ciao ho bisogno del vostro aiuto!!! ..premetto che sono abbastanza ignorante in materia...non so come ma system check ha invaso il mio pc...ho letto alcuni blog e ho scaricato malwarebytes e erroneamente fatto la scansione veloce e questo è il log:
Malwarebytes Anti-Malware (Prova) 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.03.18.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18943
Rosita :: PC-ROSITA [amministratore]

Protezione: Attivata

18/03/2012 19.57.19
mbam-log-2012-03-18 (19-57-19).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 195419
Tempo impiegato: 4 minuti, 29 secondi

Processi rilevati in memoria: 1
C:\ProgramData\ycVEDYkOmkxvLr.exe (Trojan.FakeAlert) -> 3660 -> Verrà eliminato al riavvio.

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ycVEDYkOmkxvLr.exe (Trojan.FakeAlert) -> Dati: C:\ProgramData\ycVEDYkOmkxvLr.exe -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Cattivo: (0) Buono: (1) -> Spostato in quarantena e riparato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Cattivo: (0) Buono: (1) -> Spostato in quarantena e riparato con successo.

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\ProgramData\ycVEDYkOmkxvLr.exe (Trojan.FakeAlert) -> Verrà eliminato al riavvio.

(fine)





poi ho fatto la scansione completa :


Malwarebytes Anti-Malware (Prova) 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.03.19.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18943
Rosita :: PC-ROSITA [amministratore]

Protezione: Attivata

19/03/2012 9.03.40
mbam-log-2012-03-19 (09-03-40).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 420693
Tempo impiegato: 1 ore, 14 minuti, 7 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Users\Rosita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\38e41125-4f521c7c (Trojan.FakeAlert) -> Spostato in quarantena ed eliminato con successo.

(fine)


poi ho fatto la scansione con OTL e i log sono:

OTL logfile created on: 20/03/2012 8.41.45 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Rosita\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,43% Memory free
6,19 Gb Paging File | 4,80 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,19 Gb Total Space | 96,80 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
Drive D: | 8,90 Gb Total Space | 1,64 Gb Free Space | 18,40% Space Free | Partition Type: NTFS

Computer Name: PC-ROSITA | User Name: Rosita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rosita\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programmi\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programmi\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
PRC - C:\Programmi\Common Files\MicroWorld\Agent\MWAGENT.EXE (MicroWorld Technologies Inc.)
PRC - C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programmi\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programmi\Common Files\DeviceHelper\DeviceManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe (IDT, Inc.)
PRC - C:\Programmi\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e9cc25f41a56fc82d6cf58c72c4ad49e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e6220b10333c1b184103c97e09a9a144\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f935bc1b041b94a3e3933f261aad6f3c\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\80434839946cc86fe1e74c32c1445085\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\852c0983b9331cd34362f60282af9537\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e84d59fe1ddbb9bc68fc7f5920364fbc\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c64322812ad3369c7618e5f52d13a72\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\19f5c72f22f18275e3fa45a2a8e04140\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\618be9fca90bc21db0010bae1e84dad4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8b6789f8f3f41376984a5f35a3d32f27\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e757b4f83931d47c785b0aaacf7cce81\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fb0a3a6e527462455beda91d7ea58de5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programmi\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programmi\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programmi\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programmi\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programmi\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programmi\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MWAgent) -- C:\Programmi\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (fsssvc) -- C:\Programmi\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (Autodesk Licensing Service) -- C:\Programmi\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (DeviceManager) -- C:\Programmi\Common Files\DeviceHelper\DeviceManager.exe ()
SRV - (odserv) -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (TCT International Mobile Ltd)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw5v32) Driver scheda Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (PIXMC10V) -- C:\Windows\System32\drivers\pixmc10v.sys (Pixela)
DRV - (PIXMC10A) -- C:\Windows\System32\drivers\pixmc10a.sys (Pixela)
DRV - (PIXMC10) -- C:\Windows\System32\drivers\pixmc10c.sys (Pixela)
DRV - (MASPINT) -- C:\Windows\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (cpwnt) -- C:\Windows\System32\drivers\CPWNT.SYS (Micropi Elettronica - Italia)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{ACD5DC27-6BF7-4836-9D02-F24446FBA221}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKLM\..\SearchScopes\{B320F28C-6347-46e4-98FF-5261CA66FEDA}: "URL" = http://search.lphant.com/webResults.html?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{CF9F801E-BA33-4348-8647-F58926A4B9BE}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\..\SearchScopes,DefaultScope = {CF80E407-885B-447B-B5B6-222AC5B1E06F}
IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\..\SearchScopes\{CF80E407-885B-447B-B5B6-222AC5B1E06F}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7ADSA_it
IE - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/23 18.08.26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2009/11/13 12.33.58 | 000,005,431 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 16 more lines...
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6b284373-1765-4464-a587-80fbc2b2eefa} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmi\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programmi\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmi\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Programmi\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3978820228-1997972751-3182839904-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{276054EA-3C25-417D-9D88-C63D3A985000}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325C5D24-A12E-477E-B903-76FA4144006F}: DhcpNameServer = 83.224.70.62 83.224.70.78
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Programmi\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Programmi\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/31 10.36.25 | 000,000,000 | ---D | M] - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7b57d5e1-81f7-11de-b053-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{7b57d5e1-81f7-11de-b053-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2012/03/20 08.38.15 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Rosita\Desktop\OTL.exe
[2012/03/18 22.20.10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/18 19.50.59 | 000,000,000 | ---D | C] -- C:\Users\Rosita\AppData\Roaming\Malwarebytes
[2012/03/18 19.50.51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/18 19.50.51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/18 19.50.50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/18 19.50.50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/18 18.55.00 | 000,000,000 | ---D | C] -- C:\Users\Rosita\AppData\Local\Seven Zip
[2012/03/18 15.10.40 | 000,000,000 | ---D | C] -- C:\Users\Rosita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/03/15 08.59.38 | 000,000,000 | ---D | C] -- C:\LINDO61
[2012/03/15 08.58.48 | 006,569,768 | ---- | C] (XXXXXXXX ) -- C:\Users\Rosita\Documents\lnd61.exe
[2012/02/06 11.47.33 | 000,000,000 | ---D | C] -- C:\Users\Rosita\AppData\Local\Ilivid Player
[2012/02/06 11.46.35 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/02/06 11.37.30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/02/06 11.37.30 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/06 11.34.01 | 000,000,000 | ---D | C] -- C:\Users\Rosita\AppData\Local\PackageAware
[2012/01/31 21.52.05 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012/01/31 21.52.05 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012/01/27 15.17.12 | 000,000,000 | ---D | C] -- C:\Users\Rosita\.swt

========== Files - Modified Within 60 Days ==========

[2012/03/20 08.40.31 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BAB97B98-99FE-4884-9BBF-B9E9AD40DB75}.job
[2012/03/20 08.40.31 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68EF0267-6C56-4864-AF3F-5671FA19FC17}.job
[2012/03/20 08.38.49 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Rosita\Desktop\OTL.exe
[2012/03/20 08.34.47 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/20 08.34.45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 08.34.42 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 08.34.42 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 01.55.00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 01.55.00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 00.18.41 | 000,662,862 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/03/20 00.18.41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/20 00.18.41 | 000,120,326 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/03/20 00.18.41 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/20 00.12.35 | 000,000,907 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/03/20 00.12.19 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/03/20 00.12.09 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 20.02.11 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/19 08.42.07 | 000,002,687 | ---- | M] () -- C:\Users\Rosita\Desktop\Vodafone Mobile Connect.lnk
[2012/03/18 21.58.35 | 000,143,872 | ---- | M] () -- C:\Users\Rosita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/18 19.50.51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 19.06.48 | 000,000,272 | ---- | M] () -- C:\ProgramData\~LVLUKuGZTrKqQS
[2012/03/18 19.06.48 | 000,000,192 | ---- | M] () -- C:\ProgramData\~LVLUKuGZTrKqQSr
[2012/03/18 15.13.47 | 000,000,448 | ---- | M] () -- C:\ProgramData\LVLUKuGZTrKqQS
[2012/03/18 15.10.40 | 000,000,605 | ---- | M] () -- C:\Users\Rosita\Desktop\System Check.lnk
[2012/03/18 15.10.27 | 000,356,352 | ---- | M] ( ) -- C:\ProgramData\LVLUKuGZTrKqQS.exe
[2012/03/18 14.53.35 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/03/18 14.53.35 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/03/18 14.53.35 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/03/18 14.41.41 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/16 14.26.03 | 000,007,592 | ---- | M] () -- C:\Users\Rosita\AppData\Local\d3d9caps.dat
[2012/03/15 08.59.40 | 000,001,617 | ---- | M] () -- C:\Users\Rosita\Desktop\LINDO 6.1.lnk
[2012/03/15 08.57.56 | 006,177,565 | ---- | M] () -- C:\Users\Rosita\Desktop\lnd61.zip
[2012/03/13 08.56.00 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/12 12.18.40 | 000,492,512 | ---- | M] () -- C:\Users\Rosita\Desktop\P1040967.JPG
[2012/03/02 22.03.23 | 000,051,187 | ---- | M] () -- C:\Users\Rosita\Desktop\424065_3113381527427_1651093396_2601788_381384670_n[1].jpg
[2012/03/02 08.36.32 | 1223,126,606 | ---- | M] () -- C:\Users\Rosita\Desktop\MyNewDVD.avi
[2012/02/23 20.09.13 | 000,109,820 | ---- | M] () -- C:\Users\Rosita\Desktop\Civile.pdf
[2012/02/19 19.50.04 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRosita.job
[2012/02/17 09.11.53 | 000,082,094 | ---- | M] () -- C:\Users\Rosita\Desktop\P2140127.JPG

========== Files Created - No Company Name ==========

[2012/03/19 08.44.44 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/18 19.50.51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 19.37.00 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/18 19.37.00 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk
[2012/03/18 19.37.00 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/18 19.37.00 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\CIVIL Design 8.0 in A2009.lnk
[2012/03/18 19.37.00 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
[2012/03/18 19.37.00 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/03/18 19.37.00 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/18 19.37.00 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2009 - Italiano.lnk
[2012/03/18 19.37.00 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\ImageMixer Ver.1.7.lnk
[2012/03/18 19.37.00 | 000,001,633 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/03/18 19.37.00 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Trimble Total Control.lnk
[2012/03/18 19.37.00 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/03/18 19.06.48 | 000,000,272 | ---- | C] () -- C:\ProgramData\~LVLUKuGZTrKqQS
[2012/03/18 19.06.48 | 000,000,192 | ---- | C] () -- C:\ProgramData\~LVLUKuGZTrKqQSr
[2012/03/18 15.10.40 | 000,000,605 | ---- | C] () -- C:\Users\Rosita\Desktop\System Check.lnk
[2012/03/18 15.10.37 | 000,000,448 | ---- | C] () -- C:\ProgramData\LVLUKuGZTrKqQS
[2012/03/18 15.10.27 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\LVLUKuGZTrKqQS.exe
[2012/03/18 14.53.34 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/03/18 14.53.34 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/03/18 14.53.34 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/03/15 08.59.40 | 000,001,647 | ---- | C] () -- C:\Users\Rosita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINDO 6.1.lnk
[2012/03/15 08.59.40 | 000,001,617 | ---- | C] () -- C:\Users\Rosita\Desktop\LINDO 6.1.lnk
[2012/03/15 08.57.40 | 006,177,565 | ---- | C] () -- C:\Users\Rosita\Desktop\lnd61.zip
[2012/03/12 12.18.56 | 000,492,512 | ---- | C] () -- C:\Users\Rosita\Desktop\P1040967.JPG
[2012/03/03 20.25.46 | 000,051,187 | ---- | C] () -- C:\Users\Rosita\Desktop\424065_3113381527427_1651093396_2601788_381384670_n[1].jpg
[2012/02/23 20.09.13 | 000,109,820 | ---- | C] () -- C:\Users\Rosita\Desktop\Civile.pdf
[2012/02/17 09.11.52 | 000,082,094 | ---- | C] () -- C:\Users\Rosita\Desktop\P2140127.JPG
[2011/01/31 10.49.47 | 000,172,040 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/31 10.26.55 | 000,000,602 | ---- | C] () -- C:\Windows\Win.Bak.Ini
[2010/12/14 16.21.46 | 000,240,237 | ---- | C] () -- C:\Users\Rosita\AppData\Local\mchgn_nav.dat
[2010/12/14 16.21.46 | 000,003,315 | ---- | C] () -- C:\Users\Rosita\AppData\Local\mchgn.dat
[2010/12/14 16.21.46 | 000,001,458 | ---- | C] () -- C:\Users\Rosita\AppData\Local\mchgn_navps.dat
[2010/11/17 15.47.20 | 000,000,089 | ---- | C] () -- C:\Users\Rosita\AppData\Local\jealgcfa.bat
[2010/10/02 14.47.30 | 000,030,208 | ---- | C] () -- C:\Windows\System32\WNASPI32.DLL
[2010/10/02 14.47.25 | 000,000,291 | ---- | C] () -- C:\Windows\msfsetup.ini
[2010/09/15 13.06.01 | 000,512,000 | ---- | C] () -- C:\Users\Rosita\AppData\Local\dfnjfu.exe
[2010/06/02 13.12.12 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2010/05/17 22.32.54 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2010/04/09 16.22.05 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\IMPLODE.DLL
[2010/04/09 16.22.04 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll

========== LOP Check ==========

[2009/03/30 20.58.36 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\AISoftware
[2009/04/04 09.14.06 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\Autodesk
[2012/02/18 18.18.22 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\Azureus
[2009/04/01 09.13.18 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\DAEMON Tools
[2009/04/01 09.18.55 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\DAEMON Tools Lite
[2009/04/01 09.13.18 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\DAEMON Tools Pro
[2009/04/28 17.50.01 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\griffith
[2011/01/31 09.55.14 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\OfferBox
[2009/06/04 15.24.44 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\PlayFirst
[2009/06/22 11.59.52 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\Template
[2009/12/03 12.26.39 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\uTorrent
[2009/08/10 18.51.09 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\Vodafone
[2010/03/30 17.55.52 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\widestream
[2009/03/15 09.20.53 | 000,000,000 | ---D | M] -- C:\Users\Rosita\AppData\Roaming\WildTangent
[2012/03/19 20.02.12 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/20 08.40.31 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{68EF0267-6C56-4864-AF3F-5671FA19FC17}.job
[2012/03/20 08.40.31 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BAB97B98-99FE-4884-9BBF-B9E9AD40DB75}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Rosita\Desktop\MyNewDVD.avi:TOC.WMV

< End of report >





e questo è il secondo log extras:


OTL Extras logfile created on: 20/03/2012 8.41.45 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Rosita\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,43% Memory free
6,19 Gb Paging File | 4,80 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,19 Gb Total Space | 96,80 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
Drive D: | 8,90 Gb Total Space | 1,64 Gb Free Space | 18,40% Space Free | Partition Type: NTFS

Computer Name: PC-ROSITA | User Name: Rosita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3978820228-1997972751-3182839904-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3978820228-1997972751-3182839904-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E7F7AAF-DD4C-49BC-A258-CFF6FB8D936C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{294F1A74-68CE-4C30-BD39-A46167E59625}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A4E948-7FCA-485E-B210-98E2EB21F9BA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{0ACF11AE-A20A-4036-A415-E6881C8240C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1DEBD0C0-D9B8-41DF-9163-1878E50723D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EAF689D-DFD8-48F4-9DA2-A5BEB3D660CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4549B37F-3E54-4D3E-9AC5-BC7666BC6E60}" = protocol=17 | dir=in | app=c:\program files\common files\microworld\agent\mwagent.exe |
"{5BD3D597-2432-45FB-97F4-F2315C81F350}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5E067F6F-79DE-47F8-9AF3-16B74412B1E7}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{6AD26108-B7AA-4EE5-85B2-FA8A2621913F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6EC04EC6-FB15-4AE1-A0AC-65EA1B0C1B01}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{89DC71FA-463B-44CD-A80E-07A52D20048D}" = protocol=17 | dir=in | app=c:\program files\halto\halto.exe |
"{99BC1619-88E8-4CE2-9E82-B45969085F5F}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{9A69F4A8-67FE-4CBB-9A98-4658376DA124}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B9825846-38E0-4609-8CFE-EDFA77CB2D38}" = protocol=6 | dir=in | app=c:\program files\common files\microworld\agent\mwagent.exe |
"{BB642A42-A2B9-4F6A-BC56-22B151318D1D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C20B6A59-614B-4E39-B856-0B8FC9F90EEF}" = protocol=6 | dir=in | app=c:\program files\halto\halto.exe |
"{C3412F6C-0FF8-47B6-865D-5B54AFBFA741}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E6FBC183-CA46-4082-A20F-8898965A7222}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FB500848-9144-43BF-90C4-B3C564185A72}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"TCP Query User{1540F1B7-16A0-42E3-8FEB-719D30271AA1}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3CBA453A-1392-40FC-9A29-C53E049A9B82}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{7A742D68-1637-4E57-B835-D82EA782B95A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A520D800-CC0C-49AD-B083-BEFF85E58669}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{EABAF370-B773-42DC-8C77-E5C43C28BAF3}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9601176A-DF66-438F-ABD6-CB2D19B80D9F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A4D5575F-0E9D-4973-B829-6565A756507D}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{BD017157-77F7-4033-8B3F-E4A51BA05AB6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{BF069B99-DDA3-48F3-B461-ABAC272A77C6}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{DD21DFBE-21F0-40E2-8656-0B597D2F8701}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{2065F4AE-8059-4DCF-86DD-FEE599568BB1}" = ProtectSmart Hard Drive Protection
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2682CFF5-D807-48F1-AC86-34A1654877EE}" = Windows Live Toolbar
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FCBB015-7570-4C22-8BB5-415C79DF1FA5}" = PriMus
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BFED551-630D-4C5E-A90F-A6B7E9CF3CA0}" = PriMus-DCF v.UNICO(b)
"{3F98E7F0-2045-4556-BE8D-2E0C5064B13B}" = Trimble Total Control 2.7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A079056-B42D-49C2-903C-8DC125E2BC32}" = Windows Live Movie Maker
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE8-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.3)
"{5783F2D7-7001-0410-0002-0060B0CE6BBA}" = AutoCAD 2009 - Italiano
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8749AF58-6898-4A3F-AA37-004EDC19F3AD}" = CerTus UNICO(c) Trial Version
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B802669-7722-4F83-8054-930832188033}" = Raccolta foto di Windows Live
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A83000000003}" = Adobe Reader 8.3.1 - Italiano
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B39EFFA7-87C2-49AF-AA2A-BDC60C6272BD}" = Windows Live Family Safety
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C19796D5-E477-40A1-8C78-DF2EB439D99B}" = LINDO 6.1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D40BAE-7B66-11D3-882B-00105A64914B}" = Trimble Data Transfer
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E9B8AB9F-C146-4E2B-8849-0A40EE2D3FA5}" = Civil Design 800_172
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM
"AutoCAD 2009 - Italiano" = AutoCAD 2009 - Italiano
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DIGICORP CIVIL Design 8.0 R17.2" = DIGICORP CIVIL Design 8.0 R17.2
"eMule" = eMule
"Google Chrome" = Google Chrome
"Halto_is1" = Halto 3.6.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HSPA USB MODEM ALCATEL_is1" = One Touch X200 MODEM
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"MWASPI" = MicroStaff WINASPI
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.7
"wccqw" = Favorit
"WildTangent hp Master Uninstall" = My HP Games
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3978820228-1997972751-3182839904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArcView GIS 3.3" = ArcView GIS 3.3
"MXpie Patch" = MXpie Patch for WinMX Network/WPNP 3.6.3.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/04/2010 6.27.05 | Computer Name = PC-Rosita | Source = Google Update | ID = 20
Description =

Error - 24/04/2010 6.54.37 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0x1ec4, data e ora di avvio dell'applicazione 0x01cae39c2ea74d40.

Error - 24/04/2010 9.27.05 | Computer Name = PC-Rosita | Source = Google Update | ID = 20
Description =

Error - 24/04/2010 10.35.03 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0xe50, data e ora di avvio dell'applicazione 0x01cae3ba6aac0100.

Error - 24/04/2010 10.40.46 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0x1934, data e ora di avvio dell'applicazione 0x01cae3b849ddca00.

Error - 25/04/2010 5.27.05 | Computer Name = PC-Rosita | Source = Google Update | ID = 20
Description =

Error - 25/04/2010 9.11.38 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0xa40, data e ora di avvio dell'applicazione 0x01cae47699265320.

Error - 25/04/2010 10.45.44 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0xa8, data e ora di avvio dell'applicazione 0x01cae47be2dd6170.

Error - 25/04/2010 13.52.48 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0x1cdc, data e ora di avvio dell'applicazione 0x01cae499782b3ff0.

Error - 25/04/2010 14.54.33 | Computer Name = PC-Rosita | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore iexplore.exe, versione 8.0.6001.18904,
timestamp 0x4b835fec, modulo che ha generato l'errore msvcrt.dll, versione 7.0.6001.18000,
timestamp 0x4791a727, codice eccezione 0xc0000005, offset errore 0x00009b30, ID
processo 0xd9c, data e ora di avvio dell'applicazione 0x01cae4a88ddab600.

[ System Events ]
Error - 19/03/2012 12.30.30 | Computer Name = PC-Rosita | Source = Service Control Manager | ID = 7022
Description =

Error - 19/03/2012 12.30.30 | Computer Name = PC-Rosita | Source = Service Control Manager | ID = 7022
Description =

Error - 19/03/2012 12.36.07 | Computer Name = PC-Rosita | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 19/03/2012 13.57.52 | Computer Name = PC-Rosita | Source = Dhcp | ID = 1002
Description = Il lease 109.114.96.34 dell'indirizzo IP della scheda di rete con
indirizzo 00A0C6000000 è stato negato dal server DHCP 31.26.204.22. Il server DHCP
ha inviato un messaggio DHCPNACK.

Error - 19/03/2012 14.20.40 | Computer Name = PC-Rosita | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 19/03/2012 14.58.52 | Computer Name = PC-Rosita | Source = Dhcp | ID = 1002
Description = Il lease 31.26.204.21 dell'indirizzo IP della scheda di rete con indirizzo
00A0C6000000 è stato negato dal server DHCP 109.117.224.129. Il server DHCP ha
inviato un messaggio DHCPNACK.

Error - 19/03/2012 19.12.19 | Computer Name = PC-Rosita | Source = HTTP | ID = 15016
Description =

Error - 19/03/2012 19.13.51 | Computer Name = PC-Rosita | Source = Service Control Manager | ID = 7000
Description =

Error - 19/03/2012 19.13.52 | Computer Name = PC-Rosita | Source = Service Control Manager | ID = 7022
Description =

Error - 20/03/2012 3.43.06 | Computer Name = PC-Rosita | Source = VDS Dynamic Provider | ID = 16908298
Description =


< End of report >





adesso cosa dovrei fare??? confido in un vostro aiuto!! grazie..

Ma fammi il piacere.....non far ridere i polli

Questa infezione si può benissimo bonificare.

@ro38175

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:



Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Il pc si riavvierà da solo.


POI:

Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obbligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore"

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.

Ma và pagliaccio, che è tutta un'altra infezione.
Manco leggere il tipo di virus sai.
Sì sono presuntuoso e arrogante: sopratutto con chi dà giudizi strampalati e non ci capisce niente di virus.
Come te.

Ciao ro38175.

Segui attentamente queste indicazioni:

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt (non copiare la parola Code: )





e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

N.B:
Se viene visualizzato il seguente errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione,
sarà necessario riavviare il computer che di norma risolve questo problema.

Alla fine, dimmi quali problemi riscontri.

Ciao.
Poi segui questo percorso ed elimina il file in rosso:

c:\windows\system32\test2.exe

Svuota il cestino.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Disattiva e poi riattiva il Ripristino Configurazione sistema.

Se il pc funziona bene, abbiamo concluso.

Ciao.
Prima di disattivare \attivare il ripristino, ti consiglio di aggiornare il Sistema Operativo al SP2:
http://windows.microsoft.com/it-IT/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2

Leggi bene il link.

Per Disattivare \Attivare il Ripristino:
http://it.kioskea.net/faq/307-disattivare-riattivare-il-ripristino-del-sistema-su-vista

Non ho capito cosa vuoi dire.
L'utente ro38175 ha installato Vista, non Windows 7.

Ciao.

No,infatti l'utente non centra niente.

Controllavo direttamente dal mio computer se era acceso,ora sto su xp.

La differenza tra 7 e vista,per questa operazione mi pare pressochè identica.correggimi se sbaglio.

P.s: Comunque visto i trascorsi di questi ultimi giorni,tengo a precisare che non ho commentato per creare zizzania.

I file desktop.ini non sono altro che dei file testo con all'interno le indicazioni di dove trovare le icone di alcuni file etc.. ma di norma dovrebbero essere nascosti.. se non lo sono clicca sulle proprietà e imposta l'attributo nascosto.

Se ti sta antipatico rinominalo (desktop.ini.kkk) e se non succede niente, dopo qualche giorno, lo puoi anche cancellare. In caso contrario lo rinomini con nome originale, dicasi "desktop.ini".