Ciao r16
Grazie mille per il tuo supporto.
ho appena terminato tutte le operazioni che mi hai descritto e, adesso, pare che tutto funzioni come prima.

di seguito ti posto i log che mi hai richiesto:

Malewarebytes:

Malwarebytes' Anti-Malware 1.30
Versione del database: 1414
Windows 5.1.2600 Service Pack 2

21/11/2008 17.44.20
mbam-log-2008-11-21 (17-44-20).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 196856
Tempo trascorso: 1 hour(s), 41 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

---

ComboFix:

ComboFix 08-11-20.02 - Daniela 2008-11-21 17.50.21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.441 [GMT 1:00]
Eseguito da: c:\documents and settings\Daniela\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\select.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-10-21 al 2008-11-21 )))))))))))))))))))))))))))))))))))
.

2008-11-21 15:43 . 2008-11-21 15:43 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-21 15:43 . 2008-11-21 15:43 <DIR> d-------- c:\documents and settings\Daniela\Dati applicazioni\Malwarebytes
2008-11-21 15:43 . 2008-11-21 15:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-21 15:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 15:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 14:39 . 2008-11-21 14:39 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-21 14:39 . 2008-11-21 14:39 1,409 --a------ c:\windows\QTFont.for
2008-11-19 17:17 . 2008-11-21 17:54 <DIR> d-------- C:\VEXPLITE
2008-11-19 17:17 . 2008-11-19 17:18 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-11-19 17:13 . 2008-11-19 17:13 <DIR> d-------- c:\programmi\CCleaner
2008-11-19 16:52 . 2008-11-19 16:52 <DIR> d-------- c:\programmi\Trend Micro
2008-11-19 16:47 . 2008-11-19 16:47 <DIR> d-------- c:\documents and settings\Daniela\Dati applicazioni\Nokia
2008-11-19 16:33 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl
2008-11-19 15:37 . 2008-11-19 15:37 <DIR> d-------- c:\programmi\Java
2008-11-19 15:37 . 2008-11-19 15:37 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-19 15:37 . 2008-11-19 15:37 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-14 14:57 . 2008-11-14 14:57 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Apple Computer
2008-11-13 12:18 . 2008-11-13 12:18 664 --a------ c:\windows\system32\d3d9caps.dat
2008-10-23 17:08 . 2008-10-23 17:08 244 --ah----- C:\sqmnoopt03.sqm
2008-10-23 17:08 . 2008-10-23 17:08 232 --ah----- C:\sqmdata03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 15:44 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-19 15:44 --------- d-----w c:\programmi\Google
2008-11-14 14:36 --------- d-----w c:\documents and settings\utente\Dati applicazioni\U3
2008-11-11 11:40 --------- d-----w c:\documents and settings\Daniela\Dati applicazioni\U3
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-10 07:44 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-09 11:03 --------- d-----w c:\programmi\AVG
2008-10-09 11:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 1836544]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-16 282624]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-19 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2007-04-18 25214]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Post-it© Software Notes Lite.lnk - c:\programmi\3M\PSN2Lite\Psn2Lite.exe [2007-03-14 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\skypho\\skypho\\X-PRO.exe"=
"c:\\Programmi\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-09 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-09 231704]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0db941ea-a962-11dc-8e65-00138fef85f8}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c900d90-1a6e-11dd-8ec8-00138fef85f8}]
\Shell\AutoRun\command - F:\lgrncie.bat
\Shell\explore\Command - F:\lgrncie.bat
\Shell\open\Command - F:\lgrncie.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{714ec048-5247-11dd-8f05-00138fef85f8}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bdd6845-cd72-11dc-8e7b-00138fef85f8}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c721a4b8-3bb8-11dd-8eed-00138fef85f8}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db4fc130-1053-11dd-8ec1-00138fef85f8}]
\Shell\AutoRun\command - ipy.cmd
\Shell\explore\Command - ipy.cmd
\Shell\open\Command - ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea9d8142-3d15-11dd-8eef-00138fef85f8}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed663311-c8c6-11dc-8e77-00138fef85f8}]
\Shell\AutoRun\command - ipy.cmd
\Shell\explore\Command - ipy.cmd
\Shell\open\Command - ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3bd58e-442f-11dd-8ef7-00138fef85f8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3bd58f-442f-11dd-8ef7-00138fef85f8}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3bd591-442f-11dd-8ef7-00138fef85f8}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7459B316-7FE5-4187-B4DD-B21688503B73} = 192.133.28.7,192.133.28.1

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 17:55:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\matlab6p1\webserver\bin\win32\matlabserver.exe
c:\matlab6p1\bin\win32\matlab.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
c:\programmi\Adobe\Acrobat 7.0\Distillr\acrodist.exe
c:\programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-21 17:59:31 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-21 16:59:28

Pre-Run: 106,084,106,240 byte disponibili
Post-Run: 106,399,522,816 byte disponibili

172 --- E O F --- 2008-11-12 16:52:47

---

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.01.49, on 21/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSN2Lite\Psn2Lite.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174647802562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7459B316-7FE5-4187-B4DD-B21688503B73}: NameServer = 192.133.28.7,192.133.28.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8717 bytes

rieccomi,

ti confermo che tutto sembra funzionare alla perfezione.
ho seguito la procedura che mi hai descritto ed eccoti il log di combofix:

ComboFix 08-11-23.01 - Daniela 2008-11-24 12.39.36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.606 [GMT 1:00]
Eseguito da: c:\documents and settings\Daniela\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\Daniela\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-10-24 al 2008-11-24 )))))))))))))))))))))))))))))))))))
.

2008-11-21 15:43 . 2008-11-21 15:43 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-21 15:43 . 2008-11-21 15:43 <DIR> d-------- c:\documents and settings\Daniela\Dati applicazioni\Malwarebytes
2008-11-21 15:43 . 2008-11-21 15:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-21 15:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 15:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 15:32 . 2008-11-21 15:32 3,051,274 -ra------ C:\ComboFix.exe
2008-11-21 14:39 . 2008-11-21 14:39 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-21 14:39 . 2008-11-21 14:39 1,409 --a------ c:\windows\QTFont.for
2008-11-19 17:17 . 2008-11-21 17:54 <DIR> d-------- C:\VEXPLITE
2008-11-19 17:17 . 2008-11-19 17:18 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-11-19 17:13 . 2008-11-19 17:13 <DIR> d-------- c:\programmi\CCleaner
2008-11-19 16:52 . 2008-11-19 16:52 <DIR> d-------- c:\programmi\Trend Micro
2008-11-19 16:47 . 2008-11-19 16:47 <DIR> d-------- c:\documents and settings\Daniela\Dati applicazioni\Nokia
2008-11-19 16:33 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl
2008-11-19 15:37 . 2008-11-19 15:37 <DIR> d-------- c:\programmi\Java
2008-11-19 15:37 . 2008-11-19 15:37 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-19 15:37 . 2008-11-19 15:37 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-14 14:57 . 2008-11-14 14:57 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Apple Computer
2008-11-13 12:18 . 2008-11-13 12:18 664 --a------ c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 15:44 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-19 15:44 --------- d-----w c:\programmi\Google
2008-11-14 14:36 --------- d-----w c:\documents and settings\utente\Dati applicazioni\U3
2008-11-11 11:40 --------- d-----w c:\documents and settings\Daniela\Dati applicazioni\U3
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 07:44 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-09 11:03 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-09 11:03 --------- d-----w c:\programmi\AVG
2008-10-09 11:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-21_17.59.07.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-24 08:08:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_688.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 1836544]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-16 282624]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-19 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2007-04-18 25214]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Post-it© Software Notes Lite.lnk - c:\programmi\3M\PSN2Lite\Psn2Lite.exe [2007-03-14 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\skypho\\skypho\\X-PRO.exe"=
"c:\\Programmi\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-09 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-09 231704]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0db941ea-a962-11dc-8e65-00138fef85f8}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c900d90-1a6e-11dd-8ec8-00138fef85f8}]
\Shell\AutoRun\command - F:\lgrncie.bat
\Shell\explore\Command - F:\lgrncie.bat
\Shell\open\Command - F:\lgrncie.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{714ec048-5247-11dd-8f05-00138fef85f8}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bdd6845-cd72-11dc-8e7b-00138fef85f8}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c721a4b8-3bb8-11dd-8eed-00138fef85f8}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db4fc130-1053-11dd-8ec1-00138fef85f8}]
\Shell\AutoRun\command - ipy.cmd
\Shell\explore\Command - ipy.cmd
\Shell\open\Command - ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea9d8142-3d15-11dd-8eef-00138fef85f8}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed663311-c8c6-11dc-8e77-00138fef85f8}]
\Shell\AutoRun\command - ipy.cmd
\Shell\explore\Command - ipy.cmd
\Shell\open\Command - ipy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3bd58e-442f-11dd-8ef7-00138fef85f8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3bd58f-442f-11dd-8ef7-00138fef85f8}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3bd591-442f-11dd-8ef7-00138fef85f8}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 12:41:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\WgaLogon.dll

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
Ora fine scansione: 2008-11-24 12.42.59
ComboFix-quarantined-files.txt 2008-11-24 11:42:28
ComboFix2.txt 2008-11-21 16:59:32

Pre-Run: 110,072,045,568 byte disponibili
Post-Run: 110,074,830,848 byte disponibili

156 --- E O F --- 2008-11-12 16:52:47

PS: se volessi fre un check anche sui dischi esterni, in particolare penne USB, come dovrei fare?
Grazie ancora per la tua disponibilità, tempestività e pazienza.

Grazie mille
sei stato fondamentale