Il log è pulito.
Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner lo si fà girare in MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.
*
********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria

Fatto! ci è voluto del tempo ma comunque è riuscito. Ti allego il nuovo log e ti ringrazio ancora

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.58.29, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Programmi\ATnotes\ATnotes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\msiexec.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ATnotes.exe] F:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE31E768-D71E-4068-BAE4-A0DDBE74D812}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6015 bytes

scusa, eccolo

ComboFix 08-06-20.4 - Administrator 2008-07-01 8.46.34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.654 [GMT 2:00]
Eseguito da: C:\Downloads\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.

2008-06-30 22:07 . 2008-06-30 22:53 <DIR> d-------- C:\Programmi\eMule
2008-06-30 19:55 . 2008-06-30 19:55 <DIR> d-------- C:\Programmi\Realtek AC97
2008-06-30 19:55 . 2001-07-06 00:19 164 --a------ C:\WINDOWS\avrack.ini
2008-06-30 19:24 . 2008-06-30 19:24 169 --a------ C:\WINDOWS\RtlRack.ini
2008-06-30 19:22 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-30 19:21 . 2008-06-30 19:21 <DIR> d-------- C:\Programmi\Realtek Sound Manager
2008-06-30 19:21 . 2006-08-18 13:52 4,017,536 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-06-30 19:20 . 2008-06-30 19:55 <DIR> d-------- C:\Programmi\AvRack
2008-06-30 19:20 . 2006-08-17 08:11 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-06-30 19:20 . 2006-08-10 07:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-06-30 19:20 . 2006-08-03 05:12 577,536 --a------ C:\WINDOWS\soundman.exe
2008-06-30 19:20 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-06-30 19:20 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-06-30 19:20 . 2006-08-01 14:58 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-06-30 19:20 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-06-29 17:43 . 2008-06-29 17:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Media Player Classic
2008-06-29 17:42 . 2008-06-29 17:42 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-06-28 20:59 . 2008-06-30 09:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-28 20:59 . 2008-06-28 20:59 <DIR> d-------- C:\Programmi\AVG
2008-06-28 20:59 . 2008-06-28 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-06-28 20:59 . 2008-06-28 21:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\AVGTOOLBAR
2008-06-28 20:59 . 2008-06-28 20:59 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-28 20:59 . 2008-06-28 20:59 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-28 20:59 . 2008-06-28 20:59 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-28 19:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-28 19:52 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-28 19:33 . 2008-06-28 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-06-28 19:33 . 2008-06-28 19:33 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-28 19:33 . 2008-06-28 19:33 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-28 19:32 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2008-06-22 12:25 . 2008-06-30 19:36 118 --a------ C:\pmp_usb.ini
2008-06-20 20:12 . 2008-06-30 20:09 474 -r-h----- C:\winamp_cache_0001.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 06:52 1,652,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-01 06:44 --------- d-----w C:\Programmi\FlashGet
2008-06-30 21:18 23,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-30 21:17 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\uTorrent
2008-06-30 21:11 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-06-30 21:01 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\skypePM
2008-06-30 17:20 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-10 11:23 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-04-10 11:23 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2008-04-06 15:01 27,262,976 ----a-w C:\VIRTPART.DAT
2008-04-04 10:19 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2006-06-14 09:53 29,184 ----a-w C:\WINDOWS\inf\usbccid.sys
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"="F:\Programmi\ATnotes\ATnotes.exe" [2005-01-05 15:45 1015808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:39 15360]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2006-07-29 20:33 5354792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [2002-03-20 23:31 90112 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2002-03-07 11:25 16384 C:\WINDOWS\system32\dslagent.exe]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-28 20:59 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\msncall.exe"=
"C:\\Programmi\\FlashGet\\flashget.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-28 20:59]
R1 GhPciScan;GhostPciScanner;C:\Programmi\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-28 20:59]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-28 20:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-28 20:59]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 20:56]
S2 gafwload;D-Link DSL-200 USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-03-07 12:47]
S3 SM_SUGE1_FUService;SUGE1 Status Monitor Service;"C:\Programmi\SAMSUNG\Samsung SCX-4200 Series\SPanel\ssmsrvc /Service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c08b877-fefb-11dc-92ff-0050ba300101}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infocamere\bkmlauncher.exe
\Shell\ICBK\command - F:\infocamere\bkmlauncher.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 08:52:09
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SM_SUGE1_FUService]
"ImagePath"="\"C:\Programmi\SAMSUNG\Samsung SCX-4200 Series\SPanel\ssmsrvc /Service"
.
Ora fine scansione: 2008-07-01 8.54.25
ComboFix-quarantined-files.txt 2008-07-01 06:54:16

8 Directory 1,591,078,912 byte disponibili
12 Directory 1,983,352,832 byte disponibili

129 --- E O F --- 2008-06-28 18:02:32

Molto più veloce di prima, direi che hai risolto. Grazie e complimenti per il bambino: è bellissimo