www.MegaLab.it

[adara]

Ciao a tutti,
mi sono appena iscritta, per favore ho bisogno del vostro aiuto
ieri ho avuto l'ispirazione di fare una scansione del computer con Avira internet security 2012 (era da un po' che non la facevo, ma l'antivirus è sempre aggiornato) ed ha trovato questi virus:
EXP/CVE-2011-3544.j
TR/CRYPT.ZPACK.Gen
li ho messi in quarantena, ho aggiornato il sistema (cosa che non facevo da un po'), rifatto una scansione con Avira che di nuovo ha rilevato
TR/CRYPT.ZPACK.Gen
Ho scaricato e fatto girare COMBOFIX, quale parte del log devo postare?
...ho letto che questi virus "rubano" le password e sono preoccupata perché proprio in questi giorni mi sono connessa al sito della banca e a quello dell'inps...
Aspetto vostre indicazioni, grazie in anticipo

[crazy.cat]

Ho scaricato e fatto girare COMBOFIX, quale parte del log devo postare?

Tutto quanto il log ci serve.

In quali file sono stati trovati i virus?

[adara]

il log è questo:

ComboFix 12-01-21.02 - utente 22/01/2012 8.43.07.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.502.280 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{FD78CD0B-E886-40EC-A5F1-2A6584120E78}\PostBuild.exe
c:\windows\system32\abefeeecea1_r.dll
c:\windows\system32\bedbfaffbf_s.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-22 al 2012-01-22 )))))))))))))))))))))))))))))))))))
.
.
2012-01-21 23:13 . 2012-01-21 23:13 -------- d-----w- c:\windows\LastGood
2012-01-21 22:17 . 2012-01-21 22:17 -------- d-----w- c:\programmi\File comuni\Java
2012-01-06 20:49 . 2012-01-06 20:49 548864 ----a-w- c:\programmi\Mozilla Firefox\msvcp80.dll
2012-01-06 20:49 . 2012-01-06 20:49 479232 ----a-w- c:\programmi\Mozilla Firefox\msvcm80.dll
2012-01-06 20:49 . 2012-01-06 20:49 43992 ----a-w- c:\programmi\Mozilla Firefox\mozutils.dll
2012-01-06 20:49 . 2012-01-06 20:49 626688 ----a-w- c:\programmi\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-24 17:30 . 2011-08-17 08:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 16:47 . 2011-12-15 22:36 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-01 16:47 . 2011-12-15 22:36 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-01 16:47 . 2011-12-15 22:36 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-01 16:47 . 2011-12-15 22:36 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-12-01 16:47 . 2011-12-15 22:36 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-11-25 21:57 . 2004-08-19 19:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-19 19:00 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-19 19:00 60928 ------w- c:\windows\system32\packager.exe
2011-11-10 04:54 . 2010-04-17 18:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2010-03-31 20:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:13 . 2004-08-19 19:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-19 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-19 19:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-08-19 19:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-19 19:00 386560 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-19 19:00 1297408 ------w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-19 19:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-19 19:00 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-19 19:00 2196480 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-19 19:00 2073088 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-01 19:40 . 2009-08-01 19:40 7077976 ----a-w- c:\programmi\PBSSSetup V1.0.0.12.exe
2006-04-12 13:13 . 2008-05-07 19:40 1232896 ----a-w- c:\programmi\Goya.exe
2006-04-04 10:52 . 2008-05-07 19:40 141858 ----a-w- c:\programmi\addoninstall.exe
2006-03-22 15:23 . 2008-05-07 19:40 176128 ----a-w- c:\programmi\unwise.exe
2006-02-27 09:43 . 2008-05-07 19:40 24576 ----a-w- c:\programmi\Validation.exe
2006-01-26 14:33 . 2008-05-07 19:40 684032 ----a-w- c:\programmi\MagixOFA.dll
2005-12-13 17:18 . 2008-05-07 19:40 442368 ----a-w- c:\programmi\MFL.dll
2005-11-10 07:59 . 2008-05-07 19:40 137728 ----a-w- c:\programmi\IJL10.DLL
2005-08-22 16:26 . 2008-05-07 19:40 176128 ----a-w- c:\programmi\instslct.exe
2005-08-15 16:31 . 2008-05-07 19:40 237568 ----a-w- c:\programmi\MxAutoUpdate.dll
2005-05-20 13:10 . 2008-05-07 19:40 192512 ----a-w- c:\programmi\reinstall3rdParty.exe
2005-03-09 15:17 . 2008-05-07 19:40 34304 ----a-w- c:\programmi\CDBurnProfiler.exe
2004-10-18 16:15 . 2008-05-07 19:40 212992 ----a-w- c:\programmi\eModeUpgradeDlg.dll
2004-04-15 14:48 . 2008-05-07 19:40 32768 ----a-w- c:\programmi\MagixUpdater.exe
2003-02-12 10:20 . 2008-05-07 19:40 28672 ----a-w- c:\programmi\explore.exe
1999-12-10 12:00 . 2008-05-07 19:40 431376 ----a-w- c:\programmi\riched20.dll
1997-12-22 00:30 . 2008-05-07 19:40 94208 ----a-w- c:\programmi\UNZDLL.DLL
2012-01-06 20:49 . 2011-10-03 19:22 121816 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 212992]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-10-26 2889728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"LaunchAp"="c:\programmi\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\programmi\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\programmi\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\programmi\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programmi\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\programmi\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 385024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^PandaUSBVaccine.lnk]
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 02:57 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\programmi\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:14 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 16:42 933888 ------w- c:\programmi\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-11 00:28 40960 ----a-w- c:\programmi\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite]
2008-08-28 13:14 1934144 ----a-w- c:\programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-11 00:01 57393 ----a-w- c:\programmi\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 14:21 1500160 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 17:02 49152 ------w- c:\programmi\Brother\Brmfl05a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 05:15 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TOSHIBA Bluetooth Service"=2 (0x2)
"STI Simulator"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Service1"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1ca12e885c37f98"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [15/12/2011 23.36.23 111160]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15/12/2011 23.36.25 36000]
R2 AntiVirFirewallService;Avira FireWall;c:\programmi\Avira\AntiVir Desktop\avfwsvc.exe [15/12/2011 23.36.23 616400]
R2 AntiVirMailService;Avira Mail Protection;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [15/12/2011 23.36.25 342480]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [15/12/2011 23.36.41 86224]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [15/12/2011 23.36.27 463824]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [15/12/2011 23.36.23 91096]
R3 POWERKEY;POWERKEY;c:\programmi\Launch Manager\POWERKEY.SYS [17/03/2006 0.41.02 2343]
S1 mailKmd;mailKmd; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate1ca12e885c37f98;Servizio di Google Update (gupdate1ca12e885c37f98);c:\programmi\Google\Update\GoogleUpdate.exe [01/08/2009 22.41.58 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/04/2008 21.53.42 8192]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [20/11/2010 18.23.47 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [20/11/2010 18.23.47 8456]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [01/08/2009 22.41.58 133104]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [07/06/2007 7.48.34 34152]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [08/11/2006 10.00.06 154752]
S3 Tosrfpcc;Bluetooth PC Card Controller from Toshiba;c:\windows\system32\drivers\TosRFPCC.sys [01/08/2002 21.53.22 160672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/01/2010 11.51.54 691696]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - INT15.SYS
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-07-02 c:\windows\Tasks\Auto Backup for utente.job
- c:\programmi\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 15:14]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-01 21:41]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-01 21:41]
.
2012-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.pandasoftware.com/redirector ... r&lang=ita
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java
DPF: {E460C525-1FB6-40C8-A309-669BF787DDB3} - hxxp://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ejlbqdcl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=gr ... =302398&p=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 08:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'lsass.exe'(576)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2012-01-22 09:00:01
ComboFix-quarantined-files.txt 2012-01-22 07:59
ComboFix2.txt 2011-08-17 13:34
.
Pre-Run: 31.307.694.080 byte disponibili
Post-Run: 31.587.467.264 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 906AE3B6556842BD1467FDAA44B409D5

i virus sono stati trovati in questi files (copio i report di Avira):

1^ scansione:

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\' <ACER>
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[0] Tipo di archivio: ZIP
Applet.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.E
b.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[0] Tipo di archivio: ZIP
Applet.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.E
b.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
C:\Documents and Settings\utente\Dati applicazioni\Noinywo\imgoko.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
C:\Documents and Settings\utente\Dati applicazioni\Vuh\ekmoqu.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[0] Tipo di archivio: ZIP
Applet.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.E
b.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[0] Tipo di archivio: ZIP
Applet.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.E
b.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[0] Tipo di archivio: ZIP
Applet.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.E
b.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[0] Tipo di archivio: ZIP
Applet.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.E
b.class
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
Inizia con la scansione di 'D:\' <ACERDATA>

Avvio della disinfezione:
C:\Documents and Settings\utente\Dati applicazioni\Vuh\ekmoqu.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
[NOTA] Il file è stato spostato in quarantena con il nome '4d40965b.qua'!
C:\Documents and Settings\utente\Dati applicazioni\Noinywo\imgoko.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
[NOTA] Il file è stato spostato in quarantena con il nome '55ddb9fe.qua'!
C:\Documents and Settings\utente\Impostazioni locali\temp\jar_cache4473448939141429443.tmp
[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2011-3544.J
[NOTA] Il file è stato spostato in quarantena con il nome '078de0e2.qua'!

2^ scansione:

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\' <ACER>
C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP258\A0057521.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP258\A0057522.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
Inizia con la scansione di 'D:\' <ACERDATA>

Avvio della disinfezione:
C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP258\A0057522.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
[NOTA] Il file è stato spostato in quarantena con il nome '4d831e4c.qua'!
C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP258\A0057521.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Crypt.ZPACK.Gen
[NOTA] Il file è stato spostato in quarantena con il nome '551431eb.qua'!

[crazy.cat]

...ho letto che questi virus "rubano" le password e sono preoccupata perché proprio in questi giorni mi sono connessa al sito della banca e a quello dell'inps...

Non credo siano quelli del tuo genere i ladri di password. In ogni caso cambia le password per non correre nessun altro rischio.
Il primo log di avira li ha rimossi, quelli del secondo erano nel ripristino della configurazione e quindi non era già più attivi.
Più strane erano le dll che ha rimosso combofix.

Come ultimo controllo potresti usare un live cd http://www.MegaLab.it/7558/g-data-il-li ... ncorporato e vedere se trova ed elimina qualcosa lui.

[adara]

grazie per la tua disponibilità e gentilezza nel rispondermi proverò con il live cd appena arrivo a casa.
ho scordato di dire che ho usato combofix senza entrare come amministratore, è lo stesso?

[hashcat]

Prima di tutto ti do il mio benvenuto su


Le minacce identificate da Avira come CVE-2011-3544 sono degli exploit per JRE e JDK che colpiscono le versioni del software precedenti alla 6 (aggiornamento 28).

Questa vulnerabilità è sfruttata dall'exploit Java Rhino che permette di fare pressoché qualsiasi cosa sul computer bersaglio.

Maggiori Informazioni sulla vulnerabilità


Per chiudere questa vulnerabilità devi aggiornare Java all'ultima versione disponibile (6 Update 30).


Per fare un po' di pulizia e rimuovere gli applet java infetti dalla cache utilizza OTL:

1. Scarica OTL da qui
2. Disattiva o termina tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
3. Avvia OTL mediante doppio click
4. Inserisci questo script nella casella Custom Scans/Fixes di OTL e clicca Run Fix
   
   

   Codice: Seleziona tutto

   :Files
ipconfig /flushdns /c

:commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]



   
   
5. Il computer verrà riavviato.

Per ultimare la pulizia passiamo a The Avenger 2:

1. Scarica The Avenger 2 da qui
2. Eseguilo
3. Deseleziona l'opzione Scan for rootkits
4. Inserisci il seguente script nella casella di testo
   
   

   Codice: Seleziona tutto

   Folders to delete:
C:\Documents and Settings\utente\Dati applicazioni\Noinywo
C:\Documents and Settings\utente\Dati applicazioni\Vuh
C:\Qoobox

   
   
5. Premi Execute
6. Autorizza The Avenger 2 a riavviare il computer
7. Inserisci nel prossimo messaggio il log generato da The Avenger 2 (C:\Avenger.txt)

Fai una Scansione Completa con HitmanPro, attiva la licenza di prova e rimuovi tutte le minacce. Al termine della scansione salva il log ed inseriscilo nel tuo prossimo messaggio:


Dopo aver seguito questi passaggi posta un log di HijackThis.

Vorrei inoltre poter consultare un log di DDS:

1. Scarica DDS da qui
2. Disabilita temporaneamente tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare DDS
3. Rinomina DDS con un nome fantasioso
4. Avvialo facendo doppio click
5. Aspetta fino al completamento della scansione
6. Al termine della scansione verranno generati due log e appariranno due finestre del Blocco Note
7. Salva il log DDS come DDS.txt sul Desktop ed includilo nel tuo prossimo messaggio
8. Salva il log Attach come Attach.txt sul Desktop ed includilo nel tuo prossimo messaggio
9. Se i log dovessero eccedere il numero massimo di caratteri consentiti per messaggio caricali su paste2.org

Ed un log di OTL:

1. Disattiva o termina tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
2. Avvia OTL mediante doppio click
3. Quando apparirà la schermata di OTL regolare le impostazioni come segue:
   
4. Cliccare su Run Scan per avviare la scansione
5. Non utilizzare il computer durante l'esecuzione di OTL
6. Al termine della scansione verranno generati due log e appariranno due finestre del Blocco Note
7. Salva il log OTL come OTL.txt sul Desktop ed includilo nel tuo prossimo messaggio
8. Salva il log Extra come Extra.txt sul Desktop ed includilo nel tuo prossimo messaggio
9. Se i log dovessero eccedere il numero massimo di caratteri consentiti per messaggio caricali su paste2.org

Buon lavoro

[hashcat]

...ho letto che questi virus "rubano" le password e sono preoccupata perché proprio in questi giorni mi sono connessa al sito della banca e a quello dell'inps...
Aspetto vostre indicazioni, grazie in anticipo

Come già suggerito da crazy.cat cambia le password dei servizi utilizzati.

L'unica soluzione che mi viene in mente per proteggerti (in futuro) da questi inconvenienti (furto di password) è Trusteer Rapport, un prodotto gratuito (spesso raccomandato dalle banche) che protegge automaticamente (non è richiesto l'intervento dell'utente) da attacchi quali il furto di credenziali sensibili ed altri.

[adara]

grazie haschcat, ho fatto tutto quello che mi hai indicato, ma forse con qualche pasticcetto...
1) ho aggiornato Java
2) ho fatto girare OTL
3) ho fatto girare avenger, qui c'è il log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder "C:\Documents and Settings\utente\Dati applicazioni\Noinywo" deleted successfully.
Folder "C:\Documents and Settings\utente\Dati applicazioni\Vuh" deleted successfully.
Folder "C:\Qoobox" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dopo che il PC si è riavviato ed è apparsa la finestra del log, mi è anche apparsa una finestra di errore che indicava "disco mancante", purtroppo non ho pensato di trascrivere tutto il codice di errore e l'ho chiusa, comunque per ora sembra funzionare tutto

4) ho fatto girare HitmanPro, qui c'è il log:

<Log computer="ACER-2D60536D59" scan="Normal" version="3.5.9.131" date="2012-01-22T22:59:00" timeSpentInSecs="363" filesProcessed="8391" />

5) qui c'è il log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.07.40, on 22/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSDCtrl.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector ... r&lang=ita
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmi\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmi\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmi\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmi\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7407617921
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://phobos.apple.com/detection/ITDetector.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E460C525-1FB6-40C8-A309-669BF787DDB3} (McciMTEvent Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE4655F-1538-443E-8334-F01F5295027C}: NameServer = 85.37.17.8 85.38.28.73
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Servizio di Google Update (gupdate1ca12e885c37f98) (gupdate1ca12e885c37f98) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/utente/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9922 bytes

continuo in un post successivo perché non ho capito come funzione paste2.org...

[adara]

...continua dal precedente post

6) DDS - e qui c'è il mio primo pasticcetto: l'ho fatto girare senza rinominarlo, dopo l'ho rinominato e fatto girare di nuovo, questi sono i log del secondo giro:

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by utente at 23:13:53 on 2012-01-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.502.101 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: FireWall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSDCtrl.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.pandasoftware.com/redirector ... r&lang=ita
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmi\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPLpr] c:\programmi\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LaunchAp] "c:\programmi\launch manager\LaunchAp.exe"
mRun: [PowerKey] "c:\programmi\launch manager\PowerKey.exe"
mRun: [LManager] "c:\programmi\launch manager\HotkeyApp.exe"
mRun: [CtrlVol] "c:\programmi\launch manager\CtrlVol.exe"
mRun: [LMgrOSD] "c:\programmi\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\programmi\launch manager\Wbutton.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: MaxRecentDocs = 15 (0xf)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\programmi\avira\antivir desktop\avsda.dll
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by109fd.bay109.hotmail.msn.com/r ... nPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 7407617921
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxp://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://phobos.apple.com/detection/ITDetector.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E460C525-1FB6-40C8-A309-669BF787DDB3} - hxxp://aiuto.alice.it/ata/static/instal ... _4-1-5.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programmi\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\utente\dati applicazioni\mozilla\firefox\profiles\ejlbqdcl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=gr ... =302398&p=
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npqtplugin9.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-12-15 111160]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-15 36000]
R2 AntiVirFirewallService;Avira FireWall;c:\programmi\avira\antivir desktop\avfwsvc.exe [2011-12-15 616400]
R2 AntiVirMailService;Avira Mail Protection;c:\programmi\avira\antivir desktop\avmailc.exe [2011-12-15 342480]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\avira\antivir desktop\sched.exe [2011-12-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2011-12-15 110032]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\avira\antivir desktop\avwebgrd.exe [2011-12-15 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-15 74640]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\telecom italia\wanminiport1st\srvany.exe [2008-4-16 8192]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-12-15 91096]
R3 POWERKEY;POWERKEY;c:\programmi\launch manager\POWERKEY.SYS [2006-3-17 2343]
S1 mailKmd;mailKmd; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca12e885c37f98;Servizio di Google Update (gupdate1ca12e885c37f98);c:\programmi\google\update\GoogleUpdate.exe [2009-8-1 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-20 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-20 8456]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2009-8-1 133104]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [2007-6-7 34152]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2006-11-8 154752]
S3 Tosrfpcc;Bluetooth PC Card Controller from Toshiba;c:\windows\system32\drivers\TosRFPCC.sys [2002-8-1 160672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 StarWindServiceAE;StarWind AE Service;c:\programmi\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
.
=============== Created Last 30 ================
.
2012-01-22 22:06:33 388096 ----a-r- c:\documents and settings\utente\dati applicazioni\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-22 21:59:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-22 21:57:07 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Hitman Pro
2012-01-22 21:35:22 -------- d-sh--w- C:\Recycled
2012-01-22 21:32:25 -------- d-----w- C:\_OTL
2012-01-22 07:40:30 -------- d-sha-r- C:\cmdcons
2012-01-22 07:36:11 -------- d-----w- C:\ComboFix
2012-01-06 20:49:51 548864 ----a-w- c:\programmi\mozilla firefox\msvcp80.dll
2012-01-06 20:49:51 479232 ----a-w- c:\programmi\mozilla firefox\msvcm80.dll
2012-01-06 20:49:51 43992 ----a-w- c:\programmi\mozilla firefox\mozutils.dll
2012-01-06 20:49:50 626688 ----a-w- c:\programmi\mozilla firefox\msvcr80.dll
.
==================== Find3M ====================
.
2011-12-24 17:30:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 16:47:48 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-12-01 16:47:48 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-01 16:47:48 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-01 16:47:48 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-11-25 21:57:08 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40:20 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-20 06:12:28 60928 ------w- c:\windows\system32\packager.exe
2011-11-10 04:54:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:13:34 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:28 386560 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:28 1297408 ------w- c:\windows\system32\quartz.dll
2011-11-01 16:07:12 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:46 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50:02 2196480 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50:02 2073088 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-01 19:40:32 7077976 ----a-w- c:\programmi\PBSSSetup V1.0.0.12.exe
2006-04-12 13:13:10 1232896 ----a-w- c:\programmi\Goya.exe
2006-04-04 10:52:42 141858 ----a-w- c:\programmi\addoninstall.exe
2006-03-22 15:23:20 176128 ----a-w- c:\programmi\unwise.exe
2006-02-27 09:43:58 24576 ----a-w- c:\programmi\Validation.exe
2006-01-26 14:33:40 684032 ----a-w- c:\programmi\MagixOFA.dll
2005-12-13 17:18:30 442368 ----a-w- c:\programmi\MFL.dll
2005-11-10 07:59:08 137728 ----a-w- c:\programmi\IJL10.DLL
2005-08-22 16:26:28 176128 ----a-w- c:\programmi\instslct.exe
2005-08-15 16:31:10 237568 ----a-w- c:\programmi\MxAutoUpdate.dll
2005-05-20 13:10:38 192512 ----a-w- c:\programmi\reinstall3rdParty.exe
2005-03-09 15:17:50 34304 ----a-w- c:\programmi\CDBurnProfiler.exe
2004-10-18 16:15:38 212992 ----a-w- c:\programmi\eModeUpgradeDlg.dll
2004-04-15 14:48:38 32768 ----a-w- c:\programmi\MagixUpdater.exe
2003-02-12 10:20:10 28672 ----a-w- c:\programmi\explore.exe
1999-12-10 12:00:00 431376 ----a-w- c:\programmi\riched20.dll
1997-12-22 00:30:00 94208 ----a-w- c:\programmi\UNZDLL.DLL
.
============= FINISH: 23.14.33,87 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 17/03/2006 0.37.37
System Uptime: 22/01/2012 22.53.19 (1 hours ago)
.
Motherboard: Acer | | Morar
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 52 GiB total, 34,769 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 17,279 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Description: Bluetooth PC Card Controller from Toshiba
Device ID: ROOT\BLUETOOTH\0001
Manufacturer: Toshiba
Name: Bluetooth PC Card Controller from Toshiba
PNP Device ID: ROOT\BLUETOOTH\0001
Service: tosrfpcc
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 7510 Supernova
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 7510 Supernova
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
7-Zip 4.65
Acer eManager for Notebook
Acer ePowerManagement
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1 - Italiano
Aggiornamento della protezione per Windows Internet Explorer 7 (KB928090)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB929969)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB933566)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB937143)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB939653)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2183461)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2360131)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB969897)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB972260)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB976325)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB978207)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player 9 (KB911565)
Aggiornamento della protezione per Windows Media Player 9 (KB917734)
Aggiornamento della protezione per Windows Media Player 9 (KB936782)
Aggiornamento della protezione per Windows XP (KB2507938)
Aggiornamento della protezione per Windows XP (KB2536276-v2)
Aggiornamento della protezione per Windows XP (KB2544893-v2)
Aggiornamento della protezione per Windows XP (KB2555917)
Aggiornamento della protezione per Windows XP (KB2562937)
Aggiornamento della protezione per Windows XP (KB2566454)
Aggiornamento della protezione per Windows XP (KB2567053)
Aggiornamento della protezione per Windows XP (KB2567680)
Aggiornamento della protezione per Windows XP (KB2570222)
Aggiornamento della protezione per Windows XP (KB2570947)
Aggiornamento della protezione per Windows XP (KB2584146)
Aggiornamento della protezione per Windows XP (KB2592799)
Aggiornamento della protezione per Windows XP (KB2598479)
Aggiornamento della protezione per Windows XP (KB2603381)
Aggiornamento della protezione per Windows XP (KB2618451)
Aggiornamento della protezione per Windows XP (KB2619339)
Aggiornamento della protezione per Windows XP (KB2620712)
Aggiornamento della protezione per Windows XP (KB2624667)
Aggiornamento della protezione per Windows XP (KB2631813)
Aggiornamento della protezione per Windows XP (KB2633171)
Aggiornamento della protezione per Windows XP (KB2639417)
Aggiornamento della protezione per Windows XP (KB2646524)
Aggiornamento della sicurezza per Microsoft Windows (KB2564958)
Aggiornamento per Windows Internet Explorer 8 (KB968220)
Aggiornamento per Windows Internet Explorer 8 (KB976662)
Aggiornamento per Windows Internet Explorer 8 (KB976749)
Aggiornamento per Windows Internet Explorer 8 (KB980182)
Aggiornamento per Windows XP (KB2641690)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)
Aggiornamento rapido per Windows XP (KB2570791)
Aggiornamento rapido per Windows XP (KB2633952)
Apple Software Update
Avira Internet Security 2012
Bluetooth Stack for Windows by Toshiba
Brother MFL-Pro Suite
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
EASEUS Partition Master 6.5.2 Home Edition
Firefox Windows Media Player XPI
Fritz8
getPlus(R)
getPlus(R)_ocx
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
ImgBurn
Installazione Guidata Alice
Intel(R) Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Launch Manager V1.0.8.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended - Language Pack (ITA)
Microsoft .NET Framework 4 Extended ITA Language Pack
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (Italian)
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 9.0.1 (x86 it)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
OGA Notifier 1.7.0105.35.0
Pacchetto di compatibilità per Office System 2007
Pacchetto driver Windows - Nokia Modem (02/25/2011 4.7)
Pacchetto driver Windows - Nokia Modem (02/25/2011 7.01.0.9)
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Packard Bell Software Suite
PaperPort
PC Connectivity Solution
pdfforge Toolbar v4.3
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
SoftV90 Data Fax Modem with SmartCP
Strumento di caricamento di Windows Live
Synaptics Pointing Device Driver
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VLC media player 1.1.11
Voxware Audio decoder 1.6
WanMiniport1st
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
.
==== End Of File ===========================

...continuo in un altro post...

[adara]

...continua dal precedente...

7) OTL - ecco il secondo pasticcio che ho fatto: l'ho fatto girare una prima volta senza selezionare la voce "scan all users", quindi l'ho selezionata e l'ho fatto girare di nuovo, questi sono i log del secondo giro (li devo spezzare pechè non ci stanno):

prima parte del log: OTL.txt

OTL logfile created on: 22/01/2012 23.23.40 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\utente\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,42 Mb Total Physical Memory | 227,84 Mb Available Physical Memory | 45,35% Memory free
1,19 Gb Paging File | 0,81 Gb Available in Paging File | 67,47% Paging File free
Paging file location(s): D:\pagefile.sys 753 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 51,86 Gb Total Space | 34,77 Gb Free Space | 67,05% Space Free | Partition Type: FAT32
Drive D: | 19,56 Gb Total Space | 17,28 Gb Free Space | 88,36% Space Free | Partition Type: FAT32

Computer Name: ACER-2D60536D59 | User Name: utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 22.31.00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\utente\Desktop\OTL.exe
PRC - [2011/12/01 17.47.48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/12/01 17.47.34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 17.47.24 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/12/01 17.47.22 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/12/01 17.47.20 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/12/01 17.47.20 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 17.47.20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/09 13.06.06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2008/04/14 04.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 11.30.44 | 000,061,440 | ---- | M] () -- C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
PRC - [2006/10/31 22.40.16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2005/10/31 19.05.56 | 000,385,024 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/10/26 16.18.52 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/07/25 13.36.40 | 000,032,768 | ---- | M] () -- C:\Programmi\Launch Manager\LaunchAp.exe
PRC - [2005/07/25 13.34.28 | 000,081,920 | ---- | M] () -- C:\Programmi\Launch Manager\WButton.exe
PRC - [2005/07/25 10.45.00 | 000,241,664 | ---- | M] () -- C:\Programmi\Launch Manager\OSDCtrl.exe
PRC - [2005/06/06 19.08.58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/06/06 11.52.10 | 000,069,632 | ---- | M] (Wistron) -- C:\Programmi\Launch Manager\HotkeyApp.exe
PRC - [2005/04/15 11.01.46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/02/04 11.12.58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/06/19 23.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/04/18 18.06.26 | 000,008,192 | ---- | M] () -- C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
PRC - [2002/08/30 15.02.48 | 000,094,208 | ---- | M] () -- C:\Programmi\Launch Manager\Powerkey.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/01 17.47.36 | 000,398,288 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/12/01 17.47.30 | 000,447,848 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\libxml2.dll
MOD - [2011/12/01 17.47.24 | 000,060,264 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\cares.dll
MOD - [2008/05/02 06.15.38 | 000,010,240 | ---- | M] () -- C:\Programmi\Unlocker\UnlockerCOM.dll
MOD - [2008/02/21 11.30.44 | 000,061,440 | ---- | M] () -- C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
MOD - [2006/12/11 22.12.04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2005/07/25 13.36.40 | 000,032,768 | ---- | M] () -- C:\Programmi\Launch Manager\LaunchAp.exe
MOD - [2005/07/25 13.34.28 | 000,081,920 | ---- | M] () -- C:\Programmi\Launch Manager\WButton.exe
MOD - [2005/07/25 10.45.00 | 000,241,664 | ---- | M] () -- C:\Programmi\Launch Manager\OSDCtrl.exe
MOD - [2003/04/18 18.06.26 | 000,008,192 | ---- | M] () -- C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
MOD - [2002/08/30 15.02.48 | 000,094,208 | ---- | M] () -- C:\Programmi\Launch Manager\Powerkey.exe
MOD - [2001/10/29 01.42.30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/01 17.47.34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 17.47.24 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/12/01 17.47.22 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/01 17.47.20 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/12/01 17.47.20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/08 13.02.00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/18 10.23.12 | 000,987,456 | ---- | M] (Packard Bell Services) [Disabled | Stopped] -- C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe -- (Service1)
SRV - [2007/05/28 17.57.54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/31 22.40.16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2005/06/06 19.08.58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2005/01/14 09.32.38 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/04/18 18.06.26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe -- (Network WanMiniport First Position)


========== Driver Services (SafeList) ==========

DRV - [2011/12/01 17.47.48 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/01 17.47.48 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/12/01 17.47.48 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/12/01 17.47.48 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/01 17.47.48 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/07/15 08.44.20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08.44.20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/17 14.14.28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/27 11.51.56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 10.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/07 07.48.34 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OxUSBTIMOUT.sys -- (OxUSBTIMOUT)
DRV - [2006/11/30 19.55.00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/11/22 16.09.22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/20 17.55.16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/10/28 00.29.10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/10/10 19.33.00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/05 16.07.46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005/10/18 11.48.38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2005/08/01 16.45.00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/04/19 10.40.52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/07 18.08.46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/04 16.37.26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/02/23 14.58.56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/14 15.57.16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14.46.16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 15.47.14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/01/06 13.42.00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/15 15.18.34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 15.18.28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15.18.26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 16.36.08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/22 17.36.40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 12.23.00 | 000,084,480 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdm.sys -- (U81xmdm)
DRV - [2004/11/22 12.23.00 | 000,077,472 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmgmt.sys -- (U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM)
DRV - [2004/11/22 12.23.00 | 000,075,456 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xobex.sys -- (U81xobex)
DRV - [2004/11/22 12.23.00 | 000,052,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xbus.sys -- (U81xbus) LGE U8XXX driver (WDM)
DRV - [2004/11/22 12.23.00 | 000,006,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdfl.sys -- (U81xmdfl)
DRV - [2004/07/19 13.10.00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003/12/05 18.46.36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/28 11.27.06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2002/10/16 13.55.48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2002/08/01 21.53.22 | 000,160,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRFPCC.sys -- (Tosrfpcc)
DRV - [2000/12/19 18.29.52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programmi\Launch Manager\POWERKEY.SYS -- (POWERKEY)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/15 21.50.42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programmi\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/09/17 22.44.12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2010/03/31 21.00.00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/01/03 13.56.42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/01/03 13.56.42 | 000,000,000 | ---D | M]

[2009/01/03 13.57.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Extensions
[2009/08/29 23.43.40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Extensions\{98e95f99-2130-4870-b82a-79d274042e75}
[2009/01/03 13.57.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/09/13 21.15.46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ejlbqdcl.default\extensions
[2010/04/27 17.23.22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ejlbqdcl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/10 20.20.58 | 000,000,000 | ---D | M] (myBabylon EnglishBB Community Toolbar) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ejlbqdcl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011/12/24 15.09.54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ejlbqdcl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/04 21.00.14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\ejlbqdcl.default\extensions\engine@conduit.com
[2011/03/11 20.07.16 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/05/31 20.55.16 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/21 23.16.52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/06 21.49.50 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin7.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin8.dll
[2009/10/03 13.21.14 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin9.dll
[2009/02/06 12.44.28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/03/22 19.23.30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\NPOFFICE.DLL
[2011/08/30 22.33.42 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\mozilla firefox\plugins\nppdf32.dll
[2011/11/10 05.54.14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/11 18.33.26 | 000,001,534 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\creativecommons.xml
[2011/03/11 20.07.16 | 000,000,849 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo.xml
[2011/10/03 20.22.18 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml
[2011/10/03 20.22.18 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/03 20.22.18 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/03 20.22.18 | 000,002,364 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\google.xml
[2011/10/03 20.22.18 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/03 20.22.18 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2012/01/06 21.49.52 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml

========== Chrome ==========


O1 HOSTS File: ([2012/01/22 08.55.58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..\Toolbar\ShellBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..\Toolbar\ShellBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Programmi\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programmi\Launch Manager\Wbutton.exe ()
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 15
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programmi\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-3342136722-1140837787-3155666322-1005\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by109fd.bay109.hotmail.msn.com/r ... nPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7407617921 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab (SecurityManager Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://phobos.apple.com/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E460C525-1FB6-40C8-A309-669BF787DDB3} http://aiuto.alice.it/ata/static/instal ... _4-1-5.cab (McciMTEvent Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/utente/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmi\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2012/01/22 23.10.44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\utente\Desktop\ciao.scr
[2012/01/22 23.06.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utente\Menu Avvio\Programmi\HiJackThis
[2012/01/22 22.57.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Hitman Pro
[2012/01/22 22.53.21 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/01/22 22.51.15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\utente\Recent
[2012/01/22 22.46.06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\utente\Desktop\HitmanPro35.exe
[2012/01/22 22.35.22 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/01/22 22.32.25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/22 22.31.11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\utente\Desktop\OTL.exe
[2012/01/22 08.40.30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/22 08.36.11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/21 23.17.27 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2012/01/21 23.16.47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/21 23.16.47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/21 23.16.47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/21 22.40.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Macromedia
[2012/01/21 22.36.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Adobe
[2011/12/18 15.22.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\VideoLAN
[2011/12/15 23.52.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utente\Dati applicazioni\Avira
[2011/12/15 23.42.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dati applicazioni\Avira
[2011/12/15 23.42.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira
[2011/12/15 23.36.42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/15 23.36.25 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/15 23.36.24 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/15 23.36.24 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/15 23.36.23 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2011/12/15 23.36.23 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys
[2011/11/25 21.42.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utente\Dati applicazioni\Wug
[2011/11/25 21.42.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\utente\Dati applicazioni\Irotzu
[2009/08/01 20.40.09 | 007,077,976 | ---- | C] (Packard Bell Services) -- C:\Programmi\PBSSSetup V1.0.0.12.exe
[2008/05/07 20.40.38 | 000,192,512 | ---- | C] (MAGIX AG) -- C:\Programmi\reinstall3rdParty.exe
[2008/05/07 20.40.37 | 000,431,376 | ---- | C] (Microsoft Corporation) -- C:\Programmi\riched20.dll
[2008/05/07 20.40.37 | 000,141,858 | ---- | C] (MAGIX AG) -- C:\Programmi\addoninstall.exe
[2008/05/07 20.40.36 | 000,212,992 | ---- | C] (MAGIX AG) -- C:\Programmi\eModeUpgradeDlg.dll
[2008/05/07 20.40.11 | 000,034,304 | ---- | C] (MAGIX) -- C:\Programmi\CDBurnProfiler.exe
[2008/05/07 20.40.09 | 000,176,128 | ---- | C] (MAGIX AG) -- C:\Programmi\unwise.exe
[2008/05/07 20.40.08 | 000,176,128 | ---- | C] (MAGIX AG) -- C:\Programmi\instslct.exe
[2008/05/07 20.40.05 | 000,237,568 | ---- | C] (MAGIX Development) -- C:\Programmi\MxAutoUpdate.dll
[2008/05/07 20.40.04 | 001,232,896 | ---- | C] (MAGIX AG) -- C:\Programmi\Goya.exe
[2008/05/07 20.40.03 | 000,094,208 | ---- | C] ( ) -- C:\Programmi\UNZDLL.DLL
[2008/05/07 20.40.02 | 000,684,032 | ---- | C] (MAGIX AG) -- C:\Programmi\MagixOFA.dll
[2008/05/07 20.40.02 | 000,137,728 | ---- | C] (Intel Corporation) -- C:\Programmi\IJL10.DLL

========== Files - Modified Within 60 Days ==========

[2012/01/22 23.10.42 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\utente\Desktop\ciao.scr
[2012/01/22 23.07.00 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\HiJackThis.lnk
[2012/01/22 23.05.34 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\Hitman log.xml
[2012/01/22 22.59.02 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/22 22.56.50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/22 22.56.20 | 000,000,508 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/01/22 22.54.42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012/01/22 22.54.30 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 22.53.36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/22 22.53.30 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 22.51.58 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/01/22 22.46.50 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\HiJackThis.msi
[2012/01/22 22.46.40 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/22 22.46.22 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\utente\Desktop\HitmanPro35.exe
[2012/01/22 22.45.08 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\avenger.zip
[2012/01/22 22.31.00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\utente\Desktop\OTL.exe
[2012/01/22 08.40.36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/22 08.34.56 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\utente\Desktop\ComboFix.exe
[2012/01/22 00.32.18 | 000,584,450 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/01/22 00.32.18 | 000,510,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/22 00.32.18 | 000,115,310 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/01/22 00.32.18 | 000,090,366 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/22 00.03.38 | 000,435,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/21 23.59.32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/21 22.23.58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/14 14.23.52 | 000,374,000 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\poetica.jpg
[2012/01/03 11.51.48 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\Visualizzatore PowerPoint 2007.lnk
[2012/01/03 11.51.00 | 001,154,401 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\auguri-anno-nuovo.ppsm
[2012/01/03 11.51.00 | 000,702,502 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\buon-anno-2012.ppsm
[2012/01/03 08.54.54 | 007,230,997 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\My_Cats_Hanging_Out_with_the_Eagles_-_YouTube.flv
[2011/12/24 20.31.40 | 000,217,799 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\la mente può cambiare.pdf
[2011/12/24 18.49.38 | 006,987,049 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\Om_Ma_Ni_Pe_Me_Hum_HH_17th_Gyalwang_Karmapa.flv
[2011/12/24 18.30.56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/18 16.01.12 | 000,227,920 | ---- | M] () -- C:\Documents and Settings\utente\Desktop\(A tale of two sisters OST) - Do Ri Kil Soo Up Neun Guh Reum.pdf
[2011/12/01 17.47.48 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/01 17.47.48 | 000,111,160 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2011/12/01 17.47.48 | 000,091,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys
[2011/12/01 17.47.48 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/01 17.47.48 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/25 22.57.08 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2011/11/25 22.57.08 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll

========== Files Created - No Company Name ==========

[adara]

seconda parte di OTL.txt:

[2012/01/22 23.06.32 | 000,002,427 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\HiJackThis.lnk
[2012/01/22 23.05.32 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\Hitman log.xml
[2012/01/22 22.59.01 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/22 22.46.54 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\HiJackThis.msi
[2012/01/22 22.45.35 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\avenger.zip
[2012/01/22 08.40.34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/22 08.40.32 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012/01/14 14.22.24 | 000,374,000 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\poetica.jpg
[2012/01/03 11.51.28 | 000,702,502 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\buon-anno-2012.ppsm
[2012/01/03 11.51.22 | 001,154,401 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\auguri-anno-nuovo.ppsm
[2012/01/03 08.54.00 | 007,230,997 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\My_Cats_Hanging_Out_with_the_Eagles_-_YouTube.flv
[2011/12/24 20.31.39 | 000,217,799 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\la mente può cambiare.pdf
[2011/12/24 18.47.29 | 006,987,049 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\Om_Ma_Ni_Pe_Me_Hum_HH_17th_Gyalwang_Karmapa.flv
[2011/12/18 16.01.10 | 000,227,920 | ---- | C] () -- C:\Documents and Settings\utente\Desktop\(A tale of two sisters OST) - Do Ri Kil Soo Up Neun Guh Reum.pdf
[2011/08/17 14.12.42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/17 14.12.42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/17 14.12.42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/17 14.12.42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/17 14.12.42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/20 18.23.48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/11/20 18.23.47 | 002,217,088 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/11/20 18.23.47 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/11/20 18.23.47 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/11/20 18.23.47 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/18 20.13.41 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2010/03/22 23.05.57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/27 12.16.10 | 000,000,145 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2009/12/09 23.40.07 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\utente\Dati applicazioni\streamrai.ini
[2009/01/03 15.23.43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/03 12.30.05 | 000,006,710 | ---- | C] () -- C:\Documents and Settings\utente\Dati applicazioni\PrimoPDFSet.xml
[2009/01/02 20.53.03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/01/02 19.29.13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/31 17.04.42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17.04.42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/12/15 23.40.35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/12/08 11.09.19 | 000,000,055 | ---- | C] () -- C:\Programmi\Installation.ini
[2008/11/25 21.15.13 | 000,000,383 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2008/10/11 21.11.36 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/02 21.29.48 | 000,000,068 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2008/05/26 22.22.48 | 000,016,708 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22.22.46 | 000,021,662 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22.22.44 | 000,016,338 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21.59.42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21.59.40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 22.54.46 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/05/16 22.54.44 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/05/16 22.54.44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/05/16 22.54.43 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/05/16 22.54.43 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/05/16 22.54.43 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/05/07 21.03.12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\homeDVD-FoViEasy.INI
[2008/05/07 21.01.19 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2008/05/07 20.52.32 | 000,001,987 | ---- | C] () -- C:\Programmi\Goya.ini
[2008/05/07 20.46.34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/05/07 20.40.38 | 000,000,879 | ---- | C] () -- C:\Programmi\reinstall3rdParty.ini
[2008/05/07 20.40.37 | 000,032,768 | ---- | C] () -- C:\Programmi\MagixUpdater.exe
[2008/05/07 20.40.37 | 000,024,576 | ---- | C] () -- C:\Programmi\Validation.exe
[2008/05/07 20.40.37 | 000,000,144 | ---- | C] () -- C:\Programmi\Validation.ini
[2008/05/07 20.40.09 | 000,000,686 | ---- | C] () -- C:\Programmi\unwise.ini
[2008/05/07 20.40.04 | 000,028,672 | ---- | C] () -- C:\Programmi\explore.exe
[2008/05/07 20.40.04 | 000,001,673 | ---- | C] () -- C:\Programmi\Install.cfg
[2008/05/07 20.40.03 | 000,442,368 | ---- | C] () -- C:\Programmi\MFL.dll
[2008/05/07 20.38.48 | 000,003,187 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/05/07 00.37.09 | 000,004,872 | ---- | C] () -- C:\WINDOWS\Ufxmaint31.exe
[2008/04/28 18.13.33 | 000,000,302 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/11 12.13.16 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/03/10 14.41.22 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.DAT
[2008/01/13 23.17.51 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\kodakpcd.ini
[2008/01/13 21.15.00 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\utente\Dati applicazioni\AVIEncoder.wff
[2008/01/11 23.44.17 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/12/30 23.17.12 | 000,000,456 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/12/30 23.17.12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/12/30 23.17.12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/12/30 23.14.29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/12/30 23.12.25 | 000,027,104 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/12/30 19.34.24 | 000,000,784 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/12/30 19.34.24 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/12/30 19.34.24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2007/11/05 22.03.50 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/06/07 07.48.34 | 000,034,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\OxUSBTIMOUT.sys
[2007/04/03 21.54.00 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\pdfdoc2.dll
[2007/04/03 21.48.21 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2006/12/23 14.11.48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2006/12/05 13.05.06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/12/02 23.06.38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/22 21.34.20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/10/27 13.52.34 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2006/06/14 19.44.23 | 000,015,713 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/17 19.49.44 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/17 02.57.39 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/17 00.42.32 | 000,000,508 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/03/17 00.41.02 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005/07/22 21.30.20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/08 14.03.02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/30 17.38.28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/30 17.36.46 | 000,435,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/30 17.30.24 | 000,584,450 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2005/06/30 17.30.24 | 000,510,092 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/30 17.30.24 | 000,115,310 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2005/06/30 17.30.24 | 000,090,366 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/30 17.23.14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/06/30 17.22.24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/06/30 17.22.24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/06/30 17.22.24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/06/30 17.22.24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/06/15 16.25.54 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/06/02 11.27.08 | 000,000,215 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/01/21 11.48.06 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004/10/27 15.47.00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/09/14 12.00.22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/14 11.58.22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/07 14.23.16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/08/19 20.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 20.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2004/08/19 20.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 20.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 20.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 20.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2004/08/19 20.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 20.00.00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 20.00.00 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 20.00.00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/19 20.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 13.04.36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003/11/24 15.55.48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 15.55.32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2003/07/21 16.52.40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/01 11.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/12 22.41.26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 22.41.26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/04 10.16.34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 16.12.30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23.46.38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16.33.56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22.04.36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2007/09/20 20.33.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NtiDvdCopy
[2007/12/14 19.17.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\YAHOO
[2007/12/30 23.11.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
[2008/01/11 23.35.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
[2008/01/12 13.06.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ConeXware
[2008/02/21 19.27.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\sentinel
[2008/05/07 20.49.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
[2009/11/02 23.04.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache
[2009/11/02 23.20.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2009/11/07 17.56.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
[2010/01/06 22.12.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2010/03/31 21.18.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2010/11/17 22.56.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Panda Security
[2012/01/22 22.57.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Hitman Pro
[2006/04/22 23.35.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\LG Electronics
[2008/01/11 23.33.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\NCH Swift Sound
[2008/02/15 23.10.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\ScanSoft
[2008/03/13 20.03.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\OfficeUpdate12
[2008/05/10 14.43.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\CoSoSys
[2008/05/16 22.21.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Any Video Converter
[2008/11/05 23.20.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Windows Desktop Search
[2008/11/22 20.33.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Skinux
[2008/12/08 10.56.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Windows Search
[2008/12/08 11.23.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\ImgBurn
[2009/08/29 23.43.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Linterweb
[2009/10/03 13.06.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\MAGIX
[2009/11/02 23.20.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\PC Suite
[2009/11/02 23.20.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Nokia
[2009/11/07 17.56.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Nokia Ovi Suite
[2010/01/04 16.37.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Uniblue
[2010/01/27 12.05.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\ChessBase
[2010/03/22 23.18.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\TOSHIBA
[2010/04/14 20.44.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\GetRightToGo
[2010/04/30 22.14.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\pdfforge
[2011/03/11 20.07.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Search Settings
[2011/11/25 21.42.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Irotzu
[2011/11/25 21.42.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\utente\Dati applicazioni\Wug
[2010/06/16 21.07.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Windows Search
[2011/07/02 20.01.00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Auto Backup for utente.job

========== Purity Check ==========



< End of report >

[adara]

e qui c'è Extras.txt

OTL Extras logfile created on: 22/01/2012 23.23.40 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\utente\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,42 Mb Total Physical Memory | 227,84 Mb Available Physical Memory | 45,35% Memory free
1,19 Gb Paging File | 0,81 Gb Available in Paging File | 67,47% Paging File free
Paging file location(s): D:\pagefile.sys 753 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 51,86 Gb Total Space | 34,77 Gb Free Space | 67,05% Space Free | Partition Type: FAT32
Drive D: | 19,56 Gb Total Space | 17,28 Gb Free Space | 88,36% Space Free | Partition Type: FAT32

Computer Name: ACER-2D60536D59 | User Name: utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\MSN Messenger\msncall.exe" = C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\MSN Messenger\livecall.exe" = C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}" = Fritz8
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{221B9E1F-8120-492F-9894-292C4C4D171F}" = Installazione Guidata Alice
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 30
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4344E211-F621-3870-9A08-2F56C71BA0A7}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE2BE5E-930A-481C-817E-C373E8910C8A}" = Windows Live Messenger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78EA81C3-5E56-4F9F-96C7-696226794E2D}" = Windows Live Mail
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D65D46-3708-4F5B-9117-0199C7098D11}" = WanMiniport1st
"{AC76BA86-7AD7-1040-7B44-A83000000003}" = Adobe Reader 8.3.1 - Italiano
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BCCB055C-7F64-4B13-90F5-078DE693EE00}" = OGA Notifier 1.7.0105.35.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.8
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{E171E280-0BAE-4460-9F47-CA96D17828B6}" = Windows Live Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pacchetto driver Windows - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pacchetto driver Windows - Nokia Modem (02/25/2011 4.7)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI
"getPlus(R)_ocx" = getPlus(R)_ocx
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)
"Mozilla Firefox 9.0.1 (x86 it)" = Mozilla Firefox 9.0.1 (x86 it)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Packard Bell Software Suite" = Packard Bell Software Suite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.1.11
"voxware_is1" = Voxware Audio decoder 1.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3342136722-1140837787-3155666322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/01/2012 20.45.51 | Computer Name = ACER-2D60536D59 | Source = VSS | ID = 4001
Description = Errore del Servizio copia replicata del volume: impossibile trovare
le aree diff per la creazione delle copie replicate. Aggiungere al sistema almeno
un'unità NTFS con sufficiente spazio libero. Lo spazio libero necessario è almeno
100 MB per ogni volume del quale eseguire un backup o una copia replicata.

Error - 21/01/2012 20.47.59 | Computer Name = ACER-2D60536D59 | Source = VSS | ID = 4001
Description = Errore del Servizio copia replicata del volume: impossibile trovare
le aree diff per la creazione delle copie replicate. Aggiungere al sistema almeno
un'unità NTFS con sufficiente spazio libero. Lo spazio libero necessario è almeno
100 MB per ogni volume del quale eseguire un backup o una copia replicata.

Error - 21/01/2012 20.48.04 | Computer Name = ACER-2D60536D59 | Source = VSS | ID = 4001
Description = Errore del Servizio copia replicata del volume: impossibile trovare
le aree diff per la creazione delle copie replicate. Aggiungere al sistema almeno
un'unità NTFS con sufficiente spazio libero. Lo spazio libero necessario è almeno
100 MB per ogni volume del quale eseguire un backup o una copia replicata.

Error - 21/01/2012 20.50.05 | Computer Name = ACER-2D60536D59 | Source = VSS | ID = 4001
Description = Errore del Servizio copia replicata del volume: impossibile trovare
le aree diff per la creazione delle copie replicate. Aggiungere al sistema almeno
un'unità NTFS con sufficiente spazio libero. Lo spazio libero necessario è almeno
100 MB per ogni volume del quale eseguire un backup o una copia replicata.

Error - 21/01/2012 20.50.09 | Computer Name = ACER-2D60536D59 | Source = VSS | ID = 4001
Description = Errore del Servizio copia replicata del volume: impossibile trovare
le aree diff per la creazione delle copie replicate. Aggiungere al sistema almeno
un'unità NTFS con sufficiente spazio libero. Lo spazio libero necessario è almeno
100 MB per ogni volume del quale eseguire un backup o una copia replicata.

Error - 22/01/2012 17.06.40 | Computer Name = ACER-2D60536D59 | Source = PerfNet | ID = 2002
Description = Impossibile aprire il servizio Redirector. I dati sulle prestazioni
del servizio Redirector non saranno restituiti. Il codice di errore restituito si
trova nella DWORD 0 dei dati.

Error - 22/01/2012 17.38.18 | Computer Name = ACER-2D60536D59 | Source = PerfNet | ID = 2002
Description = Impossibile aprire il servizio Redirector. I dati sulle prestazioni
del servizio Redirector non saranno restituiti. Il codice di errore restituito si
trova nella DWORD 0 dei dati.

Error - 22/01/2012 17.54.01 | Computer Name = ACER-2D60536D59 | Source = PerfNet | ID = 2002
Description = Impossibile aprire il servizio Redirector. I dati sulle prestazioni
del servizio Redirector non saranno restituiti. Il codice di errore restituito si
trova nella DWORD 0 dei dati.

Error - 22/01/2012 17.59.02 | Computer Name = ACER-2D60536D59 | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 22/01/2012 17.59.02 | Computer Name = ACER-2D60536D59 | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

[ System Events ]
Error - 22/01/2012 17.32.35 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Notebook Manager Service. Questo
evento si è già verificato 1 volta(e).

Error - 22/01/2012 17.32.35 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Java Quick Starter. Questo evento
si è già verificato 1 volta(e).

Error - 22/01/2012 17.32.35 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Machine Debug Manager. Questo
evento si è già verificato 1 volta(e).

Error - 22/01/2012 17.32.35 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Network WanMiniport First Position.
Questo evento si è già verificato 1 volta(e).

Error - 22/01/2012 17.32.35 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio TOSHIBA Bluetooth Service. Questo
evento si è già verificato 1 volta(e).

Error - 22/01/2012 17.37.37 | Computer Name = ACER-2D60536D59 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.170 dell'indirizzo IP della scheda di rete con
indirizzo 000AE4EFF059 è stato negato dal server DHCP 192.168.1.1. Il server DHCP
ha inviato un messaggio DHCPNACK.

Error - 22/01/2012 17.38.33 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7023
Description = Servizio Servizi IPSEC terminato con l'errore: %%1747

Error - 22/01/2012 17.53.51 | Computer Name = ACER-2D60536D59 | Source = sr | ID = 1
Description = Errore imprevisto '0xC0000001' durante l'elaborazione del file ''
sul volume 'HarddiskVolume2'. Il monitoraggio del volume è stato interrotto.

Error - 22/01/2012 17.54.26 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7023
Description = Servizio Servizi IPSEC terminato con l'errore: %%1747

Error - 22/01/2012 17.55.46 | Computer Name = ACER-2D60536D59 | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

[adara]

scusate per il gran numero dei post, ma non ho capito come funziona paste2.org...

Come sto messa? posso considerare pulito il mio pc?
devo eliminare i files messi in quarantena da Avira?
E' necessario disinstallare Combofix?
Che devo fare con l'hard-disk esterno e le chiavette?

Grazie ancora

[Andy94]

Perdona l'intrusione adara. Per il futuro ti chiedo di utilizzare il tag MEMO quando inserisci un LOG all'interno di un messaggio.
È semplicissimo: una volta che hai incollato il log all'interno dell'area di inserimento, lo selezioni tutto e premi il tasto MEMO che vedi sopra alla casella di testo.

In questo modo, come vedi nei tuoi messaggi precedenti nei quali l'ho inserito personalmente, la leggibilità migliora sensibilmente e la pagina risulta molto più corta.

Ti ringrazio infinitamente per la comprensione.

[hashcat]

scusate per il gran numero dei post, ma non ho capito come funziona paste2.org...

Non ti preoccupare, in questo caso non era necessario utilizzare paste2.org

(Comunque) si utilizza così:

Come sto messa? posso considerare pulito il mio pc?

Per quanto riguarda la pulizia, rimangono un paio di cose da correggere

devo eliminare i files messi in quarantena da Avira?

Non è necessario, i file in quarantena sono inoffensivi, non possono arrecare danno al computer.

E' necessario disinstallare Combofix?

Appena termineremo la pulizia ti spiegherò come rimuovere tutti gli strumenti utilizzati

Che devo fare con l'hard-disk esterno e le chiavette?

Non ho ben capito cosa intendi


Passando alla pulizia devi utilizzare nuovamente The Avenger 2, con questo script:

Codice: Seleziona tutto

Folders to delete:
C:\Documents and Settings\utente\Dati applicazioni\Irotzu
C:\Documents and Settings\utente\Dati applicazioni\Wug

Dopo aver fatto ciò, scarica ed esegui il file generic_fix.reg. Riavvia il computer.

Ho rinvenuto sul tuo computer delle tracce di una passata infezione, vorrei accertarmi che questa sia stata rimossa completamente:

Genera un log di SystemLook:

1. Scarica SystemLook da qui
2. Avvia SystemLook
3. Inserisci il seguente script nella casella di testo (copia e incolla):
   
   

   Codice: Seleziona tutto

   :filefind
ipsec.dll
appmgmt.dll
browsvr.dll
trkw.dll
trks.dll
kdc.dll
dmsrv.dll
mesg.dll
netlogin.dll
protstrg.dll
lmhosts.dll
w32t.dll
ntms.dll
usb2.sys

:regfind
AppMgmt
ipsec.dll
appmgmt.dll
browsvr.dll
trkw.dll
trks.dll
kdc.dll
dmsrv.dll
mesg.dll
netlogin.dll
protstrg.dll
lmhosts.dll
w32t.dll
ntms.dll
usb2.sys

:service
AppMgmt

::env



   
   
4. Disattiva o termina tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare SystemLook
5. Clicca su
6. Aspetta finché non verrà generato un log e aperto con il Blocco Note
7. Dal menu del Blocco Note seleziona la voce Modifica >> Seleziona Tutto e successivamente Modifica >> Copia
8. Inserisci il contenuto copiato nel tuo prossimo messaggio utilizzando il Tag MEMO

[adara]

grazie hashcat, ho fatto di nuovo qualche pasticcetto...
1) ho eseguito avenger, al riavvio mi ha di nuovo dato questo messaggio:
Windows - disco mancante
exception processing message c0000013 parameters 75b1bf7c 75b1bf7c 75b1bf7c
stavolta ho cliccato su continua invece che su annulla

2) generic fix: l'ho aperto e si è presentato un semplice testo nel blocco note, l'ho salvato rinominandolo con l'intenzione di postarne il contenuto, ma quanto l'ho aperto per scrivere qui nel post, si è "trasformato" in qualcosa di attivo e mi ha chiesto se volevo fare le modifiche nel registro, gli ho detto si; comunque, il testo era questo:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000001

3) nel frattempo avevo fatto girare system look, ma quando ho visto la "trasformazione" di generic fix ho di nuovo riavviato (in realtà, si è proprio spento perché nel frattempo sta scaricando degli aggiornamenti di NETframework, ma ha dei problemi ad installarli perché me li ripropone di continuo) e dopo che l'ho riacceso ho di nuovo fatto girare system look. ecco il log:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:56 on 23/01/2012 by utente
Administrator - Elevation successful

No Context: :filefind

No Context: ipsec.dll

No Context: appmgmt.dll

No Context: browsvr.dll

No Context: trkw.dll

No Context: trks.dll

No Context: kdc.dll

No Context: dmsrv.dll

No Context: mesg.dll

No Context: netlogin.dll

No Context: protstrg.dll

No Context: lmhosts.dll

No Context: w32t.dll

No Context: ntms.dll

No Context: usb2.sys

No Context: :regfind

No Context: AppMgmt

No Context: ipsec.dll

No Context: appmgmt.dll

No Context: browsvr.dll

No Context: trkw.dll

No Context: trks.dll

No Context: kdc.dll

No Context: dmsrv.dll

No Context: mesg.dll

No Context: netlogin.dll

No Context: protstrg.dll

No Context: lmhosts.dll

No Context: w32t.dll

No Context: ntms.dll

No Context: usb2.sys

No Context: :service

No Context: AppMgmt

No Context: ::env

-= EOF =-

Dopo le operazioni che ho fatto ieri sera, il PC è diventato molto lento, la luce dell'hard disk è quasi sempre accesa...

Per ANDY94: grazie per la segnalazione, ora uso il tag MEMO

[hashcat]

grazie hashcat, ho fatto di nuovo qualche pasticcetto...
1) ho eseguito avenger, al riavvio mi ha di nuovo dato questo messaggio:
Windows - disco mancante
exception processing message c0000013 parameters 75b1bf7c 75b1bf7c 75b1bf7c
stavolta ho cliccato su continua invece che su annulla

Con Avenger tutto Ok, il messaggio d'errore c0000013 avviene quando un dispositivo rimovibile (USB & CO.) non viene rimosso in maniera corretta. Per fare in modo che il messaggio d'errore non compaia più devi collegare uno ad uno i dispositivi rimovibili che hai utilizzato di recente e rimuoverli in modo sicuro. Dopo aver fatto ciò riavvia il computer.

2) generic fix: l'ho aperto e si è presentato un semplice testo nel blocco note, l'ho salvato rinominandolo con l'intenzione di postarne il contenuto, ma quanto l'ho aperto per scrivere qui nel post, si è "trasformato" in qualcosa di attivo e mi ha chiesto se volevo fare le modifiche nel registro, gli ho detto si

Perfetto

3) nel frattempo avevo fatto girare system look, ma quando ho visto la "trasformazione" di generic fix ho di nuovo riavviato (in realtà, si è proprio spento perché nel frattempo sta scaricando degli aggiornamenti di NETframework, ma ha dei problemi ad installarli perché me li ripropone di continuo) e dopo che l'ho riacceso ho di nuovo fatto girare system look. ecco il log

Purtroppo non hai inserito lo script correttamente, riprova.

Dopo le operazioni che ho fatto ieri sera, il PC è diventato molto lento, la luce dell'hard disk è quasi sempre accesa...

Investigheremo anche su questo, anche se potrebbe essere causato dagli aggiornamenti.

[hashcat]

Per (tentare) di risolvere i problemi con gli aggiornamenti utilizza questo script creato da me:

update_fixer_MLI

[adara]

rifatto Systemlook, ecco il log:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:39 on 23/01/2012 by utente
Administrator - Elevation successful

No Context: :filefind

No Context: ipsec.dll

No Context: appmgmt.dll

No Context: browsvr.dll

No Context: trkw.dll

No Context: trks.dll

No Context: kdc.dll

No Context: dmsrv.dll

No Context: mesg.dll

No Context: netlogin.dll

No Context: protstrg.dll

No Context: lmhosts.dll

No Context: w32t.dll

No Context: ntms.dll

No Context: usb2.sys

No Context: :regfind

No Context: AppMgmt

No Context: ipsec.dll

No Context: appmgmt.dll

No Context: browsvr.dll

No Context: trkw.dll

No Context: trks.dll

No Context: kdc.dll

No Context: dmsrv.dll

No Context: mesg.dll

No Context: netlogin.dll

No Context: protstrg.dll

No Context: lmhosts.dll

No Context: w32t.dll

No Context: ntms.dll

No Context: usb2.sys

No Context: :service

No Context: AppMgmt

No Context: ::env

-= EOF =-

ho anche fatto girare il tuo script, grazie, attendo nuove istruzioni

è possibile che le chiavi usb e l'hard disk esterno siano infettati? cosa devo fare?

[adara]

ritornando al tuo script per gli aggiornamenti, ho cliccato sulla voce "microsoft update" del menu start per vedere se il sistema è ben aggiornato; è già un po' che cerca aggiornamenti disponibili e mi sono accorta che non ha aperto mozilla (browser predefinito) per scaricarli, bensì IE, che non uso da una vita e che penso non sia aggiornato... mica imbarcherò altri virus?