www.MegaLab.it

[gigicookie]

Oggi ho fatto una scansione con hijackthis e secondo me ci sono parecchie schifezze ma preferisco chiedere per essere sicuro
Log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.17.37, on 25/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Ask.com\Updater\Updater.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\UESSE\Oltre3D\UsTimer.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Ufficio\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programmi\OfferBox\OfferBoxBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programmi\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: UsTimer.lnk = C:\Programmi\UESSE\Oltre3D\UsTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6412128781
O17 - HKLM\System\CCS\Services\Tcpip\..\{818A7690-71BF-4C12-8A7F-3BB5554E9FDB}: NameServer = 193.70.152.0,193.70.152.25
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

--
End of file - 10436 bytes

Poi ho fatto anche una scansione con otl, questo è il log:
Extras:

OTL Extras logfile created on: 25/07/2012 9.24.13 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Ufficio\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,11% Memory free
3,84 Gb Paging File | 3,43 Gb Available in Paging File | 89,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 73,29 Gb Free Space | 49,18% Space Free | Partition Type: NTFS

Computer Name: PC-20080125737 | User Name: Ufficio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Sfoglia con Corel Paint Shop Pro Photo X2] -- "C:\Programmi\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"E:\vnc\2XClient\App\2XClient\APPServerClient.exe" = E:\vnc\2XClient\App\2XClient\APPServerClient.exe:*:Enabled:2X Client
"C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"F:\Adobe Digital Editions\digitaleditions.exe" = F:\Adobe Digital Editions\digitaleditions.exe:*:Enabled:digitaleditions.exe
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programmi\Bonjour\mDNSResponder.exe" = C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled: Servizio Bonjour -- (Apple Inc.)
"E:\iTunes\iTunes.exe" = E:\iTunes\iTunes.exe:*:Enabled:iTunes
"c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" = c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:SQL 2005 - UESSE ( sqlservr.exe ) -- (Microsoft Corporation)
"c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:SQL 2005 ( sqlbrowser.exe ) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0590EE00-D2A3-4CE4-B672-E273B940593D}" = Sorax Reader
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2418055A-4DFB-4AA1-B874-C0C9D54EDB75}" = BancaDati
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA1BDEB-3127-483C-A5BE-906921A25811}" = Oltre3D
"{3FB100A4-C7B5-40CD-A062-64A4B7A8D0C3}" = Oltre3D
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}" = Fissa
"{5445229F-293C-4C65-B11A-EC63D41DD109}" = Oltre3D
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{55D2E060-9CCB-47B7-BBC2-FE71A1604B65}" = Microsoft SQL Server Native Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6379FD0A-8964-4A50-80A6-B20B65117905}" = File di supporto dell'installazione di Microsoft SQL Server (Italiano)
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{683F35A8-F72C-4D4C-AB8D-326B779F58F3}" = Oltre3DCrystal ( file di Crystal Report 9 utilizzati da Oltre3D )
"{6B56FF54-7D42-4143-939A-4C06EED8E749}" = Oltre3D
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Foto e imaging HP 2.0 - All-in-One Drivers
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8919A89C-D378-4899-BE19-12893E4DCCEE}" = Parser MSXML 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}" = Sentinel Protection Installer 7.6.3
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Foto e imaging HP 2.0 - All-in-One
"{9A4EDDF5-F582-4D53-B201-5B1B8D758754}" = Microsoft SQL Server 2005 (UESSE)
"{9EC42A33-B95F-486A-8EB6-12EAD4B6D602}" = Oltre3D
"{9EF4A8D0-8F02-4D3F-9147-73FC4433521C}" = Oltre3D
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.1 - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Disco ricordo HP
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB7589FD-4366-4195-A554-6A4B03ED8150}" = Oltre
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D867B4B4-D6D7-40BC-AE63-742C9EC03023}" = Microsoft SQL Server VSS Writer
"{ECF20C9D-916D-4E1D-B163-977D43C998D5}" = Oltre3DCrystal ( file di Crystal Report 9 utilizzati da Oltre3D )
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{FB57A6BD-FA91-4351-BCEA-DAE4BB472407}" = Oltre3D
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft PhotoImpression 2000" = ArcSoft PhotoImpression 2000
"Assistenza BBM_is1" = Assistenza BBM - v2.0.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1" = Soft Voice SoftRing Modem with SmartSP
"EPSON Printer and Utilities" = Software per stampante EPSON
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = Foto e imaging HP 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"novaPDF Professional Desktop 5_is1" = novaPDF Professional Desktop 5.1
"OfferBox Browser" = OfferBox Browser
"Oltre3D_PDF_is1" = Oltre3D_PDF (novaPDF Professional Desktop 5.5 printer)
"PROHYBRIDR" = 2007 Microsoft Office system
"StmAdsl" = ADSL Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = programma di aggiornamento Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/07/2012 7.04.46 | Computer Name = PC-20080125737 | Source = Microsoft Fax | ID = 32092
Description = Impossibile ricevere un fax. Da: . ID chiamante: 0238607345. A: Fax.
Pagine:
0. Nome periferica: PCI Soft Voice SoftRing Modem with SmartSP.

Error - 06/07/2012 8.17.40 | Computer Name = PC-20080125737 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.17110, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 06/07/2012 8.17.46 | Computer Name = PC-20080125737 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.17110, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 06/07/2012 9.05.54 | Computer Name = PC-20080125737 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.17110, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 07/07/2012 4.01.14 | Computer Name = PC-20080125737 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore msimn.exe, versione 6.0.2900.5512,
modulo che ha provocato l'errore comctl32.dll, versione 6.0.2900.6028, indirizzo
errore 0x0007475b.

Error - 10/07/2012 4.37.42 | Computer Name = PC-20080125737 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.262, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113b5.

Error - 10/07/2012 6.08.47 | Computer Name = PC-20080125737 | Source = Microsoft Fax | ID = 32092
Description = Impossibile ricevere un fax. Da: . ID chiamante: 0158131640. A: Fax.
Pagine:
0. Nome periferica: PCI Soft Voice SoftRing Modem with SmartSP.

Error - 10/07/2012 6.29.56 | Computer Name = PC-20080125737 | Source = Microsoft Fax | ID = 32092
Description = Impossibile ricevere un fax. Da: . ID chiamante: 330859822. A: Fax. Pagine:
0. Nome periferica: PCI Soft Voice SoftRing Modem with SmartSP.

Error - 19/07/2012 6.21.49 | Computer Name = PC-20080125737 | Source = Microsoft Fax | ID = 32092
Description = Impossibile ricevere un fax. Da: . ID chiamante: 0242323. A: Fax. Pagine:
0. Nome periferica: PCI Soft Voice SoftRing Modem with SmartSP.

Error - 20/07/2012 6.40.57 | Computer Name = PC-20080125737 | Source = Microsoft Fax | ID = 32092
Description = Impossibile ricevere un fax. Da: . ID chiamante: 0157655250. A: Fax.
Pagine:
0. Nome periferica: PCI Soft Voice SoftRing Modem with SmartSP.

[ System Events ]
Error - 28/06/2012 10.37.44 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 28/06/2012 10.37.47 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 28/06/2012 10.37.49 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 28/06/2012 10.37.51 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 28/06/2012 10.37.53 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 28/06/2012 10.37.55 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 28/06/2012 10.37.57 | Computer Name = PC-20080125737 | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom0.

Error - 06/07/2012 7.59.16 | Computer Name = PC-20080125737 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo
001FC6A67CF5 è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 06/07/2012 7.59.46 | Computer Name = PC-20080125737 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Cyberlink RichVideo Service(CRVS).

Error - 06/07/2012 7.59.46 | Computer Name = PC-20080125737 | Source = Service Control Manager | ID = 7000
Description = Il servizio Cyberlink RichVideo Service(CRVS) non è stato avviato
per il seguente errore: %%1053


< End of report >

[gigicookie]

Scusate il doppio post, ma ho dovuto togliere un pezzo perché il messaggio era troppo lungo.
Otl.txt:
Otl.txt:

OTL logfile created on: 25/07/2012 9.24.13 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Ufficio\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,11% Memory free
3,84 Gb Paging File | 3,43 Gb Available in Paging File | 89,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 73,29 Gb Free Space | 49,18% Space Free | Partition Type: NTFS

Computer Name: PC-20080125737 | User Name: Ufficio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/06/06 21.33.42 | 001,564,872 | ---- | M] (Ask) -- C:\Programmi\Ask.com\Updater\Updater.exe
PRC - [2012/01/18 15.02.04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2011/11/17 03.07.00 | 000,124,416 | ---- | M] (Uesse S.r.l) -- C:\Programmi\UESSE\Oltre3D\UsTimer.exe
PRC - [2011/10/24 22.32.00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/08/04 06.18.43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe
PRC - [2010/10/20 08.06.04 | 001,250,592 | ---- | M] (SafeNet, Inc) -- C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2010/10/20 02.03.02 | 000,374,048 | ---- | M] (SafeNet, Inc.) -- C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2010/10/20 02.00.02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2008/12/03 00.24.24 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2008/08/18 17.53.48 | 000,016,712 | R--- | M] () -- C:\Programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008/08/18 17.53.42 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 12.15.14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
PRC - [2006/10/26 14.40.34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2004/11/17 16.48.40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programmi\File comuni\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/04/06 01.17.18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01.06.58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00.55.04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00.45.10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/03/09 06.31.02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/12 11.37.25 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2011/11/02 00.26.32 | 000,087,912 | ---- | M] () -- C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00.26.12 | 001,242,472 | ---- | M] () -- C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 19.42.50 | 000,311,296 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA
MOD - [2008/11/17 11.10.15 | 000,034,572 | ---- | M] () -- C:\WINDOWS\system32\pdfmon.dll
MOD - [2008/08/18 17.53.48 | 000,016,712 | R--- | M] () -- C:\Programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2003/03/09 06.31.04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/12 11.37.26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/24 22.32.00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/08/04 06.18.43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe -- (NAV)
SRV - [2011/07/20 06.18.24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/10/20 08.06.04 | 001,250,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2010/10/20 02.03.02 | 000,374,048 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2010/10/20 02.00.02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2007/07/24 12.15.14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/10/26 14.40.34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/11/17 16.48.40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programmi\File comuni\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/03/09 06.31.02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/29 17.17.46 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2011/12/16 01.33.22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120131.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/01 04.25.03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 10.18.36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 10.18.36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 04.53.36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/22 04.53.35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/04 08.22.51 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120131.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 08.22.51 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120131.032\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/04 06.19.30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\cchpx86.sys -- (ccHP)
DRV - [2010/04/29 07.03.51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/22 04.29.50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/22 04.29.50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\srtspx.sys -- (SRTSPX)
DRV - [2010/01/12 09.58.55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/06 00.06.13 | 000,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\symds.sys -- (SymDS)
DRV - [2009/09/17 08.05.02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2008/10/16 16.14.00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007/11/01 08.38.56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/11/08 11.00.10 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 10.59.36 | 000,257,408 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/11/08 10.59.30 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/13 08.55.06 | 000,676,873 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004/08/13 04.56.20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/08/12 06.51.00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2000/03/29 18.11.20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=0c95a0420000000000000002cf7a4c1b
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=U3&apn_dtid=OSJ000YYIT&apn_uid=0F33072E-C490-44EF-A048-09E40A500278&apn_sauid=A5BDA209-05FC-472B-9B41-1F09946DA01F
IE - HKCU\..\SearchScopes\{7C7817D6-0E29-4DD8-982D-162F503FCE48}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/it/results/?s=b&c= ... =5&pid=&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18.46.47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/07/20 23.43.24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Programmi\OfferBox\offerboxffx@offerbox.com [2011/02/15 16.39.22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2012/02/21 10.39.57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/01/22 12.43.43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2012/04/26 08.31.53 | 000,000,000 | ---D | M]

[2012/03/15 20.08.04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions
[2009/01/22 12.43.44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/28 10.58.05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2012/07/25 09.14.42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions
[2010/08/06 14.09.39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/15 16.26.25 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/03/15 16.25.53 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com
[2011/05/21 08.09.31 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\searchplugins\fissa.xml
[2012/03/15 19.10.25 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\searchplugins\Search_Results.xml
[2012/07/25 09.14.42 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2009/01/22 12.43.37 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/01 09.42.12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 09.15.41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/21 10.40.13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2008/12/03 00.24.26 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browserdirprovider.dll
[2008/12/03 00.24.26 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\brwsrcmp.dll
[2012/02/21 10.39.55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/03 00.24.26 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Programmi\mozilla firefox\plugins\npnul32.dll
[2012/03/26 17.41.34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\mozilla firefox\plugins\nppdf32.dll
[2012/03/15 16.25.47 | 000,002,310 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml
[2008/03/08 11.35.22 | 000,001,534 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\creativecommons.xml
[2006/09/10 13.15.22 | 000,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2008/09/19 19.07.44 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2008/04/16 06.08.20 | 000,001,706 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\google.xml
[2012/03/15 19.10.25 | 000,002,519 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\Search_Results.xml
[2008/03/29 09.17.30 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2007/12/10 12.20.36 | 000,000,649 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2008/04/14 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programmi\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Indirizzo) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Co&llegamenti) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (ZyXEL)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programmi\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programmi\File comuni\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe" -s File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hp psc 1000 series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hpoddt01.exe.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\UsTimer.lnk = C:\Programmi\UESSE\Oltre3D\UsTimer.exe (Uesse S.r.l)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: unicreditbanca.it ([]https in Siti attendibili)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6412128781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.46.86.74 212.117.175.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{818A7690-71BF-4C12-8A7F-3BB5554E9FDB}: DhcpNameServer = 78.46.86.74 212.117.175.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{818A7690-71BF-4C12-8A7F-3BB5554E9FDB}: NameServer = 193.70.152.0,193.70.152.25
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precaricatore Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon di cache delle categorie di componenti - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/11 15.38.50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a003af5-93a0-11de-bca4-a3aba49ae45f}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{a5e0a7c8-0b76-11e0-bf1a-b525525899eb}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e0a7c8-0b76-11e0-bf1a-b525525899eb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 09.20.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ufficio\Desktop\Pulizia (copiare su chiavetta)
[2012/06/26 15.48.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ufficio\Dati applicazioni\TeamViewer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\*.tmp files -> C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/25 09.27.00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/25 09.04.38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/25 09.04.20 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 09.04.10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 08.54.27 | 004,623,522 | ---- | M] () -- C:\Documents and Settings\Ufficio\Desktop\buc-0.5.2_bin_full.deb
[2012/07/24 18.48.00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 18.37.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/24 16.29.54 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2012/07/24 16.28.49 | 000,014,027 | ---- | M] () -- C:\WINDOWS\Oltre.ini
[2012/07/24 16.20.25 | 000,002,568 | -HS- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\KGyGaAvL.sys
[2012/07/24 15.52.48 | 000,014,018 | ---- | M] () -- C:\WINDOWS\oltre.ini.bak
[2012/07/24 15.26.30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
[2012/07/12 11.37.25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 11.37.25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/12 08.16.55 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 19.07.23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/07 10.10.58 | 005,297,934 | ---- | M] () -- C:\Documents and Settings\Ufficio\Documenti\eSOS Istruzioni cartacee w28-29.pdf
[2012/07/03 14.23.20 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Ufficio\Desktop\Microsoft Office Word 2007.lnk
[2012/07/02 17.43.37 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1333034269.job
[2012/06/30 09.33.29 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Ufficio\Desktop\Microsoft Office Excel 2007.lnk
[2012/06/29 15.46.25 | 000,324,892 | ---- | M] () -- C:\Documents and Settings\Ufficio\Desktop\Rubrica clienti Oltre3D.pdf
[2012/06/28 16.30.34 | 000,013,998 | ---- | M] () -- C:\WINDOWS\Oltre.ini.Sav2
[2012/06/28 16.30.34 | 000,013,998 | ---- | M] () -- C:\WINDOWS\Oltre.ini.Sav1
[2012/06/26 15.48.58 | 006,406,651 | ---- | M] () -- C:\Documents and Settings\Ufficio\Documenti\fattura 002.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\*.tmp files -> C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/25 08.54.14 | 004,623,522 | ---- | C] () -- C:\Documents and Settings\Ufficio\Desktop\buc-0.5.2_bin_full.deb
[2012/07/07 09.34.44 | 005,297,934 | ---- | C] () -- C:\Documents and Settings\Ufficio\Documenti\eSOS Istruzioni cartacee w28-29.pdf
[2012/06/30 09.36.33 | 012,097,494 | ---- | C] () -- C:\Documents and Settings\Ufficio\Documenti\cai_pag_1.bmp
[2012/06/30 09.36.33 | 000,445,756 | ---- | C] () -- C:\Documents and Settings\Ufficio\Documenti\cai_pag_1.jpg
[2012/06/30 09.30.02 | 000,228,226 | ---- | C] () -- C:\Documents and Settings\Ufficio\Documenti\Ricevuta fiscale.xml
[2012/06/29 15.46.25 | 000,324,892 | ---- | C] () -- C:\Documents and Settings\Ufficio\Desktop\Rubrica clienti Oltre3D.pdf
[2012/06/26 16.47.08 | 006,406,651 | ---- | C] () -- C:\Documents and Settings\Ufficio\Documenti\fattura 002.jpg
[2012/06/14 11.16.41 | 000,617,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2012/03/29 17.06.26 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2012/03/29 17.06.26 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2012/02/15 09.12.42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/28 18.48.29 | 000,052,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/20 09.20.15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 14.40.28 | 000,172,034 | ---- | C] () -- C:\Documents and Settings\Ufficio\mhtml_mid___00000002_.pdf
[2008/12/23 15.19.06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 15.37.57 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\98B5677603.sys
[2008/11/24 15.37.56 | 000,002,568 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\KGyGaAvL.sys
[2008/11/11 16.29.51 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== LOP Check ==========

[2011/10/24 08.57.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ask
[2012/03/15 16.25.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Babylon
[2012/03/15 19.10.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2011/12/28 18.35.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/15 16.25.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\Babylon
[2012/03/15 16.26.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\BabylonToolbar
[2011/12/30 18.38.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\calibre
[2011/02/15 16.39.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\FissaSearch
[2012/07/23 08.16.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\OfferBox
[2012/03/14 15.53.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\searchquband
[2011/09/07 10.30.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\supertuxkart
[2012/06/26 15.48.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\TeamViewer
[2011/07/20 23.48.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\Tific
[2009/08/28 10.58.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\TomTom
[2012/06/14 10.56.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\VOS
[2012/07/24 15.26.30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\DealPlyUpdate.job
[2012/07/02 17.43.37 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1333034269.job
[2012/07/25 09.27.00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

P.S. Mi sa che HiJackThis è una versione vecchia ma in questo momento non ho il pc sottomano...

[hashcat]

Fixa i seguenti elementi (Hijackthis):

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programmi\OfferBox\OfferBoxBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programmi\Ask.com\Updater\Updater.exe"

Nel frattempo leggo il log di OTL.

[hashcat]

Script di pulizia per OTL:

Codice: Seleziona tutto

:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=0c95a0420000000000000002cf7a4c1b
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=U3&apn_dtid=OSJ000YYIT&apn_uid=0F33072E-C490-44EF-A048-09E40A500278&apn_sauid=A5BDA209-05FC-472B-9B41-1F09946DA01F
IE - HKCU\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/it/results/?s=b&c= ... =5&pid=&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll File not found
[2012/03/15 20.08.04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions
[2009/01/22 12.43.44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/28 10.58.05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2012/07/25 09.14.42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions
[2012/03/15 16.25.53 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com
[2011/05/21 08.09.31 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\searchplugins\fissa.xml
[2012/03/15 16.25.47 | 000,002,310 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programmi\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
[2012/07/25 09.27.00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/24 08.57.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ask
[2012/03/15 16.25.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Babylon
[2012/03/15 19.10.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2012/03/15 16.25.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\Babylon
[2012/03/15 16.26.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\BabylonToolbar
[2012/07/23 08.16.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\OfferBox
[2012/03/14 15.53.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ufficio\Dati applicazioni\searchquband
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\*.tmp files -> C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[DRIVES]
[CLEARALLRESTOREPOINTS]

Posta il log di OTL (che trovi in C:\_OTL\)

Elimina PUP e Toolbar indesiderate con Adwcleaner e posta il log di questo prodotto.

Effettua una scansione completa con Malwarebytes Anti-Malware e una con Emsisoft Emergency Kit. Posta entrambi i log.

P.S.: Resta da aggiornare alcune applicazioni critiche, ma questa operazione conviene effattuarla in un secondo tempo, per evitare di sovraccaricare i log di informazioni non necessarie.

[gigicookie]

Per "applicazioni critiche" intendi anche java, vero? Mi sta venendo il dubbio che quel pc abbia la versione che è soggetta al problema degli exploit (quelli di cui parlavo nel cazzeggio). Poi mi sà che c'è firefox vecchio... Intanto , appena riesco farò le scansioni

[hashcat]

Per "applicazioni critiche" intendi anche java, vero? Mi sta venendo il dubbio che quel pc abbia la versione che è soggetta al problema degli exploit (quelli di cui parlavo nel cazzeggio). Poi mi sà che c'è firefox vecchio... Intanto , appena riesco farò le scansioni

Vado a memoria: è installato firefox 3.0.5 (se non erro), vecchie versioni 6 di Java, Adobe Reader 9, Internet Explorer 7.

P.S.: La / le versioni di Java installate sono tutte vulnerabili a numerosi exploit, inseriti da tempo nel Metasploit Framework (considera che praticamente tutte le versioni di Java fino alla 7 update 4, inclusa, sono vulnerabili).

L'ultima versione disponibile è la 7 update 5.

[gigicookie]

Il problema è che il proprietario del pc non si preoccupa minimamente della sicurezza del pc e quindi per forza che ci sono vecchie versioni... Oggi gli ho fatto la scansione e infatti, come volevasi dimostrare, ho trovato un bel po' di schifezza

[hashcat]

Il problema è che il proprietario del pc non si preoccupa minimamente della sicurezza del pc e quindi per forza che ci sono vecchie versioni... Oggi gli ho fatto la scansione e infatti, come volevasi dimostrare, ho trovato un bel po' di schifezza

Come avevo già suggerito per una situazione simile, la soluzione migliore è installare un programma gratuito come Secunia PSI che si occupa di aggiornare automaticamente i software più noti all'ultima versione disponbile.

[gigicookie]

Ehm... mi dice che non sono autorizzato a leggere quel forum...

[hashcat]

Ehm... mi dice che non sono autorizzato a leggere quel forum...

Si, scusami, avevo inserito il link ad una discussione privata.
A seugire l'estratto conclusivo del messaggio:

In sintesi:

Per bloccare la pubblicità basta adottare i FoolDNS Community, per prevenire questa singola infezione, bloccare da hosts il dominio che ospita il kit di Exploit:

Codice: Seleziona tutto

127.0.0.1 nomedominio.com
127.0.0.1 www.nomedominio.com

Ed installare sul computer in questione Secunia PSI, che si occupa di aggiornare automaticamente i software che presentano vulnerabilità di sicurezza (come in questo caso JRE.

Nell'estratto suggerisco di utilizzare i FoolDNS perché, nello specifico caso analizzato, l'infezione veniva distribuita attraverso la pubblicità mostrata su un sito.

[gigicookie]

OTL:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programmi\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.babylon.com/?babsrc=HP_Prot" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 removed from extensions.enabledItems
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions folder moved successfully.
Folder C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ not found.
Folder C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com\ not found.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions folder moved successfully.
Folder C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\extensions\ffxtlbr@babylon.com\ not found.
C:\Documents and Settings\Ufficio\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\searchplugins\fissa.xml moved successfully.
C:\Programmi\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programmi\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ deleted successfully.
C:\Programmi\OfferBox\OfferBoxBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programmi\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programmi\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Ask\APN-Stub folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Ask folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess\706C0FC6B802CD01 folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\Babylon folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\OfferBox folder moved successfully.
C:\Documents and Settings\Ufficio\Dati applicazioni\searchquband folder moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\d3d9caps.tmp deleted successfully.
File RITY] not found.
File PTYTEMP] not found.
File SETHOSTS] not found.
Folder IVES]\ not found.
File EARALLRESTOREPOINTS] not found.

OTL by OldTimer - Version 3.2.54.1 log created on 08072012_150942

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Emsisoft

a-squared Free - Versione 2.0
Ultimo aggiornamento: 07/08/2012 16.53.36

Impostazioni scansione:

Tipo scansione: Personalizzata
Oggetti: Rootkits, Memoria, Tracce, Cookies, C:\
Archivio scansioni: On
Scansione ADS: On

Scansione avviata: 07/08/2012 17.00.06

c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1282483810843750 rilevati: Trace.TrackingCookie.adv.alice.it!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343195898906250 rilevati: Trace.TrackingCookie.doubleclick.net!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199164421876 rilevati: Trace.TrackingCookie.ad.yieldmanager.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199164406250 rilevati: Trace.TrackingCookie.ad.yieldmanager.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199164421877 rilevati: Trace.TrackingCookie.ad.yieldmanager.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199164421879 rilevati: Trace.TrackingCookie.ad.yieldmanager.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199165125000 rilevati: Trace.TrackingCookie.adbrite.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199165125001 rilevati: Trace.TrackingCookie.adbrite.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199165343751 rilevati: Trace.TrackingCookie.casalemedia.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199165343752 rilevati: Trace.TrackingCookie.casalemedia.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199165343753 rilevati: Trace.TrackingCookie.casalemedia.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199165343754 rilevati: Trace.TrackingCookie.casalemedia.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343199180281250 rilevati: Trace.TrackingCookie.ad.yieldmanager.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343201487781250 rilevati: Trace.TrackingCookie.track.adform.net!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343201488062500 rilevati: Trace.TrackingCookie.track.adform.net!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1343201503937501 rilevati: Trace.TrackingCookie.ad.zanox.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1344344836921875 rilevati: Trace.TrackingCookie.doubleclick.net!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1344348143281252 rilevati: Trace.TrackingCookie.adfarm1.adition.com!E1
c:\documents and settings\ufficio\dati applicazioni\mozilla\firefox\profiles\vz7tgum8.default\cookies.sqlite:1344348145140626 rilevati: Trace.TrackingCookie.ad.zanox.com!E1
C:\Documents and Settings\Ufficio\Impostazioni locali\Temporary Internet Files\Content.IE5\WGCV95N6\main[1].htm rilevati: Exploit.JS.Blacole!E2
C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\V.class rilevati: Trojan-Downloader.Java.OpenStream!E2
C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\is1373634743\MyBabylonTB.exe rilevati: Riskware.Win32.Toolbar.Babylon.AMN!E1
C:\Documents and Settings\Ufficio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\357fd3a3-637f9ef1 -> ehsa\ehsc.class rilevati: Exploit.Java.Blacole!E2
C:\Documents and Settings\Ufficio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\357fd3a3-637f9ef1 -> ehsa\ehsa.class rilevati: Exploit.Java.CVE-2012!E2
C:\Documents and Settings\Ufficio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\357fd3a3-637f9ef1 -> ehsa\F.class rilevati: Exploit.Java.CVE-2012!E2
C:\Documents and Settings\Ufficio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\357fd3a3-637f9ef1 -> ehsa\ter.class rilevati: Java.CVE!E2
C:\Documents and Settings\Ufficio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\357fd3a3-637f9ef1 -> ehsa\ehsb.class rilevati: Exploit.Java.CVE-2012-0507!E2

Scansionati 637284
Rilevato 27

Fine scansione: 07/08/2012 20.04.10
Tempo scansione: 3:04:04

AdwCleaner[R1]

# AdwCleaner v1.703 - Logfile created 08/07/2012 at 16:44:17
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ufficio - PC-20080125737
# Running from : C:\Documents and Settings\Ufficio\Desktop\Fix_computer_ufficio\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\DOCUME~1\Ufficio\IMPOST~1\Temp\BabylonToolbar
Folder Found : C:\Documents and Settings\Ufficio\Dati applicazioni\BabylonToolbar
Folder Found : C:\Documents and Settings\Ufficio\Dati applicazioni\FissaSearch
Folder Found : C:\Programmi\Ask.com
Folder Found : C:\Programmi\BabylonToolbar
Folder Found : C:\Programmi\DealPly
Folder Found : C:\Programmi\OfferBox
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\DOCUME~1\Ufficio\IMPOST~1\Temp\Searchqu.ini
File Found : C:\DOCUME~1\Ufficio\IMPOST~1\Temp\searchqutoolbar-manifest.xml
File Found : C:\Programmi\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\WINDOWS\Tasks\DealPlyUpdate.job

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\FissaSearch
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Offerbox
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer
Key Found : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer.1
Key Found : HKLM\SOFTWARE\Description
Key Found : HKLM\SOFTWARE\FissaSearch
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Offerbox Browser
Key Found : HKLM\SOFTWARE\Offerbox
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5324 octets] - [07/08/2012 16:44:17]

########## EOF - C:\AdwCleaner[R1].txt - [5452 octets] ##########

S1:

# AdwCleaner v1.703 - Logfile created 08/07/2012 at 16:44:46
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ufficio - PC-20080125737
# Running from : C:\Documents and Settings\Ufficio\Desktop\Fix_computer_ufficio\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\Ufficio\IMPOST~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Ufficio\Dati applicazioni\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Ufficio\Dati applicazioni\FissaSearch
Folder Deleted : C:\Programmi\Ask.com
Folder Deleted : C:\Programmi\BabylonToolbar
Folder Deleted : C:\Programmi\DealPly
Folder Deleted : C:\Programmi\OfferBox
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\DOCUME~1\Ufficio\IMPOST~1\Temp\Searchqu.ini
File Deleted : C:\DOCUME~1\Ufficio\IMPOST~1\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Programmi\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\WINDOWS\Tasks\DealPlyUpdate.job

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\FissaSearch
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer
Key Deleted : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer.1
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\FissaSearch
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Offerbox Browser
Key Deleted : HKLM\SOFTWARE\Offerbox
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5453 octets] - [07/08/2012 16:44:17]
AdwCleaner[S1].txt - [5514 octets] - [07/08/2012 16:44:46]

########## EOF - C:\AdwCleaner[S1].txt - [5642 octets] ##########

MBAM

Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.08.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Ufficio :: PC-20080125737 [amministratore]

Protezione: Attivata

07/08/2012 15.18.29
mbam-log-2012-08-07 (16-23-22).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 319492
Tempo impiegato: 1 ore, 4 minuti, 27 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\I WANT THIS (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Nessuna azione intrapresa.

Valori di registro rilevati: 3
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Dati: ff51d073ac563969959908bd86b89160 -> Nessuna azione intrapresa.
HKCU\Software\I Want This|BundledFirefox (Adware.GamePlayLab) -> Dati: 1 -> Nessuna azione intrapresa.
HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Dati: 147 -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 5
C:\Documents and Settings\Ufficio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\vz7tgum8.default\Cache\C7CCBB63d01 (PUP.BundleOffer.Downloader.S) -> Nessuna azione intrapresa.
C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\rty0_7z.exe (Trojan.Agent.2D) -> Nessuna azione intrapresa.
C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\Uninstall.exe25889593.del (Adware.Agent) -> Nessuna azione intrapresa.
C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Nessuna azione intrapresa.
C:\Documents and Settings\Ufficio\Impostazioni locali\Temp\25887671.Uninstall\Uninstall.exe (Adware.Agent) -> Nessuna azione intrapresa.

(fine)

Quello che ha trovato Emsisoft l' ho rimosso a mano (qualche furbone aveva chiuso il programma). Alcune voci non erano presenti.
MBAM invece ha rimosso lui le infezioni (Cosa che probabilmente è scritta nell' altro log)

[gigicookie]

P.S
Dopo aver finito le scansioni e usato adwcleaner ho aggiornato i software vecchi.

[Giampy]

Fixa i seguenti elementi (Hijackthis):
...
Nel frattempo leggo il log di OTL.

Hashcat, sarei curioso di sapere come fai a individuare un programma maligno, ma in realtà non pretendo certo di conoscere i tuoi segreti dei quali sicuramente sarai geloso. Però, almeno, mi dici quanto tempo impieghi per individuare un "malware" fra migliaia di righe di risultati?

[hashcat]

@gigicookie Ottimo.

@Giampy Domani rispondo anche a te.

[crazy.cat]

sarei curioso di sapere come fai a individuare un programma maligno

Esperienza, colpo d'occhio e Google....

ma in realtà non pretendo certo di conoscere i tuoi segreti dei quali sicuramente sarai geloso.

Non credo vi sia nessun segreto, solo allenamento.

Però, almeno, mi dici quanto tempo impieghi per individuare un "malware" fra migliaia di righe di risultati?

Con il log di hijackthis in genere pochi secondi.
Per gli altri più lunghi e complessi ci vuole più pazienza.

[gigicookie]

Alla fine ho messo questa configurazione sul pc:

Avast! antivirus free (Aggiornato automaticamente) + Comodo firewall (Pianificato aggiornamenti ogni settimana) + Secunia PSI +
EMET