Innanzitutto grazie anticipatamente di seguito ho posto il rapporto del programma Malwarebytes:



Malwarebytes' Anti-Malware 1.31
Versione del database: 1497
Windows 5.1.2600 Service Pack 3

13/12/2008 21.32.11
mbam-log-2008-12-13 (21-31-59).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 130987
Tempo trascorso: 49 minute(s), 17 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 3
Chiavi di registro infette: 16
Valori di registro infetti: 1
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\hgGxXQGw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJYOEtU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\urbrjv.dll (Trojan.Vundo.H) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c723e90-af4e-425e-b490-c48184dd44fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4c723e90-af4e-425e-b490-c48184dd44fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljyoetu (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87e3ed74-5993-4a37-8a17-fc490faeccf3} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87e3ed74-5993-4a37-8a17-fc490faeccf3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4c723e90-af4e-425e-b490-c48184dd44fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87e3ed74-5993-4a37-8a17-fc490faeccf3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggxxqgw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggxxqgw -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\urbrjv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJYOEtU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGxXQGw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wGQXxGgh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wGQXxGgh.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\shqruqcp.dll (Trojan.Vundo.H) -> No action taken.

Eccomi di nuovo ti ho allegato il nuovo log di Hijack, è successo credo tutto dopo aver disistallato Kaspersky dopo il periodo di prova non mi ha entusiasmato mi rallentava molto e d ho ristallato nod32


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.30.00, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?mkt=it-it&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4469 bytes

Ciao Saphiro ecco l'analisi fatta al sistema con pandaonline che ne dici,sembra che abbiamo sempre ospiti vero



ANALYSIS: 2008-12-13 23:53:32
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Sistema Antivirus NOD32 2.70 2.70 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040722 adware/navipromo Adware No 1 Yes No hkey_current_user\software\mc
02652859 Trj/MultiDropper.RJJ Virus/Trojan No 1 Yes No D:\Documenti\scambio files\rotateMe v2.0 Crack.zip[wrar371_aff200066032-002.exe]
02918065 Generic Worm Virus/Worm No 0 No No D:\Documenti\scambio
files\Corel Paint Shop Pro Photo X2 v.12.0 Multilenguaje + KeyGen + Corel Incentives_DnGnMsTr.rar[Corel Paint Shop Pro Photo X2 v.12.0 Multilenguaje + KeyGen + Corel Incentives_DnGnMsTr\keygen.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Programmi\Eset\infected\EKMX5CCA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Programmi\Eset\infected\AQ0IWSAA.NQF
03738672 Generic Malware Virus/Trojan No 0 Yes No D:\Documenti\Marco\Rimuove Avviso Copia Contraffatta Di Windows E Riabilita Gli Aggiornamenti\kb905474_1.5.540.0.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location 7
;===================================================================================================================================================================================
No D:\Documenti\scambio files\Windows Media Player 11 ITA Crackato e Funzionante.rar[Messenger 7.5 MSN Plus MSN Content Adder (version 1.2 2.0) animoticon emoticon (pack , nuove , vecchie , sex , cartoon , extra).zip][SETUP MESSENGER 7.5/Install_MSN_Messenger.exe][SETUP MESSENGER 7.5/Install_MSN_Messenger.exe][MsnMsgs.msi][unk_0035][msnmsgrexe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 7
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Buongiorno shapiro, ieri ho provato ad eliminare i file infetti con panda ma il sistema mi diceva di acquistare la licenza,come mi devo comportare? nel frattempo ho riattivato la scansione ed ho eliminato i file segnalati come infetti nella ripartizione D programmi scaricati qualche periodo fa

appena finirà la scansione lo disattivo sono al 50% successivamente consigli di installare avira ma saàù efficace ad evitare analoghi problemi?

*******************************************************************************************************************************************************************************
ANALYSIS: 2008-12-14 13:39:19
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Sistema Antivirus NOD32 2.70 2.70 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040722 adware/navipromo Adware No 1 Yes No hkey_current_user\software\mc
02652859 Trj/MultiDropper.RJJ Virus/Trojan No 1 Yes No D:\RECYCLER\S-1-5-21-796845957-362288127-839522115-1003\Dd16.zip[wrar371_aff200066032-002.exe]
02918065 Generic Worm Virus/Worm No 0 No No D:\Documenti\scambio files\Corel Paint Shop Pro Photo X2 v.12.0 Multilenguaje + KeyGen + Corel Incentives_DnGnMsTr.rar[Corel Paint Shop Pro Photo X2 v.12.0 Multilenguaje + KeyGen + Corel Incentives_DnGnMsTr\keygen.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\RECYCLER\S-1-5-21-796845957-362288127-839522115-1003\Dc5.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\RECYCLER\S-1-5-21-796845957-362288127-839522115-1003\Dc4.NQF
03738672 Generic Malware Virus/Trojan No 0 Yes No D:\Documenti\Marco\Rimuove Avviso Copia Contraffatta Di Windows E Riabilita Gli Aggiornamenti\kb905474_1.5.540.0.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location S
;===================================================================================================================================================================================
No D:\RECYCLER\S-1-5-21-796845957-362288127-839522115-1003\Dd1.rar[Messenger 7.5 MSN Plus MSN Content Adder (version 1.2 2.0) animoticon emoticon (pack , nuove , vecchie , sex , cartoon , extra).zip][SETUP MESSENGER 7.5/Install_MSN_Messenger.exe][SETUP MESSENGER 7.5/Install_MSN_Messenger.exe][MsnMsgs.msi][unk_0035][msnmsgrexe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description S
;===================================================================================================================================================================================
;===================================================================================================================================================================================


ecco l'ultima analisi nn riesco a togliere i file in C particolare recyclers il sistema mi risponde che sono in uso da altro programma, nel frattempo ho disattivatoil ripristino

Description Version Active Updated
;===================================================================================================================================================================================
Sistema Antivirus NOD32 2.70 2.70 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040722 adware/navipromo Adware No 1 Yes No hkey_current_user\software\mc
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Rieccomi ho rifatto la scansione e mi e rimasto solo la voce sopra descritta poi mi hai debellato da tutto scusa la mia inesperienza ma cosa devo fare per togliere l'ultima voce grazie

Search Navipromo version 3.7.0 began on 14/12/2008 at 20.43.49,01

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 10.12.2008 at 21h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : marc ( Administrator )
BOOT : Normal boot

Antivirus : Sistema Antivirus NOD32 2.70 2.70 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:51 Go (Free:32 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:29 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)


Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\marc\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\marc\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\marc\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\marc\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!

HKEY_CURRENT_USER\Software\Lanconfig found !
HKEY_CURRENT_USER\Software\mc found !

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\marc\impost~1\datiap~1" :


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 14/12/2008 at 20.46.44,42 ***



Caro e paziente shapiro spero di essere all'epilogo ti ho allegato il result dell'ultimo accertamento che dici siomo puliti!!!! Sai l'inglese non è il mio forte neanche il pc in verità!!

Ciao shapiro credo di si dall'analisi nn ti risulta? casomai lo rifaccio