.147.230.47 www.bitdefender.es
   • 153.92.138.255 www.bitdefender.fr
   • 229.118.127.32 www.bitdefender.hk
   • 131.158.198.146 www.bitdefender.us
   • 45.90.93.84 www.bitdefenderme.com
   • 109.223.1.36 www.malwarecity.com
   • 186.250.246.69 www.malwarecity.fr
   • 87.101.60.183 quickheal.com
   • 2.221.143.54 www.quickheal.com
   • 65.166.51.73 www.clamav.net
   • 142.125.40.106 cgi.clamav.net
   • 231.232.110.152 lurker.clamav.net
   • 214.96.193.91 wwws.clamav.net
   • 210.42.169.43 lists.clamav.net
   • 98.68.158.76 bugs.clamav.net
   • 188.107.160.189 system-cleaner.comodo.com
   • 170.228.55.128 backup.comodo.com
   • 166.173.219.80 www.comodoantispam.com
   • 54.199.208.113 easy-vpn.comodo.com
   • 144.239.23.227 www.trustlogo.com
   • 126.103.106.97 ztl.comodo.com
   • 122.48.82.117 www.livepcsupport.com
   • 199.75.71.150 www.whichssl.com
   • 100.114.73.196 www.trustix.com
   • 83.234.224.135 disk-encryption.comodo.com
   • 78.179.132.86 speedtest.comodo.com
   • 155.206.121.119 www.contentverification.com
   • 56.57.191.233 idauthority.com
   • 39.177.18.172 www.comodo.tv
   • 35.123.182.124 online-backup.comodo.com
   • 111.81.171.157 www.testmypcsecurity.com
   • 13.188.241.14 www.ccssforum.org
   • 251.53.136.141 i-vault.comodo.com
   • 247.254.44.161 internetsecurity.comodo.com
   • 67.212.33.194 www.comodopartners.com
   • 225.64.104.52 timestamp.comodoca.com
   • 207.184.187.178 secure-email.comodo.com
   • 203.129.95.130 timestamp.wosign.com
   • 24.156.84.163 rover800.gaima.co.uk
   • 181.195.154.21 www.nsclean.com
   • 164.59.237.216 www.contentverification.com
   • 159.4.213.167 new-estore.drweb.com
   • 236.31.202.200 support.drweb.com
   • 137.70.204.58 pda.drweb.com
   • 120.190.99.185 updates.drweb.com
   • 116.136.7.205 drweb.com
   • 192.162.252.238 vms.drweb.com
   • 94.201.66.95 solutions.drweb.com
   • 76.134.149.222 news.drweb.com
   • 72.79.125.174 my.drweb.com
   • 148.37.114.207 buy.drweb.com
   • 118.213.185.133 products.drweb.com
   • 32.77.80.71 new-support.drweb.com
   • 96.22.244.23 promotions.drweb.com
   • 173.236.233.56 network.drweb.com
   • 74.88.47.170 customers.drweb.com
   • 245.208.130.41 store.drweb.com
   • 52.153.38.60 company.drweb.com
   • 129.180.27.93 training.drweb.com
   • 30.219.97.207 license.drweb.com
   • 201.83.248.78 cureit.ru
   • 9.29.156.30 free.drweb.com
   • 85.55.145.131 info.drweb.com
   • 243.94.215.176 new-partners.drweb.com
   • 157.215.42.115 drweb.net
   • 221.160.206.67 new-company.drweb.com
   • 41.186.195.100 new-beta.drweb.com
   • 199.226.10.214 new-forum.drweb.com
   • 113.158.161.152 secure.av-desk.com
   • 177.35.69.104 www.av-desk.com
   • 254.61.58.137 new-solutions.drweb.com
   • 155.169.128.251 new-www.drweb.com
   • 70.33.211.122 www.freedrweb.ru
   • 133.234.119.141 daniloff.net
   • 210.193.108.174 drweb-inside.com
   • 43.44.178.220 drwebinside.com
   • 26.164.5.159 aladdin.com
   • 22.110.237.111 alladdin.ru
   • 166.136.226.144 chickensroamfree.com
   • 0.175.228.1 ealaddin.net
   • 238.40.123.196 ealaddin.orgeshop.aladdin.com
   • 234.241.31.148 secureme.com
   • 122.11.20.181 www.aks.com
   • 212.51.91.39 www.aladdin.com
   • 194.171.174.165 www.ealaddin.com
   • 190.116.150.185 www.ealaddin.com
   • 11.142.139.218 auwww.ealaddin.nl
   • 168.182.141.8 www.esafe.com
   • 151.46.36.203 www.hasp.se
   • 146.247.200.154 www.safenet-inc.com
   • 223.18.189.187 www3.safenet-inc.com
   • 124.125.3.45 www.ca.com
   • 107.245.86.240 cacomvip.ca.com
   • 103.191.250.192 www.netegrity.com
   • 179.149.239.225 search.ca.com
   • 81.0.53.82 cai.com
   • 63.121.204.209 www.f-prot.com
   • 59.66.112.229 frisk-software.com
   • 135.24.101.6 www.frisk.is
   • 37.132.172.120 www.frisk-software.com
   • 19.252.255.246 f-secure.com
   • 15.197.163.198 f-secure.frf-secure.hk
   • 92.223.152.231 f-secure.nlfsecure.com
   • 249.7.222.89 fsecure.nlwebyard.com
   • 232.127.49.28 www.f-secure.com
   • 227.72.25.235 www.fsecure.com
   • 48.99.14.12 www.virus.fi
   • 205.138.16.126 fortihero.com
   • 188.2.167.253 fortilog.com
   • 184.204.75.17 fortinet.co.at
   • 4.230.64.50 fortinet.com
   • 162.13.134.163 fortiprotect.com
   • 144.202.217.34 fortiwifi.com
   • 0.7.53.102 www.apsecure.com
   • 76.221.42.135 www.fortifed.com
   • 234.72.44.248 www.fortiid.com
   • 148.193.195.187 www.fortimail.com
   • 212.138.104.139 www.fortinet-apac.com
   • 32.96.93.172 www.fortinet.ch
   • 190.204.163.30 www.fortinet.co.il
   • 105.68.246.157 www.fortinet.com
   • 168.13.154.176 www.fortinet.com
   • 245.40.143.209 arwww.fortinet.cz
   • 146.79.213.67 www.fortinet.net
   • 61.199.108.194 www.fortinet.nl
   • 124.145.16.146 www.fortinet.sg
   • 201.171.5.246 www.fortinetuk.com
   • 102.210.75.36 www.secure-elements.com
   • 17.74.158.231 gdata.es
   • 81.20.66.183 www.gdata.es
   • 157.46.55.216 ikarus.at
   • 59.85.125.73 www.ikarus.at
   • 229.18.20.12 global.jiangmin.com
   • 37.151.185.220 jiangmin.com.cn
   • 113.177.174.253 jiangmin.com
   • 15.29.244.111 www.jiangmin.com.cn
   • 186.149.71.237 www.kaspersky.com
   • 249.94.235.1 forum.kaspersky.com
   • 70.53.224.34 support.kaspersky.co
   • 159.160.38.80 usa.kaspersky.com
   • 142.24.121.19 brazil.kaspersky.com
   • 137.226.97.227 latam.kaspersky.com
   • 26.252.86.3 kaspersky.com
   • 115.35.88.117 me.kaspersky.com
   • 98.155.239.56 images.kaspersky.com
   • 162.169.215.76 www.mcafee.com
   • 50.195.204.109 support.mcafee.com
   • 140.234.18.222 msr.mcafee.com
   • 122.99.101.93 home.mcafee.com
   • 118.44.77.113 networkassociates.com
   • 194.70.67.146 us.mcafee.com
   • 96.110.69.192 tr.mcafee.com
   • 79.230.220.130 au.mcafee.com
   • 74.175.128.82 mx.mcafee.com
   • 151.202.117.115 networkassociates.nai.com
   • 52.53.187.229 go.mcafee.com
   • 35.173.14.168 fr.mcafee.com
   • 30.119.178.120 uk.mcafee.com
   • 107.77.167.152 de.mcafee.com
   • 8.184.237.10 obscgi.mcafee.com
   • 247.48.132.137 nai.com
   • 243.250.40.157 www.entercept.com
   • 63.208.29.190 jp.mcafee.com
   • 221.59.99.47 mcafeeb2b.com
   • 203.180.182.174 cn.mcafee.com
   • 199.125.91.126 service.mcafee.com
   • 19.151.80.159 br.mcafee.com
   • 177.191.150.17 www.mcafee.at
   • 160.55.233.211 mcafeeretail.com
   • 155.0.209.163 it.mcafee.com
   • 232.27.198.196 tw.mcafee.com
   • 133.66.200.54 privacy.microsoft.com
   • 116.186.95.181 tempuri.org
   • 111.132.3.201 schemas.xmlsoap.org
   • 188.158.248.233 www.microsoft.com
   • 89.197.62.91 specs.xmlsoap.org
   • 72.129.145.218 www.eugrantsadvisor.ie
   • 68.75.121.222 schemas.microsoft.com
   • 196.85.162.255 encarta.msn.com
   • 98.192.164.112 www.sysinternals.com
   • 12.57.59.51 grv.microsoft.com
   • 76.2.224.3 www.xmlsoap.org
   • 152.216.213.36 www.eugrantsadvisor.se
   • 54.68.27.150 www.eugrantsadvisor.com
   • 225.188.110.21 research.microsoft.com
   • 32.133.18.40 www.engyro.com
   • 109.160.7.73 www.exchangeyourcareer.com
   • 10.199.77.187 www.eugrantsadvisor.de
   • 181.63.228.58 exchangeyourcareer.net
   • 244.9.136.10 eugrantsadvisor.de
   • 65.35.125.110 eugrantsadvisor.cz
   • 223.74.195.156 www.eset.es
   • 137.194.22.95 demos.eset.es
   • 201.140.186.47 descargas.eset.es
   • 21.166.175.80 blogs.protegerse.com
   • 179.205.245.193 eos.eset.es
   • 93.138.140.132 pedidos.protegerse.com
   • 157.15.49.84 reg-int.nod32-es.com
   • 233.41.38.117 reg.eset.es
   • 135.149.108.231 vicentevirtual.com
   • 50.13.191.102 cou85.com
   • 113.214.99.121 www.norman.com
   • 190.173.88.154 fsc.norman.com
   • 23.24.158.12 nprobeta.norman.com
   • 74.212.53.207 register.norman.com
   • 69.158.29.159 webadmin.norman.no
   • 214.184.18.191 sandbox.norman.com
   • 47.223.20.49 www.nprotect.com
   • 30.87.171.244 global.nprotect.com
   • 26.33.79.196 www.nprotect.co.kr
   • 170.59.68.229 www.npin.co.kr
   • 4.98.138.86 siren24.nprotect.com
   • 242.219.221.213 15660808.co.kr
   • 238.164.198.233 biz.nprotect.com
   • 58.190.187.10 nprotect.net
   • 216.230.189.56 www.nprotect.com.br
   • 199.94.84.251 liveprotect.net
   • 194.39.248.202 nprotect.seoul.go.kr
   • 15.66.237.235 chollian.nprotect.co.kr
   • 172.173.51.93 www.pandasecurity.com
   • 155.37.134.32 research.pandasecurity.com
   • 150.239.42.240 support.pandasecurity.com
   • 227.197.31.16 pandalabs.pandasecurity.com
   • 128.48.101.130 pandasecurity.com
   • 111.168.252.1 mop.pandasecurity.com
   • 107.114.160.21 timeforyourbusi.pandasecurity.com
   • 183.72.149.54 cybercrime.pandasecurity.com
   • 85.179.219.219 free.pandasecurity.com
   • 119.96.98.90 cloudprotection.pandasecurity.com
   • 115.41.7.42 shop.pandasecurity.com
   • 191.67.252.75 soporte.pandasecurity.com
   • 93.107.66.189 together.pctools.com
   • 76.227.149.128 www.prevx.com
   • 71.172.125.79 info.prevx.com
   • 148.199.114.112 free.prevx.com
   • 49.238.116.226 spywarefiles.prevx.com
   • 32.102.11.97 spywaredlls.prevx.com
   • 27.48.175.117 shield.prevx.com
   • 104.74.164.149 www.prevx1.com
   • 6.113.234.7 howsafeismypc.com
   • 244.46.61.134 www.retento.com
   • 240.247.37.86 www.freerav.com
   • 60.205.26.119 www.rising-global.com
   • 218.56.28.232 www.risingav.com.au
   • 132.177.179.171 support.rising-global.com
   • 196.122.88.123 superboy2010.com.au
   • 16.80.77.156 www.sophos.com
   • 174.188.147.14 feeds.sophos.com
   • 89.52.230.141 esp.sophos.com
   • 152.253.138.160 cn.sophos.com
   • 229.24.127.193 tw.sophos.com
   • 130.63.197.51 kr.sophos.com
   • 45.183.92.178 sophos.com
   • 108.129.0.130 podcasts.sophos.com
   • 185.155.245.230 www.sunbeltsoftware.com
   • 87.194.59.20 go.sunbeltsoftware.com
   • 69.127.210.27 oem.sunbeltsoftware.com
   • 133.72.118.235 antispam.sunbeltsoftware.com
   • 209.98.107.12 antispyware.sunbeltsoftware.com
   • 111.137.177.125 antivirus.sunbeltsoftware.com
   • 25.70.72.64 sunbeltsoftware.com
   • 89.203.237.16 shop.sunbeltsoftware.com
   • 165.229.226.49 live.sunbeltsoftware.com
   • 67.81.40.163 firewall.sunbeltsoftware.com
   • 238.201.123.34 www.symantec.com
   • 45.146.31.53 security.symantec.com
   • 122.105.20.86 securityrespons.symantec.com
   • 211.212.90.132 service1.symantec.com
   • 194.76.173.71 enterprisesecur.symantec.com
   • 189.22.149.23 eval.symantec.com
   • 78.48.138.55 symantec.com
   • 168.87.140.169 definitions.symantec.com
   • 150.208.35.108 investor.symantec.com
   • 146.153.199.60 et.symantec.com
   • 34.179.188.93 sfdoccentral.symantec.com
   • 124.218.2.206 servicenews.symantec.com
   • 106.83.85.77 securityrespons.symantec.com
   • 102.28.62.97 sea.symantec.com
   • 178.54.51.130 go.symantec.com
   • 80.94.53.176 dell.symantec.com
   • 63.214.204.115 sun.symantec.com
   • 58.159.112.66 marian.symantec.com
   • 135.186.101.99 tms.symantec.com
   • 36.37.171.213 securitycheck.symantec.com
   • 19.157.254.204 smallbiz.symantec.com
   • 66.155.214.156 www.symantec.com
   • 143.113.203.188 visualtracking.symantec.com
   • 45.220.17.46 search.symantec.com
   • 27.85.168.173 liveupdate.symantec.com
   • 23.30.76.193 sitedirector.symantec.com
   • 99.244.65.226 edm.symantec.com
   • 1.95.135.83 hostedmailsecur.symantec.com
   • 239.216.219.210 www4.symantec.com
   • 235.161.127.162 education.symantec.com
   • 55.187.116.195 vos.symantec.com
   • 213.227.186.53 www.hacksoft.com.pe
   • 196.91.13.248 hacksoft.pe
   • 191.36.245.199 www.hacksoft.pe
   • 12.63.234.232 housecall.trendmicro.com
   • 169.102.236.90 www.trendmicro.com
   • 152.222.131.217 housecall65.trendmicro.com
   • 147.168.39.237 us.trendmicro.com
   • 224.194.28.13 blog.trendmicro.com
   • 126.233.98.127 emea.trendmicro.com
   • 108.166.181.254 housecall60.trendmicro.com
   • 104.111.157.206 jp.trendmicro.com
   • 180.69.146.239 de.trendmicro.com
   • 82.176.148.97 it.trendmicro.com
   • 252.41.44.35 itw.trendmicro.com
   • 128.54.20.55 esupport.trendmicro.com
   • 204.12.9.88 es.trendmicro.com
   • 106.120.79.202 br.trendmicro.com
   • 21.240.162.73 tw.trendmicro.com
   • 84.185.70.92 la.trendmicro.com
   • 161.212.59.125 uk.trendmicro.com
   • 62.251.129.239 ru.trendmicro.com
   • 233.115.24.110 smbstore.trendmicro.com
   • 40.61.188.62 apac.trendmicro.com
   • 117.87.177.162 store.trendmicro.com
   • 19.126.247.208 training.trendmicro.com
   • 189.247.74.147 trial.trendmicro.com
   • 253.192.238.99 ushousecall02.trendmicro.com
   • 73.218.227.132 subwiz.trendmicro.com
   • 231.1.41.245 go.trendmicro.com
   • 145.190.193.184 feeds.trendmicro.com
   • 209.67.101.136 channelpartner.trendmicro.com
   • 29.93.90.169 wtc.trendmicro.com
   • 187.201.160.27 shop.trendmicro.com
   • 102.65.243.154 fr.trendmicro.com
   • 165.10.151.173 threatinfo.trendmicro.com
   • 242.225.140.206 newsletters.trendmicro.com
   • 75.76.210.252 www.anti-virus.by
   • 58.196.37.191 bg.virusblokada.com
   • 53.142.13.143 www.vba.com.by
   • 198.168.2.175 beta.anti-virus.by
   • 147.67.120.149 www.bg.virusblokada.com
   • 130.187.15.88 www.hauri.net
   • 126.133.179.40 www.hauri.co.kr
   • 14.159.168.73 company.hauri.net
   • 104.198.238.186 www.globalhauri.com
   • 86.63.65.57 shop.hauri.co.kr
   • 82.8.41.77 hauri.co.kr
   • 158.34.30.110 pg.hauri.net
   • 60.74.33.156 esecurity.livecall.co.kr
   • 42.194.184.94 mall.hauri.co.kr
   • 38.139.92.46 company.hauri.co.kr
   • 115.165.81.79 haurijapan.com
   • 16.17.151.193 virobot.co.kr
   • 255.137.234.132 www.virusbuster.hu
   • 250.82.142.83 virusbuster.hu
   • 71.41.131.116 scanner.novirusthanks.org
   • 228.148.201.230 scanner2.novirusthanks.or
   • 211.12.96.101 novirusthanks.org
   • 207.214.4.189 www.novirusthanks.org
   • 95.240.61.222 virustotal.com
   • 253.91.131.79 www.virustotal.com
   • 235.212.214.206 virscan.org
   • 231.157.122.158 www.virscan.org
   • 51.183.111.191 virusscan.jotti.org
   • 209.223.182.49 jotti.org
   • 191.87.9.243 www.jotti.org
   • 187.32.241.195 viruschief.com
   • 8.58.230.228 www.viruschief.com
   • 165.98.232.86 scanner.virus.org
   • 148.218.127.213 virus.org
   • 143.163.35.232 www.virus.org
   • 220.190.24.9 scan4you.net
   • 121.229.94.123 www.scan4you.net
   • 104.161.177.250 avhide.com
   • 99.107.153.202 www.avhide.com
   • 176.65.142.235 anubis.iseclab.org
   • 130.224.196.144 iseclab.org
   • 44.89.91.83 www.iseclab.org
   • 108.34.255.35 threatexpert.com
   • 184.248.245.68 www.threatexpert.com
   • 86.100.59.182 forospyware.com
   • 0.220.142.52 www.forospyware.com
   • 64.165.50.72 in.answers.yahoo.com
   • 141.192.39.105 es.answers.yahoo.com
   • 42.231.109.219 kioskea.net
   • 213.95.4.90 www.kioskea.net
   • 20.40.168.41 es.kioskea.net
   • 97.67.157.142 mygeekside.com
   • 254.106.227.188 www.mygeekside.com
   • 169.226.54.127 www.tecniservicioslys.com
   • 233.172.218.79 tecniservicioslys.com
   • 53.198.207.112 virusfreezone.info
   • 23.49.89.37 www.virusfreezone.info
   • 193.238.240.232 intranet.cidiroax.ipn.mx
   • 1.115.148.184 spycheck.es
   • 77.141.137.217 www.spycheck.es
   • 235.249.208.75 antivirus.hispavista.com
   • 149.113.35.201 computing.net
   • 213.58.199.221 www.computing.net
   • 34.17.188.254 spycheck.co.uk
   • 123.124.2.44 www.spycheck.co.uk
   • 106.244.85.239 midescargas.com
   • 101.189.61.190 www.midescargas.com
   • 246.216.50.223 static.yoreparo.com
   • 79.255.52.81 softfaq.com
   • 62.119.203.20 www.softfaq.com
   • 58.65.111.228 configurarequipos.com
   • 202.91.100.5 www.configurarequipos.com
   • 36.130.222.170 seasonsecurity.com
   • 70.47.49.41 www.seasonsecurity.com
   • 66.248.25.61 removetrojanvirus.org
   • 142.18.15.94 www.removetrojanvirus.org


 Varie  Verifica la presenza di una connessione ad internet contattando i seguenti siti web:
   • www.ip-adress.com
   • www.cheaps1.info
   • %stringa di caratteri casuale%.ipcheker.com
   • %stringa di caratteri casuale%.ipgreat.com

 Dettagli del file Linguaggio di programmazione:
Il malware stato scritto in Visual Basic.


Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con il seguente software di compressione:
   • UPX

Descrizione inserita da Ana Maria Niculescu su venerdì 4 marzo 2011
Descrizione aggiornata da Ana Maria Niculescu su venerdì 4 marzo 2011

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.