[color=#e56717]========== Processes (SafeList) ==========[/color]

OTL logfile created on: 09/04/2014 11.11.05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Utente\Documenti\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000410 Country: Italia Language: ITA Date Format: dd/mm/yyyy 511,30 Mb Total Physical Memory 59,34 Mb Available Physical Memory 11,61% Memory free 1,97 Gb Paging File 1,55 Gb Available in Paging File 78,57% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: %SystemRoot% = C:\WINDOWS %ProgramFiles% = C:\Programmi Drive C: 232,88 Gb Total Space 216,90 Gb Free Space 93,14% Space Free Partition Type: NTFS Drive Z: 465,66 Gb Total Space 419,39 Gb Free Space 90,06% Space Free Partition Type: NTFS Computer Name: DAVIDE User Name: Utente Logged in as Administrator. Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off No Company Name Whitelist: On File Age = 60 Days [color=#e56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Utente\Documenti\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programmi\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programmi\PDF Architect\HelperService.exe (pdfforge GmbH) PRC - C:\Programmi\PDF Architect\ConversionService.exe (pdfforge GmbH) PRC - C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#e56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer. dll () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dl l () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\pdf.dll () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll () MOD - C:\Programmi\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll () MOD - C:\WINDOWS\system32\sso2ml3.dll () MOD - C:\WINDOWS\system32\msdmo.dll () [color=#e56717]========== Services (SafeList) ==========[/color] SRV - (AGCoreService) -- C:\Programmi\AGI\core\4.2.0.10753\AGCoreService.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PDF Architect Helper Service) -- C:\Programmi\PDF Architect\HelperService.exe (pdfforge GmbH) SRV - (PDF Architect Service) -- C:\Programmi\PDF Architect\ConversionService.exe (pdfforge GmbH) SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Samsung Network Fax Server) -- Pagina 1

C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe (Samsung Electronics Co., Ltd.) SRV - (MDM) -- C:\Programmi\File comuni\microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) [color=#e56717]========== Driver Services (SafeList) ==========[/color] DRV - (WDICA) -- File not found DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found DRV - (Scutum50) -- System32\Drivers\Scutum50.sys File not found DRV - (RTL8192cu) -- system32\drivers\rtl8192cu.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbvorxtfpxqmqipm) -- C:\WINDOWS\system32\drivers\lbvorxtfpxqmqipm.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (Changer) -- File not found DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\wsadb.sys (Google Inc) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (THRC) -- C:\WINDOWS\system32\drivers\THRC.sys (THRC ENTERPRISE Corp.) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc) DRV - (videx32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) [color=#e56717]========== Standard Registry (SafeList) ==========[/color] [color=#e56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchterms}&form=ie8src Pagina 2

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 Explorer\Main,Search Page = http://www.google.com Explorer\Main,Start Page = http://www.google.it/ Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp Explorer\Main,Start Page Redirect Cache AcceptLangs = it Explorer\Search,Default_Search_URL = http://www.google.com/ie Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\..\SearchScopes\{0633EE93-D776-4 72f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchterms}&src=ie-searchbox&form=ie8src IE - HKU\S-1-5-21-796845957-682003330-725345543-1003\Software\Microsoft\Windows\Curre ntversion\internet Settings: "ProxyEnable" = 0 [color=#e56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledaddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\programmi\microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Programmi\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@ecocerved.it/edw,version=2.0.0.1: C:\Programmi\Ecocerved\Mozilla\2.0.0.1\npews.dll (Ecocerved scarl) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@ pdfarchitect.com: C:\Programmi\PDF Architect\FFPDFArchitectExt [2013/04/18 09.54.12 000,000,000 ---D M] Pagina 3

[2013/10/08 10.05.49 000,000,000 ---D M] (No name found) -- C:\Documents and Settings\Utente\Dati applicazioni\mozilla\extensions [2014/04/07 18.39.31 000,000,000 ---D M] (No name found) -- C:\Documents and Settings\Utente\Dati applicazioni\mozilla\firefox\profiles\rw40e3j2.default\extensions File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UTENTE\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\RW40E3J2.DEFAULT\EXTENSIONS\A9719E64-232B- 4695-AE9C-A89CD7F2AA84@CA1279DF-BC0D-44A8-97EF-19301C922B68.COM [color=#e56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseurl}search?q={searchterms}&{google:rlz}{google:originalqueryforsugge stion}{google:assistedquerystats}{google:searchfieldtrialparameter}{google:bookm arkbarpinned}{google:searchclient}{google:sourceid}{google:instantextendedenable dparameter}{google:omniboxstartmarginparameter}ie={inputencoding} CHR - default_search_provider: suggest_url = {google:basesuggesturl}search?{google:searchfieldtrialparameter}client={google:s uggestclient}&gs_ri={google:suggestrid}&xssi=t&q={searchterms}&{google:cursorpos ition}{google:currentpageurl}{google:pageclassification}sugkey={google:suggestap IKeyParameter}, CHR - plugin: Error reading preferences file CHR - Extension: Skype Click to Call = C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\google\chrome\user Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15705.1852_0\ CHR - Extension: Google Wallet = C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\google\chrome\user Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_2\ O1 HOSTS File: ([2012/03/14 17.20.54 000,000,027 ---- M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programmi\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-796845957-682003330-725345543-1003\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found. O4 - HKLM..\Run: [IDProtect Monitor] C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 Pagina 4

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel present O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\Curre ntversion\policies\explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\Curre ntversion\policies\explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-796845957-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\Curre ntversion\policies\explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB9173C7-6DFE-4CD4-A439-13 3454F46CEA}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\system\ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\system\ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\system\ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\skype\skype4com.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\microsoft\wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\microsoft\wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/22 06.41.00 000,000,000 ---- M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#e56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2014/04/09 10.48.54 000,000,000 ---D C] -- C:\AdwCleaner [2014/04/09 09.26.18 000,388,608 ---- C] (Trend Micro Inc.) -- C:\Documents and Settings\Utente\Desktop\HijackThis.exe [2014/04/09 09.16.15 000,000,000 ---D C] -- C:\Programmi\VS Revo Group [2014/04/09 09.15.46 002,623,656 ---- C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Utente\Desktop\revosetup.exe Pagina 5

[2014/04/08 17.50.22 000,000,000 RH-D C] -- C:\Documents and Settings\Utente\Recent [2014/04/08 17.50.22 000,000,000 ---D C] -- C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica [2014/04/08 17.50.17 000,000,000 ---D C] -- C:\Programmi\File comuni\wise Installation Wizard [2014/04/08 12.57.51 000,000,000 ---D C] -- C:\Programmi\Enigma Software Group [2014/04/08 09.22.51 000,107,736 ---- C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/04/08 09.22.17 000,000,000 ---D C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware [2014/04/08 09.22.14 000,050,648 ---- C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/04/08 09.22.14 000,023,256 ---- C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/04/08 09.22.14 000,000,000 ---D C] -- C:\Programmi\Malwarebytes Anti-Malware [2014/04/07 18.27.42 000,000,000 ---D C] -- C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\genesis [2014/03/24 13.37.20 000,000,000 ---D C] -- C:\Documents and Settings\Utente\Desktop\ISPEZIONI CAMPO [2014/03/13 11.43.58 005,777,288 ---- C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2014/03/12 10.32.41 000,000,000 ---D C] -- C:\Documents and Settings\Utente\Documenti\alfonso fiumarella [2014/03/07 13.09.19 000,000,000 R--D C] -- C:\Documents and Settings\Utente\Desktop\PINK FLOYD COLLECTION [2014/02/17 20.16.37 000,000,000 ---D C] -- C:\Documents and Settings\Utente\Desktop\voltura romeo [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#e56717]========== Files - Modified Within 60 Days ==========[/color] [2014/04/09 11.01.09 000,001,126 ---- M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/04/09 10.59.29 000,002,048 --S- M] () -- C:\WINDOWS\bootstat.dat [2014/04/09 10.43.00 000,000,978 ---- M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014/04/09 10.27.00 000,001,130 ---- M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/04/09 09.38.48 000,016,825 ---- M] () -- C:\Documents and Settings\Utente\Desktop\hijackthis file log.pdf [2014/04/09 09.26.21 000,388,608 ---- M] (Trend Micro Inc.) -- C:\Documents and Settings\Utente\Desktop\HijackThis.exe [2014/04/09 09.16.03 002,623,656 ---- M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Utente\Desktop\revosetup.exe [2014/04/08 18.40.35 000,552,564 ---- M] () -- C:\WINDOWS\System32\perfh010.dat [2014/04/08 18.40.35 000,502,040 ---- M] () -- C:\WINDOWS\System32\perfh009.dat [2014/04/08 18.40.35 000,103,764 ---- M] () -- C:\WINDOWS\System32\perfc010.dat [2014/04/08 18.40.35 000,087,800 ---- M] () -- C:\WINDOWS\System32\perfc009.dat [2014/04/08 18.30.09 000,000,436 -H-- M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D957C710-899D-4371-9AE8-C12D28D8245C }.job [2014/04/08 18.00.21 000,001,775 ---- M] () -- C:\Documents and Settings\Utente\Desktop\Google Chrome.lnk [2014/04/08 17.07.11 000,001,891 ---- M] () -- C:\WINDOWS\imsins.BAK [2014/04/08 16.18.45 000,107,736 ---- M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/04/08 15.59.35 000,302,032 ---- M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/04/08 09.22.17 000,000,749 ---- M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2014/04/07 12.07.36 000,042,497 ---- M] () -- C:\Documents and Pagina 6

Settings\Utente\Desktop\Immag0509.jpg [2014/04/07 11.35.44 000,217,813 ---- M] () -- C:\Documents and Settings\Utente\Desktop\nota_920_all_B1_5feb_14.pdf [2014/04/06 11.38.41 000,002,206 ---- M] () -- C:\WINDOWS\System32\wpa.dbl [2014/04/03 09.51.06 000,050,648 ---- M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/04/03 09.50.56 000,023,256 ---- M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/03/27 12.17.36 000,045,087 ---- M] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 05 2014.pdf [2014/03/27 12.17.36 000,045,087 ---- M] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 04 14.pdf [2014/03/27 10.40.23 000,005,510 ---- M] () -- C:\Documents and Settings\Utente\Desktop\DOC_804214079 (1).pdf [2014/03/24 19.46.57 000,005,511 ---- M] () -- C:\Documents and Settings\Utente\Desktop\DOC_803481352.pdf [2014/03/24 12.35.04 000,292,335 ---- M] () -- C:\Documents and Settings\Utente\Desktop\Mod+18+T.pdf [2014/03/13 11.44.03 000,692,616 ---- M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2014/03/13 11.44.03 000,071,048 ---- M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2014/03/13 11.43.59 005,777,288 ---- M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2014/03/12 19.07.14 000,037,588 ---- M] () -- C:\Documents and Settings\Utente\Documenti\curriculum vitae mauceri franco1.pdf [2014/03/06 17.07.26 000,000,131 -H-- M] () -- C:\Documents and Settings\Utente\Desktop\.~lock.Nuovo documento password.rtf# [2014/02/10 11.27.11 000,011,155 ---- M] () -- C:\Documents and Settings\Utente\Dati applicazioni\smarthruoptions.xml [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#e56717]========== Files Created - No Company Name ==========[/color] [2014/04/09 09.38.47 000,016,825 ---- C] () -- C:\Documents and Settings\Utente\Desktop\hijackthis file log.pdf [2014/04/08 17.06.59 000,001,891 ---- C] () -- C:\WINDOWS\imsins.BAK [2014/04/08 15.59.35 000,302,032 ---- C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/04/08 09.22.17 000,000,749 ---- C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2014/04/07 12.07.35 000,042,497 ---- C] () -- C:\Documents and Settings\Utente\Desktop\Immag0509.jpg [2014/04/07 11.35.40 000,217,813 ---- C] () -- C:\Documents and Settings\Utente\Desktop\nota_920_all_B1_5feb_14.pdf [2014/04/07 11.12.56 000,919,313 ---- C] () -- C:\Documents and Settings\Utente\Desktop\c.i c.f. nino campo.pdf [2014/03/27 12.17.36 000,045,087 ---- C] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 05 2014.pdf [2014/03/27 12.17.36 000,045,087 ---- C] () -- C:\Documents and Settings\Utente\Desktop\F24 ELLECI 03 04 14.pdf [2014/03/27 10.40.23 000,005,510 ---- C] () -- C:\Documents and Settings\Utente\Desktop\DOC_804214079 (1).pdf [2014/03/24 19.46.56 000,005,511 ---- C] () -- C:\Documents and Settings\Utente\Desktop\DOC_803481352.pdf [2014/03/24 12.35.02 000,292,335 ---- C] () -- C:\Documents and Settings\Utente\Desktop\Mod+18+T.pdf [2014/03/12 19.07.13 000,037,588 ---- C] () -- C:\Documents and Settings\Utente\Documenti\curriculum vitae mauceri franco1.pdf [2014/03/06 17.07.26 000,000,131 -H-- C] () -- C:\Documents and Settings\Utente\Desktop\.~lock.Nuovo documento password.rtf# [2013/08/27 09.03.12 000,014,119 ---- C] () -- C:\WINDOWS\System32\RaCoInst.dat [2013/04/20 12.10.19 000,308,618 ---- C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\dati applicazioni\wpffontcache_v0400-system.dat [2013/02/05 17.52.50 000,974,848 ---- C] () -- C:\WINDOWS\System32\cis-2.4.dll Pagina 7

[2013/02/05 17.52.50 000,081,920 ---- C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013/02/05 17.52.50 000,065,536 ---- C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013/02/05 17.52.50 000,057,344 ---- C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012/03/15 20.27.44 000,017,408 ---- C] () -- C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\webpageicons.db [2012/02/21 18.38.54 000,011,155 ---- C] () -- C:\Documents and Settings\Utente\Dati applicazioni\smarthruoptions.xml [2011/10/14 16.25.11 000,000,291 ---- C] () -- C:\Documents and Settings\Utente\dikeutil.ini [2011/10/14 16.24.12 000,000,382 ---- C] () -- C:\Documents and Settings\Utente\dike.ini [2011/10/14 16.24.11 000,213,010 ---- C] () -- C:\Documents and Settings\Utente\caCertsList [2011/09/17 10.12.50 000,000,298 ---- C] () -- C:\Documents and Settings\Utente\UnifiedToolbarCleanup.bat [2007/02/15 21.24.13 000,000,042 ---- C] () -- C:\Documents and Settings\Utente\default.pls [2006/12/22 18.01.28 000,126,464 ---- C] () -- C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\dcbc2a71-70d8-4dan-ehr8-e0d61dea3fdf.ini [2006/12/22 10.13.02 000,000,135 ---- C] () -- C:\Documents and Settings\Utente\Impostazioni locali\dati applicazioni\fusioncache.dat [2006/12/22 01.28.34 000,409,168 ---- C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\dati applicazioni\fontcache3.0.0.0.dat [color=#e56717]========== ZeroAccess Check ==========[/color] [2006/12/22 00.51.26 000,000,227 RHS- M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1} \InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} \InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1 }\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19.13.52 001,499,136 ---- M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F }\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/13 19.13.40 000,472,064 ---- M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1 }\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 000,273,920 ---- M] (Microsoft Corporation) "ThreadingModel" = Both [color=#e56717]========== LOP Check ==========[/color] [2013/04/09 12.12.30 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\athena [2012/05/10 09.34.27 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\nitro PDF [2013/01/04 19.41.17 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\nokia [2011/10/13 17.51.53 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\nokiainstallercache [2011/10/13 19.37.02 000,000,000 ---D M] -- C:\Documents and Settings\All Pagina 8

Users\Dati applicazioni\pc Suite [2013/08/27 09.03.09 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\ralink Driver [2013/04/20 10.23.17 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\samsung [2013/07/27 09.27.18 000,000,000 ---D M] -- C:\Documents and Settings\All Users\Dati applicazioni\tp-link [2011/03/14 22.04.14 000,000,000 ---D M] -- C:\Documents and Settings\TEMP\Dati applicazioni\babylon(2) [2012/05/10 09.31.28 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\downloaded Installations [2012/04/03 18.17.32 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\flightgear.org [2012/04/03 18.13.59 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\fltk.org [2011/09/27 18.58.10 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\microfatture3 [2012/05/10 09.36.17 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\nitro PDF [2013/01/04 19.40.51 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\nokia [2011/10/13 19.41.34 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\nokia Ovi Suite [2013/01/04 19.40.51 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\nokia Suite [2011/09/17 18.33.43 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\openoffice.org [2011/10/14 09.40.15 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\pc Suite [2013/04/18 10.12.20 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\pdf Architect [2013/10/07 17.51.01 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\photoscape [2013/04/20 10.24.43 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\samsung [2012/04/03 18.17.32 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\subversion [2011/08/13 15.06.23 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\unity [2013/11/28 13.29.25 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\utorrent [2013/10/07 16.03.51 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\wondershare [2011/09/27 17.55.40 000,000,000 ---D M] -- C:\Documents and Settings\Utente\Dati applicazioni\zipgenius [color=#e56717]========== Purity Check ==========[/color] < End of report > Pagina 9