trovato con malwarebytes un trojan vundo che l'antivirus ha ignorato l'ho messo in quarantena e oggi stufa della lentezza del pc l'ho cancellato fra l'altro non riesco + ad aprire secunia psi che ho dovuto disinstallare e reinstallare ma continua a non funzionare insomma x non farla lunga ho provato di tutto ma il mio pc è sempre lentissimo potete aiutarmi?grazie

Ciao.
Posta un log di HJT
http://www.aiutaamici.com/software?ID=11175

è questo?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.03.47, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [EPSON Stylus Photo R285 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "C:\WINDOWS\TEMP\E_SD4.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O24 - Desktop Component 0: (no name) - http://www.expedia.it/pubspec/scripts/include/sav.js

--
End of file - 9269 bytes

Ciao Francesca benvenuta sul forum segui le istruzioni alla lettera di R16 e vedrai che il pc torna a posto

Allora Francesca oggi come ti ho spiegato in un messaggio un mio collega ha avuto lo stesso problema,ma a lui addiruttura il kis veniva disabilitato e al momento della scansione spariva del tutto, eliminato il VUNDO con la procedura descritta da R16 tutto e' tornato normale,fai come descritto da R16 poi una volta tolta l'infezione fai un ripristino dell'antivirus qualora ci siano problemi,ma prima elimina l'infezione senza lanciare scansioni se non richiesto da chi ti sta assistendo.
Per chiudere KAV tasto dx sull'icona e clicca SOSPENDI PROTEZIONE.

succede una cosa strana mi è apparsa la notifica di windows che mi dice che la copia non è autentica(cosa strana ho sempre installato gli aggiornamenti e non è mai successo) il deskop è diventato nero è sparita l'immagine sfondo,Tutto normale?

accidenti troppo complicato ma ci proverò nella chiavetta usb ho il file zip che ho scompattato dal centro assistnza dell'antivirus e nella partizione film archiviati da un sacco di tempo

eccolo se ho fatto giusto ho anche disabilitato non so che provo adesso ad attivare l'antivirus e fare la scansine della pen drive

ComboFix 09-04-01.01 - Asus 2009-04-02 22.56.47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1919.1313 [GMT 2:00]
Eseguito da: c:\documents and settings\Asus\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Asus\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-02 al 2009-04-02 )))))))))))))))))))))))))))))))))))
.

2009-04-02 22:51 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-04-02 22:51 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-04-02 22:26 . 2009-04-02 22:26 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-04-02 22:26 . 2009-04-02 22:26 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-04-02 19:03 . 2009-04-02 19:03 <DIR> d-------- c:\programmi\Trend Micro
2009-04-02 18:03 . 2009-04-02 18:03 <DIR> d-------- c:\programmi\Secunia
2009-04-01 17:33 . 2009-04-01 17:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\Malwarebytes
2009-04-01 17:08 . 2009-04-01 17:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-01 17:08 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 17:08 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-28 18:43 . 2009-03-29 15:36 <DIR> d-------- c:\programmi\File comuni\Adobe AIR
2009-03-26 21:18 . 2009-03-26 21:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-24 13:03 . 2009-03-24 13:03 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2009-03-22 19:22 . 2009-03-22 19:22 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> dr------- c:\programmi\Skype
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> d-------- c:\programmi\File comuni\Skype
2009-03-17 19:20 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-17 00:03 . 2009-03-17 00:03 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\Windows Search
2009-03-17 00:02 . 2009-03-17 00:02 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-17 00:02 . 2009-03-18 10:45 <DIR> d-------- c:\programmi\Windows Desktop Search
2009-03-16 23:24 . 2009-01-09 21:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-16 22:23 . 2009-03-17 00:05 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-16 22:23 . 2009-03-16 22:23 <DIR> d-------- c:\programmi\Reference Assemblies
2009-03-16 22:22 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-16 22:22 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-16 22:22 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-16 22:22 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-16 22:22 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-16 22:22 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-16 22:22 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-14 01:14 . 2009-03-14 01:16 <DIR> d-------- c:\documents and settings\Asus\Dati applicazioni\vlc
2009-03-12 22:11 . 2008-04-14 05:13 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-12 22:11 . 2008-04-13 21:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-12 22:11 . 2008-04-13 21:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-12 22:11 . 2001-08-31 00:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-12 21:15 . 2009-03-12 21:15 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2009-03-12 00:29 . 2004-08-19 15:39 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 00:58 . 2009-04-02 21:42 <DIR> d-------- c:\documents and settings\Asus\Tracing
2009-03-10 00:57 . 2009-03-11 14:11 <DIR> d-------- c:\programmi\Microsoft Silverlight
2009-03-10 00:57 . 2009-03-10 00:57 <DIR> d-------- c:\programmi\Microsoft Office Outlook Connector
2009-03-10 00:50 . 2009-03-10 00:50 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-03-10 00:50 . 2009-03-10 00:57 <DIR> d-------- c:\programmi\Microsoft
2009-03-10 00:44 . 2009-03-10 00:44 <DIR> d-------- c:\programmi\File comuni\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 20:26 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\SUPERAntiSpyware.com
2009-04-02 19:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-02 19:40 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-02 19:40 4,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-02 19:40 23,448 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-02 19:40 2,594,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 19:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-01 15:36 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\Symantec
2009-03-28 16:36 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-26 19:18 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-22 17:24 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\Skype
2009-03-22 17:22 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\skypePM
2009-03-22 17:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-16 20:23 --------- d-----w c:\programmi\MSBuild
2009-03-12 19:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-09 22:49 --------- d-----w c:\programmi\Windows Live
2009-02-28 18:22 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 21:20 --------- d-----w c:\documents and settings\Asus\Dati applicazioni\live-player
2009-02-21 07:25 691,592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-19 20:19 --------- d-----w c:\programmi\CCleaner
2009-02-18 17:40 --------- d-----w c:\programmi\MegaLink
2009-02-17 17:11 24,232 -c--a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 89,256 -c--a-w c:\windows\system32\ElbyCDIO.dll
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 14:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-02-07 14:34 --------- d-----w c:\programmi\EPSON
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 14:05 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 17:45 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:45 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-02 19:54 499,712 -c--a-w c:\windows\system32\msvcp71.dll
2009-01-02 19:54 348,160 -c--a-w c:\windows\system32\msvcr71.dll
2008-05-17 17:23 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-10-03 18:28 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100320081004\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-02_21.44.30.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 20:26:35 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-04-02 20:26:35 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-03-24 1488112]
"EPSON Stylus Photo R285 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE" [2007-04-13 182272]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 206088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-02 185872]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-26 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" [2007-04-13 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Asus\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2007-04-19 24576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2007-06-06 1260672]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-03-24 7808]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f70c60-0f39-11de-a028-001d60dddb41}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91724ec6-cbe7-11dc-9dba-f1c7c3a4ee5c}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a05e60-5be0-11dd-9ee5-001d60dddb41}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 23:29]

2009-04-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 22:58:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-04-02 23.00.11
ComboFix-quarantined-files.txt 2009-04-02 21:00:08
ComboFix2.txt 2009-04-02 19:50:38
ComboFix3.txt 2009-04-02 19:45:49

Pre-Run: 33.832.742.912 byte disponibili
Post-Run: 33,832,083,456 byte disponibili

212 --- E O F --- 2009-03-25 15:07:23

Ok, visto che non era difficile?
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è importante)
Esegui una scansione completa del sistema
Posta il log.

Falla lo stesso francesca64 , adesso il pc non è lo stesso di prima.
Non eliminare niente, se trova qualcosa.
Posta solo il risultato.
Mi raccomando, AGGIORNALO prima di fare la scansione.
Ci sono miglioramenti ?