• No results found

[color=#e56717]========== Processes (SafeList) ==========[/color]

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "[color=#e56717]========== Processes (SafeList) ==========[/color]"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

OTL

OTL logfile created on: 09/04/2014 11.11.05 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Utente\Documenti\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 511,30 Mb Total Physical Memory | 59,34 Mb Available Physical Memory | 11,61% Memory free

1,97 Gb Paging File | 1,55 Gb Available in Paging File | 78,57% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 232,88 Gb Total Space | 216,90 Gb Free Space | 93,14% Space Free | Partition Type: NTFS

Drive Z: | 465,66 Gb Total Space | 419,39 Gb Free Space | 90,06% Space Free | Partition Type: NTFS

Computer Name: DAVIDE | User Name: Utente | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Utente\Documenti\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programmi\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Programmi\PDF Architect\HelperService.exe (pdfforge GmbH) PRC - C:\Programmi\PDF Architect\ConversionService.exe (pdfforge GmbH)

PRC - C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

[color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer. dll () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dl l () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\pdf.dll () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll () MOD - C:\WINDOWS\system32\sso2ml3.dll () MOD - C:\WINDOWS\system32\msdmo.dll ()

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - (AGCoreService) -- C:\Programmi\AGI\core\4.2.0.10753\AGCoreService.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) --

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (PDF Architect Helper Service) -- C:\Programmi\PDF Architect\HelperService.exe (pdfforge GmbH)

SRV - (PDF Architect Service) -- C:\Programmi\PDF Architect\ConversionService.exe (pdfforge GmbH)

SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia)

(2)

OTL

C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe (Samsung Electronics Co., Ltd.)

SRV - (MDM) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

[color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (WDICA) -- File not found

DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found DRV - (Scutum50) -- System32\Drivers\Scutum50.sys File not found

DRV - (RTL8192cu) -- system32\DRIVERS\RTL8192cu.sys File not found DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found

DRV - (lbvorxtfpxqmqipm) -- C:\WINDOWS\system32\drivers\lbvorxtfpxqmqipm.sys File not found

DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found

DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (Changer) -- File not found

DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (androidusb) -- C:\WINDOWS\system32\drivers\wsadb.sys (Google Inc) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)

DRV - (THRC) -- C:\WINDOWS\system32\drivers\THRC.sys (THRC ENTERPRISE Corp.) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek

Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

(3)

OTL IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it

IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\..\SearchScopes\{0633EE93-D776-4 72f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\Software\Microsoft\Windows\Curre ntVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons:

%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Programmi\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@ecocerved.it/edw,version=2.0.0.1: C:\Programmi\Ecocerved\Mozilla\2.0.0.1\npews.dll (Ecocerved scarl) FF -

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@ pdfarchitect.com: C:\Programmi\PDF Architect\FFPDFArchitectExt [2013/04/18 09.54.12 | 000,000,000 | ---D | M]

(4)

OTL

[2013/10/08 10.05.49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Extensions

[2014/04/07 18.39.31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Utente\Dati

applicazioni\Mozilla\Firefox\Profiles\rw40e3j2.default\extensions

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UTENTE\DATI

APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\RW40E3J2.DEFAULT\EXTENSIONS\A9719E64-232B-4695-AE9C-A89CD7F2AA84@CA1279DF-BC0D-44A8-97EF-19301C922B68.COM

[color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSugge stion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookm arkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnable dParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:s uggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPos ition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAP IKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: Skype Click to Call = C:\Documents and

Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15705.1852_0\ CHR - Extension: Google Wallet = C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_2\ O1 HOSTS File: ([2012/03/14 17.20.54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programmi\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)

O2 - BHO: (Guida per l'accesso a Windows Live) -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-796845957-682003330-725345543-1003\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.

O4 - HKLM..\Run: [IDProtect Monitor] C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

(5)

OTL

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 -

HKU\S-1-5-21-796845957-682003330-725345543-1003\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel present

O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}

http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 -

HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB9173C7-6DFE-4CD4-A439-13 3454F46CEA}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data

{91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/22 06.41.00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 60 Days

==========[/color]

[2014/04/09 10.48.54 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/04/09 09.26.18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Utente\Desktop\HijackThis.exe

[2014/04/09 09.16.15 | 000,000,000 | ---D | C] -- C:\Programmi\VS Revo Group [2014/04/09 09.15.46 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Utente\Desktop\revosetup.exe

(6)

OTL

[2014/04/08 17.50.22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Utente\Recent

[2014/04/08 17.50.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica

[2014/04/08 17.50.17 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard [2014/04/08 12.57.51 | 000,000,000 | ---D | C] -- C:\Programmi\Enigma Software Group [2014/04/08 09.22.51 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/04/08 09.22.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware

[2014/04/08 09.22.14 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/04/08 09.22.14 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/04/08 09.22.14 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes Anti-Malware [2014/04/07 18.27.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Genesis

[2014/03/24 13.37.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Desktop\ISPEZIONI CAMPO

[2014/03/13 11.43.58 | 005,777,288 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[2014/03/12 10.32.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Documenti\alfonso fiumarella

[2014/03/07 13.09.19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Utente\Desktop\PINK FLOYD COLLECTION

[2014/02/17 20.16.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Desktop\voltura romeo

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2014/04/09 11.01.09 | 000,001,126 | ---- | M] () --

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/04/09 10.59.29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/04/09 10.43.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/04/09 10.27.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/04/09 09.38.48 | 000,016,825 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\hijackthis file log.pdf

[2014/04/09 09.26.21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Utente\Desktop\HijackThis.exe

[2014/04/09 09.16.03 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Utente\Desktop\revosetup.exe

[2014/04/08 18.40.35 | 000,552,564 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat [2014/04/08 18.40.35 | 000,502,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/04/08 18.40.35 | 000,103,764 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat [2014/04/08 18.40.35 | 000,087,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/04/08 18.30.09 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D957C710-899D-4371-9AE8-C12D28D8245C }.job [2014/04/08 18.00.21 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\Google Chrome.lnk [2014/04/08 17.07.11 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2014/04/08 16.18.45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/04/08 15.59.35 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/04/08 09.22.17 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

(7)

OTL Settings\Utente\Desktop\Immag0509.jpg [2014/04/07 11.35.44 | 000,217,813 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\nota_920_all_B1_5feb_14.pdf [2014/04/06 11.38.41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/04/03 09.51.06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/04/03 09.50.56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/03/27 12.17.36 | 000,045,087 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 05 2014.pdf [2014/03/27 12.17.36 | 000,045,087 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 04 14.pdf [2014/03/27 10.40.23 | 000,005,510 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\DOC_804214079 (1).pdf [2014/03/24 19.46.57 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\DOC_803481352.pdf [2014/03/24 12.35.04 | 000,292,335 | ---- | M] () -- C:\Documents and Settings\Utente\Desktop\Mod+18+T.pdf

[2014/03/13 11.44.03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2014/03/13 11.44.03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2014/03/13 11.43.59 | 005,777,288 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[2014/03/12 19.07.14 | 000,037,588 | ---- | M] () -- C:\Documents and Settings\Utente\Documenti\curriculum vitae mauceri franco1.pdf

[2014/03/06 17.07.26 | 000,000,131 | -H-- | M] () -- C:\Documents and Settings\Utente\Desktop\.~lock.Nuovo documento password.rtf#

[2014/02/10 11.27.11 | 000,011,155 | ---- | M] () -- C:\Documents and Settings\Utente\Dati applicazioni\SmarThruOptions.xml

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/04/09 09.38.47 | 000,016,825 | ---- | C] () -- C:\Documents and

Settings\Utente\Desktop\hijackthis file log.pdf

[2014/04/08 17.06.59 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2014/04/08 15.59.35 | 000,302,032 | ---- | C] () --

C:\WINDOWS\System32\FNTCACHE.DAT

[2014/04/08 09.22.17 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/04/07 12.07.35 | 000,042,497 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\Immag0509.jpg

[2014/04/07 11.35.40 | 000,217,813 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\nota_920_all_B1_5feb_14.pdf

[2014/04/07 11.12.56 | 000,919,313 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\c.i c.f. nino campo.pdf

[2014/03/27 12.17.36 | 000,045,087 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 05 2014.pdf [2014/03/27 12.17.36 | 000,045,087 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 04 14.pdf [2014/03/27 10.40.23 | 000,005,510 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\DOC_804214079 (1).pdf [2014/03/24 19.46.56 | 000,005,511 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\DOC_803481352.pdf [2014/03/24 12.35.02 | 000,292,335 | ---- | C] () -- C:\Documents and Settings\Utente\Desktop\Mod+18+T.pdf [2014/03/12 19.07.13 | 000,037,588 | ---- | C] () -- C:\Documents and Settings\Utente\Documenti\curriculum vitae mauceri franco1.pdf

[2014/03/06 17.07.26 | 000,000,131 | -H-- | C] () -- C:\Documents and Settings\Utente\Desktop\.~lock.Nuovo documento password.rtf#

[2013/08/27 09.03.12 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2013/04/20 12.10.19 | 000,308,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat [2013/02/05 17.52.50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

(8)

OTL [2013/02/05 17.52.50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013/02/05 17.52.50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013/02/05 17.52.50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012/03/15 20.27.44 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\WebpageIcons.db [2012/02/21 18.38.54 | 000,011,155 | ---- | C] () -- C:\Documents and Settings\Utente\Dati applicazioni\SmarThruOptions.xml [2011/10/14 16.25.11 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Utente\dikeutil.ini [2011/10/14 16.24.12 | 000,000,382 | ---- | C] () -- C:\Documents and Settings\Utente\dike.ini [2011/10/14 16.24.11 | 000,213,010 | ---- | C] () -- C:\Documents and Settings\Utente\caCertsList [2011/09/17 10.12.50 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Utente\UnifiedToolbarCleanup.bat [2007/02/15 21.24.13 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Utente\default.pls [2006/12/22 18.01.28 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/12/22 10.13.02 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\fusioncache.dat [2006/12/22 01.28.34 | 000,409,168 | ---- | C] () -- C:\Documents and

Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat [color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/12/22 00.51.26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1} \InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} \InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1 }\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19.13.52 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F }\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/13 19.13.40 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1 }\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/04/09 12.12.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Athena

[2012/05/10 09.34.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Nitro PDF

[2013/01/04 19.41.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Nokia

[2011/10/13 17.51.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NokiaInstallerCache

(9)

OTL Users\Dati applicazioni\PC Suite

[2013/08/27 09.03.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ralink Driver

[2013/04/20 10.23.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Samsung

[2013/07/27 09.27.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TP-LINK

[2011/03/14 22.04.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\Babylon(2)

[2012/05/10 09.31.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Downloaded Installations

[2012/04/03 18.17.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\flightgear.org [2012/04/03 18.13.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\fltk.org [2011/09/27 18.58.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\MicroFatture3 [2012/05/10 09.36.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Nitro PDF [2013/01/04 19.40.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Nokia [2011/10/13 19.41.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Nokia Ovi Suite

[2013/01/04 19.40.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Nokia Suite

[2011/09/17 18.33.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\OpenOffice.org

[2011/10/14 09.40.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\PC Suite

[2013/04/18 10.12.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\PDF Architect

[2013/10/07 17.51.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\PhotoScape [2013/04/20 10.24.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Samsung [2012/04/03 18.17.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Subversion [2011/08/13 15.06.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Unity [2013/11/28 13.29.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\uTorrent [2013/10/07 16.03.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\Wondershare [2011/09/27 17.55.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utente\Dati applicazioni\ZipGenius

[color=#E56717]========== Purity Check ==========[/color]

References

Download now ( PDF - 9 Page - 29.45 KB )

Related documents