grazie r16 proverò non appena sarò a casa stasera;
se non ricordo male per cancellare le voci nella chiave che mi indichi è una procedura delicata vero? se sei d'accordo ci risentiamo appena ho verificato comunicandoti cosa ho trovato e con l'occasione ti posto un log di hijack da sessione normale.
a presto

No, sono due cose indipendenti: anche se non dai alcuna "ripulita" prima, dovresti poter trovare lo stesso la Chiave che t'ha indicato r16... Il che non sta a significare -è ovvio!- che dare (ogni tanto, non troppo spesso) una ripulitina al Registro di Sistema sia cosa "malvagia" o da evitare...

Ciao.
Elimina queste voci di HijackThis:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O20 - Winlogon Notify: fccaYpOE - fccaYpOE.dll (file missing)
O20 - Winlogon Notify: xxywVOGy - xxywVOGy.dll (file missing)
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Disistalla Ad-Aware, che non serve a niente, e installa questo: (e tienilo installato che è molto più valido di Ad-Aware)

Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo dove vuoi tu. : http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato,e procedi con l'installazione

Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Postalo qui.

Prova a fare una scansione on-line con con kaspersky
Per eseguire questa scansione devi installare l'applet Java per poter procedere.
Se non ce l'hai (io non l'ho vista) scaricala da qui:
http://www.aiutaamici.com/software?ID=11134

http://www.kaspersky.com/virusscanner

Clicca su Kaspersky Online Scanner
Clicca su Accept
Si avvierà un Update
Vai nella colonna di sinistra dove c'è scritto Scan e scegli my computer
Finita la scansione in fondo a destra, clicca sulla la voce View Scan Report, e poi clicca su "Save Report As e salvalo sul desktop.

ciao r16 ho fixato le voci che hai detto, pulito reg. con ccleaner, e ti allego il file di malwareb che ho fatto girare dopo ad aware (che ha trovato ed eliminato una sola infezione) mentre malware ne ha scovati altri come vedrai:
Malwarebytes' Anti-Malware 1.30
Versione del database: 1364
Windows 5.1.2600 Service Pack 3

04/11/2008 19.38.47
mbam-log-2008-11-04 (19-38-40).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi scansionati: 110668
Tempo trascorso: 14 minute(s), 0 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 5
Elementi dato del registro infetti: 0
Cartelle infette: 2
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c218bc1-b339-40df-8346-792d2dbaffb5} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1c218bc1-b339-40df-8346-792d2dbaffb5} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\WinBudget (Adware.AdMedia) -> No action taken.
C:\Programmi\WinBudget\bin (Adware.AdMedia) -> No action taken.

File infetti:
(Nessun elemento malevolo rilevato)


farò appena possibile la scansione on-line nel frattempo di chiedo un tuo parere su spyterminator che ha il controllo in tempo reale:che ne pensi? visto che si può usare anche per scasioni è il caso di usarlo al posto di ad-aware e di malwareb?
ciao e grazie

ok r16 devo chiederti alcune precisazioni:
ho norton ce: per disabilitarlo devo togliere 'controllo in tempo reale file system' o altro?
devo farlo subito, cioè prima di lanciare vundofix o solo prima di scaricare combofix? (altrimenti mi blocca lo scarico di combofix?)

devo inviarti un ultimo file di hjt anche dopo super antispyware?
per aggirona sistema intendi windows up date? (il mio non è originale).
a presto

Facciamo un pò di ordine:
Si, devi Disattivare il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Norton lascialo disabilitato, (appena puoi cambialo)
Non ho detto che devi aggiornare il sistema (che sarebbe meglio) Ma super antispyware, cliccando PRIMA di fare la scansione su:Check for Updates
Per comodità, prima scarica tutti i programmi, poi fai le scansioni (disconnesso da internet)
Quando hai finito TUTTE le scansioni (Disconnesso da internet, mi raccomando) riattivi Norton.
Ricordati di postarmi i log.
Tutto chiaro?

eccomi qua ho ho fatto tutto quello che hai detto.

vundofix non ha trovato files infetti e non ha prodotto il log,
ti allego il logo di hjt fatto subito dopo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.50.28, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: acrobat assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222182782356
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN

--
End of file - 5514 bytes

---

ECCO IL LOG DI COMBOFIX

ComboFix 08-11-04.02 - Mauro 2008-11-05 16:03:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1536 [GMT 1:00]
Eseguito da: c:\documents and settings\Mauro\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Creati Da 2008-10-05 al 2008-11-05 )))))))))))))))))))))))))))))))))))
.

2008-11-05 15:42 . 2008-11-05 15:42 <DIR> d-------- C:\VundoFix Backups
2008-11-05 15:24 . 2008-11-05 15:24 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-11-05 15:24 . 2008-11-05 15:24 <DIR> d-------- c:\documents and settings\Mauro\Dati applicazioni\SUPERAntiSpyware.com
2008-11-05 15:24 . 2008-11-05 15:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-11-04 19:23 . 2008-11-04 19:23 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-04 19:23 . 2008-11-04 19:23 <DIR> d-------- c:\documents and settings\Mauro\Dati applicazioni\Malwarebytes
2008-11-04 19:23 . 2008-11-04 19:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-04 19:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-04 19:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-31 18:10 . 2008-11-05 15:47 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-10-30 20:18 . 2008-10-30 20:20 <DIR> d-------- c:\programmi\RegCleaner
2008-10-29 15:42 . 2008-11-01 14:25 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-29 15:42 . 2008-10-29 15:42 1,409 --a------ c:\windows\QTFont.for
2008-10-21 20:31 . 2008-10-21 20:31 <DIR> d-------- c:\programmi\SlySoft
2008-10-09 14:17 . 2008-10-09 14:17 <DIR> d-------- C:\loesch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 15:02 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-05 14:24 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-05 14:07 --------- d-----w c:\programmi\SpywareBlaster
2008-11-04 18:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-26 11:27 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-20 16:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-10-05 12:41 --------- d-----w c:\programmi\Windows Live Safety Center
2008-09-24 20:13 --------- d-----w c:\programmi\Lavasoft
2008-09-24 20:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-09-24 19:10 --------- d-----w c:\programmi\PC Tools Firewall Plus
2008-09-23 18:05 --------- d--h--r c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\SecuROM
2008-09-23 17:45 108,144 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-23 17:45 --------- d-----w c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\Loescher
2008-09-23 15:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-11 19:13 --------- d-----w c:\programmi\CCleaner
2008-09-08 14:45 --------- d-----w c:\programmi\FDRLab
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_15.56.08,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 17:13:50 56,320 -c--a-w c:\windows\system32\dllcache\secur32.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 843,776 2006-05-01 02:07:44 c:\programmi\Analog Devices\Core\bak\smax4pnp.exe

----a-w 729,088 2006-04-10 08:19:46 c:\programmi\Analog Devices\SoundMAX\bak\Smax4.exe

----a-w 90,112 2006-05-10 09:12:06 c:\programmi\ATI Technologies\ATI.ACE\bak\CLIStart.exe
----a-w 90,112 2006-09-25 08:12:20 c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe

----a-w 94,208 2005-09-03 14:18:30 c:\programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe

----a-w 98,304 2007-02-26 23:19:29 c:\programmi\QuickTime\bak\qttask.exe
----a-w 286,720 2007-12-11 09:56:54 c:\programmi\QuickTime\QTTask.exe

----a-w 77,824 2002-08-22 09:56:02 c:\programmi\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe
----a-w 77,824 2002-08-22 10:56:02 c:\programmi\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
acrobat assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-02-27 127488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"<NO NAME>"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-07-28 160792]
R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\DRIVERS\PMJ151NM.sys [2002-03-19 14848]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthDriver.sys [2008-08-05 58136]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 3768]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-12-28 513152]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-30 c:\windows\Tasks\At10.job
- c:\windows\system32\xAKI626p.exe []

2008-10-30 c:\windows\Tasks\At11.job
- c:\windows\system32\xAKI626p.exe []

2008-11-01 c:\windows\Tasks\At12.job
- c:\windows\system32\xAKI626p.exe []

2008-11-01 c:\windows\Tasks\At13.job
- c:\windows\system32\xAKI626p.exe []

2008-10-30 c:\windows\Tasks\At14.job
- c:\windows\system32\xAKI626p.exe []

2008-10-30 c:\windows\Tasks\At15.job
- c:\windows\system32\xAKI626p.exe []

2008-11-03 c:\windows\Tasks\At16.job
- c:\windows\system32\xAKI626p.exe []

2008-11-04 c:\windows\Tasks\At17.job
- c:\windows\system32\xAKI626p.exe []

2008-11-04 c:\windows\Tasks\At18.job
- c:\windows\system32\xAKI626p.exe []

2008-11-04 c:\windows\Tasks\At19.job
- c:\windows\system32\xAKI626p.exe []

2008-10-31 c:\windows\Tasks\At20.job
- c:\windows\system32\xAKI626p.exe []

2008-11-04 c:\windows\Tasks\At21.job
- c:\windows\system32\xAKI626p.exe []

2008-11-04 c:\windows\Tasks\At22.job
- c:\windows\system32\xAKI626p.exe []

2008-10-27 c:\windows\Tasks\At23.job
- c:\windows\system32\xAKI626p.exe []

2008-09-24 c:\windows\Tasks\At24.job
- c:\windows\system32\xAKI626p.exe []

2008-10-16 c:\windows\Tasks\At25.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-16 c:\windows\Tasks\At26.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At27.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At28.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At29.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At3.job
- c:\windows\system32\xAKI626p.exe []

2008-01-31 c:\windows\Tasks\At30.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At31.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At32.job
- c:\windows\system32\B8ekyH6R.exe []

2008-04-26 c:\windows\Tasks\At33.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-30 c:\windows\Tasks\At34.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-30 c:\windows\Tasks\At35.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-01 c:\windows\Tasks\At36.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-01 c:\windows\Tasks\At37.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-30 c:\windows\Tasks\At38.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-30 c:\windows\Tasks\At39.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At4.job
- c:\windows\system32\xAKI626p.exe []

2008-11-03 c:\windows\Tasks\At40.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-04 c:\windows\Tasks\At41.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-04 c:\windows\Tasks\At42.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-04 c:\windows\Tasks\At43.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-31 c:\windows\Tasks\At44.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-04 c:\windows\Tasks\At45.job
- c:\windows\system32\B8ekyH6R.exe []

2008-11-04 c:\windows\Tasks\At46.job
- c:\windows\system32\B8ekyH6R.exe []

2008-10-27 c:\windows\Tasks\At47.job
- c:\windows\system32\B8ekyH6R.exe []

2008-09-24 c:\windows\Tasks\At48.job
- c:\windows\system32\B8ekyH6R.exe []

2008-01-31 c:\windows\Tasks\At5.job
- c:\windows\system32\xAKI626p.exe []

2008-01-31 c:\windows\Tasks\At6.job
- c:\windows\system32\xAKI626p.exe []

2008-01-31 c:\windows\Tasks\At7.job
- c:\windows\system32\xAKI626p.exe []

2008-01-31 c:\windows\Tasks\At8.job
- c:\windows\system32\xAKI626p.exe []

2008-04-26 c:\windows\Tasks\At9.job
- c:\windows\system32\xAKI626p.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-NavLogon - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 16:05:43
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
Ora fine scansione: 2008-11-05 16:06:37
ComboFix-quarantined-files.txt 2008-11-05 15:06:34

Pre-Run: 68,605,911,040 byte disponibili
Post-Run: 68,589,289,472 byte disponibili

228



CON IL LOG DI HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.08.53, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: acrobat assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222182782356
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN

--
End of file - 5522 bytes

---

ECCO IL LOG DI SUPERATISPYW.:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/05/2008 at 04:39 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 00:26:05

Memory items scanned : 441
Memory threats detected : 0
Registry items scanned : 5667
Registry threats detected : 0
File items scanned : 49252
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Mauro\Cookies\mauro@eas.apm.emediate[1].txt
C:\Documents and Settings\mamma\Cookies\lorena@adv.rossoalice.alice[1].txt


[b]NB:I FILES SONO ANCORA IN QUARANTENA ATTENDO ISTRUZIONI PER ELIMINARLI[/b]

---

ECCO IL FILE FINALE HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.52.00, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: acrobat assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222182782356
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN

--
End of file - 5555 bytes



ATTENDO TUE NOTIZIE

p.s. mi ha dato cosa mai successa prima mentre allegavo i logs "errore explorer.exe". è normale?

grazie

Ciao.
Fai questa operazione:
portati alla chiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Quando hai trovato Image File Execution Options,clicca sul + e guarda se sotto, esistono queste cartelle:

- explorer.exe e se c'è riporta qui i valori.
- iexplore.exe e se c'è riporta qui i valori
Se non le trovi, fai quest'altra operazione:
Apri il TaskManager (ctrl + alt + canc), termina il processo explorer.exe; Probabilmente spariranno le icone del desktop; è normale;
Poi: Da file->Nuova operazione, digita explorer.exe oppure solo explorer e dai l'OK.
Riavvia il pc.




*********************************************************************************************************
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
*********************************************************************************************************