Buon giorno r16. Intanto approfitto per ringraziarti per l'aiuto, poi ti mando la "cartella clinica":
Questo è il log di norman Mailer eseguito in modalità provvisoria:

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/06/16 19:12:25

Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/06/16 19:12:25, Variants: 1752355

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 3
Logged on user: FRANKIE\Francesco

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 27/06/2008 07:29:29


Scanning running processes and process memory...

Number of processes/threads found: 595
Number of processes/threads scanned: 595
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 21s


Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*

Scanning: G:\*.*


Running post-scan cleanup routine:

Number of files found: 198431
Number of archives unpacked: 2314
Number of files scanned: 198411
Number of files not scanned: 20
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 23m 46s

Questo è quello di Combofix in modalità normale:

ComboFix 08-06-20.4 - Francesco 2008-06-27 7:11:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1557 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Francesco\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\C.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Creati Da 2008-05-27 al 2008-06-27 )))))))))))))))))))))))))))))))))))
.

2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 10:19 . 2008-06-14 19:32 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 10:18 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 05:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-26 15:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-26 15:17 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-06-26 05:32 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-26 05:28 --------- d-----w C:\Programmi\SpywareBlaster
2008-06-24 08:24 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\LimeWire
2008-06-21 05:47 --------- d-----w C:\Programmi\LimeWire
2008-06-20 05:49 --------- d-----w C:\Programmi\AusLogics Disk Defrag
2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 06:11 --------- d-----w C:\Programmi\Intel
2008-06-05 15:31 --------- d-----w C:\Programmi\IncrediMail
2008-06-01 04:53 --------- d-----w C:\Programmi\Java
2008-05-31 06:21 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 06:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 06:21 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 06:21 --------- d-----w C:\Programmi\Symantec
2008-05-26 05:08 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Canon
2008-05-24 15:05 --------- d-----w C:\Programmi\Canon
2008-05-24 14:27 --------- d-----w C:\Programmi\File comuni\ScanSoft Shared
2008-05-24 14:27 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\ScanSoft
2008-05-24 14:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2008-05-24 14:26 --------- d-----w C:\Programmi\ScanSoft
2008-05-24 14:25 --------- d-----w C:\Programmi\File comuni\Canon
2008-05-24 14:23 --------- d--h--w C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2008-05-24 14:22 --------- d--h--w C:\Programmi\CanonBJ
2008-05-24 09:14 --------- d-----w C:\Programmi\File comuni\Corel
2008-05-24 09:13 --------- d-----w C:\Programmi\Corel
2008-05-22 05:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-22 05:03 --------- d-----w C:\Programmi\Lavasoft
2008-05-22 05:03 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Lavasoft
2008-05-22 05:02 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-05-21 05:17 --------- d-----w C:\Programmi\Blender Foundation
2008-05-21 05:17 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Blender Foundation
2008-05-19 06:22 --------- d-----w C:\Programmi\nLite
2008-05-17 05:53 --------- d-----w C:\Programmi\epson
2008-05-17 05:52 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-15 09:56 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\Auslogics
2008-05-15 09:51 --------- d-----w C:\Programmi\Auslogics
2008-05-14 08:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-14 08:39 --------- d-----w C:\Documents and Settings\Francesco\Dati applicazioni\OfficeUpdate12
2008-05-14 06:30 82,464 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-14 06:30 28,928 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-14 06:30 213,888 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-14 06:30 --------- d-----w C:\Programmi\File comuni\Acronis
2008-05-14 06:30 --------- d-----w C:\Programmi\Acronis
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-14 02:14 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 02:14 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 02:14 286,720 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 02:14 151,552 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 02:14 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 02:14 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 02:13 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 02:13 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 02:13 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 02:13 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 02:13 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 02:13 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 02:13 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 02:13 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 02:13 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 02:13 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2007-01-17 07:36 14 ----a-w C:\Documents and Settings\Francesco\getfile.dat
2006-08-10 05:51 24,192 ----a-w C:\Documents and Settings\Francesco\usbsermptxp.sys
2006-08-10 05:51 22,768 ----a-w C:\Documents and Settings\Francesco\usbsermpt.sys
2006-06-04 08:16 56 --sh--r C:\WINDOWS\system32\B9DC998816.sys
2007-12-25 18:16 88 --sh--r C:\WINDOWS\system32\D40DCA7F8A.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 08:35 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [2008-06-03 17:25 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Programmi\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ricerca rapida.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 18:50 1603152 C:\Programmi\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-04-03 18:00 644696 C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diagnostica SpeedTouch USB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-06-03 17:25 243072 C:\Programmi\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 18:44 81920 C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-14 04:14 1695232 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-07-15 12:36 319488 C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-10-21 10:43 868352 C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 18:44 65536 C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-04-19 09:40]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2007-04-11 07:42]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 12:49]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2008-02-20 21:19]
S3 SIVDRIVER;SIV Kernel Driver;C:\WINDOWS\system32\Drivers\SIVX32.sys [2008-01-12 10:32]
S3 UPnPService;UPnPService;C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]

*Newly Created Service* - COMHOST
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-27 05:17:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2007-11-24 15:06:55 C:\WINDOWS\Tasks\Norton Internet Security - Scansione completa sistema - Francesco.job"
- C:\Programmi\Norton Internet Security\Norton AntiVirus\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 07:15:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\IncrediMail\bin\ImApp.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-27 7:17:57 - machine was rebooted [Francesco]
ComboFix-quarantined-files.txt 2008-06-27 05:17:53

13 Directory 60,202,237,952 byte disponibili
17 Directory 60,122,198,016 byte disponibili

233 --- E O F --- 2008-06-04 07:58:24

Ciao r16, devo dire, toccando ferro, che da quando ho fatto la scansione non ho più avuto disconnessioni. Ecco il log di hijackThis(mi ero dimenticato). Mille grazie ancora, alla prossima.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5.08.24, on 28/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {E8081BD9-5D5F-4E31-8F23-A6725ED531CD} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {E8081BD9-5D5F-4E31-8F23-A6725ED531CD} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: ServerPushBox - http://www.infotossa.com/servp14.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.12print.it/cab/ImageUploader4.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.46.105.98/activex/AMC.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 8345 bytes

Ciao.
Si' che poteva esserne la causa. (io ne sono sicuro)
Infatti,quel file (C:\WINDOWS\Downloaded Program Files\setup.inf) è classificato come Troyan-Dialer.
La cartella scritta in rosso, è dove stava rinchiuso il virus,il file setup.inf è quello che lo caricava nel sistema.
Se non hai più avuto disconnessioni, significa che quello era il problema.
Nel log di HijackThis hai questa Voce che se non conosci il server ServerPushBox è da eliminare di corsa.
O16 - DPF: ServerPushBox - http://www.infotossa.com/servp14.cab

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :


clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
SVUOTA IL CESTINO
Pulisci, gli eventuali ADS (Alternate Data Streams), quindi:
lancia Hijackthis
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
lascia la spunta alla voce Ignore safe system info streams
togli la spunta alla voce Calculate md5 checksum of streams
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Terminata la scansione, devi riavviare il sistema.
Fai una scansione on-line con Kaspersky:
http://www.kaspersky.com/virusscanner
Se hai domande, sono qui.
Ciao.

Ciao Costabrava..
Non li puoi individuare gli ADS,sono quasi praticamente "invisibili".
Eccoti un link,in cui spiega bene, cosa sono, e a cosa servono,e a cosa possono servire ai malintenzionati.
http://sicurezza.html.it/articoli/leggi/1046/alternate-data-streams-i-file-invisibili-di-window/
Poi: Si,' è bene , svuotarla la cartella Prefetch, una o due volte al mese (dipende da quanto si usa il pc)
Questa cartella serve per una più rapida "visualizzazione"delle pagine di internet.
Dopo aver utilizzato XP per un po di tempo, la cartella prefetch contiene una serie di link obsoleti che rallentano il funzionamento del PC.
Spero di esserti stato oltre che chiaro,anche utile.

Ciao!