grazie x la risposta.....allego di seguito il log di combofix.
ComboFix 09-10-13.01 - Administrator 13/10/2009 21.06.38.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1397 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\Desktopicon
c:\documents and settings\Administrator\Dati applicazioni\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\gnffdee.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\gnffdee.exe
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\gnffdee_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\gnffdee_navps.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\jfcnjfie.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\jfcnjfie_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\jfcnjfie_navps.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\jfcnjfie_navup.dat
c:\programmi\RelevantKnowledge
c:\programmi\RelevantKnowledge\rlls.dll
c:\programmi\RelevantKnowledge\rloci.bin
c:\programmi\RelevantKnowledge\rlservice.exe
c:\programmi\RelevantKnowledge\rlvknlg.exe
c:\windows\Installer\1e4eb7.msi
c:\windows\Installer\287c4.msi
c:\windows\Installer\5a9c08.msp
c:\windows\Installer\c9485.msi
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-09-13 al 2009-10-13 )))))))))))))))))))))))))))))))))))
.

2009-10-13 18:37 . 2009-10-13 18:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Convivea
2009-10-13 18:37 . 2009-10-13 18:37 -------- d-----w- c:\programmi\Bit Che
2009-10-13 17:23 . 2009-10-13 17:23 -------- d-----w- c:\programmi\Trend Micro
2009-10-12 21:14 . 2009-10-12 21:14 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\.clamwin
2009-10-12 21:14 . 2009-10-12 21:14 -------- d-----w- c:\programmi\ClamWin
2009-10-12 21:14 . 2009-10-12 21:14 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KC Softwares
2009-10-12 18:14 . 2009-10-12 18:14 -------- d-----w- c:\programmi\KC Softwares
2009-10-10 15:24 . 2009-10-10 15:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\GlarySoft
2009-10-10 15:19 . 2009-10-10 15:19 -------- d-----w- c:\programmi\Glary Utilities
2009-10-04 08:53 . 2009-10-04 09:17 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\FrostWire
2009-10-04 08:53 . 2009-10-04 08:53 -------- d-----w- c:\programmi\FrostWire
2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-22 19:58 . 2009-10-13 18:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-09-22 18:07 . 2009-09-22 19:58 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 19:06 . 2009-02-04 23:01 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2009-10-13 18:36 . 2009-02-05 21:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-10-11 09:53 . 2009-02-04 21:40 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-10-11 09:36 . 2009-02-07 12:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\mIRC
2009-10-11 07:35 . 2009-09-04 21:38 -------- d-----w- c:\programmi\mIRC
2009-09-29 17:54 . 2009-04-14 13:28 -------- d-----w- c:\programmi\GameTop.com
2009-09-22 19:58 . 2009-02-10 20:59 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Azureus
2009-09-19 15:00 . 2009-03-15 19:09 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-19 13:31 . 2009-02-04 21:31 55160 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-12 12:21 . 2004-08-19 16:39 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-09-07 21:05 . 2009-09-07 21:05 -------- d-----w- c:\programmi\JRE
2009-09-07 21:05 . 2009-02-17 20:24 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-09-07 21:05 . 2009-02-17 20:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-07 21:05 . 2009-02-04 21:29 -------- d-----w- c:\programmi\Java
2009-09-06 17:56 . 2009-03-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Canon
2009-09-02 20:14 . 2009-03-27 20:05 256 ----a-w- c:\windows\system32\pool.bin
2009-08-29 16:05 . 2009-06-21 10:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 16:05 . 2009-06-21 10:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 16:05 . 2009-06-21 10:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 -c--a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 -c--a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-02-27 16:43 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-27 16:43 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-27 16:43 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c67605a-fbee-4eae-a9f4-2090abf3b407}"= "c:\programmi\youbuy\tbyou1.dll" [2009-07-15 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c67605a-fbee-4eae-a9f4-2090abf3b407}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c67605a-fbee-4eae-a9f4-2090abf3b407}]
2009-07-15 15:55 2215960 ----a-w- c:\programmi\youbuy\tbyou1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c67605a-fbee-4eae-a9f4-2090abf3b407}"= "c:\programmi\youbuy\tbyou1.dll" [2009-07-15 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c67605a-fbee-4eae-a9f4-2090abf3b407}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C67605A-FBEE-4EAE-A9F4-2090ABF3B407}"= "c:\programmi\youbuy\tbyou1.dll" [2009-07-15 2215960]

[HKEY_CLASSES_ROOT\clsid\{2c67605a-fbee-4eae-a9f4-2090abf3b407}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-05 39408]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2007-08-03 1552384]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-05 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-09-07 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 16:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlackBerry Desktop Redirector.lnk]
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Nokia Nseries PC Suite.lnk]
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\GIOCHI\\Flash\\Preferiti\\blobby volley\\volley.exe"=
"c:\\Programmi\\Shareaza\\Shareaza.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/05/2009 10.00.04 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/06/2009 12.12.47 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/06/2009 12.12.51 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/06/2009 12.12.28 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/06/2009 12.12.25 297752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13/05/2009 2.02.01 603904]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [04/02/2009 23.53.08 457856]
S2 gupdate1c987dc797e78ba;Google Update Service (gupdate1c987dc797e78ba);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2009 23.55.35 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1028432]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31/08/2001 16.00.00 3584]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/03/2009 22.46.48 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27/03/2009 22.46.48 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:01]

2009-10-13 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-10-10 17:27]

2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 18:41]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-05 21:55]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-05 21:55]

2009-10-13 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:20]

2009-10-13 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wrxrvs9r.default\
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-gnffdee - c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gnffdee.exe
AddRemove-gnffdee - c:\documents and settings\administrator\impostazioni locali\dati applicazioni\gnffdee.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\HijackThis.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\programmi\relevantknowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 21:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2009-10-13 21.10.02
ComboFix-quarantined-files.txt 2009-10-13 19:10

Pre-Run: 159.188.176.896 byte disponibili
Post-Run: 159.123.959.808 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

230

se non e' strettamente necessaria, togli la youbuy Toolbar da pannello di controllo

se lo farai, ricorda di togliere con hjt anche le sue chiavi





Per maggior sicurezza esegui una scansione con malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere nulla

elimina tutto quello che malwarebytes ha trovato

Installa Ccleaner, durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia cleaner".


http://www.aiutamici.com/software?ID=11223





IMPORTANTE

installa quanto prima il service pack 3

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it


disinstalla ComboFix in questa maniera:

Start\esegui

nella casella di dlialogo copia ed incolla questo comando: combofix /u


2) vai in Disco Locale C: ed elimina la cartella QooBox

3) elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.


fammi sapere se il pc ha ancora problemi