Ecco il log di combofix e a seguire hjt.

ComboFix 09-08-10.06 - Proprietario 11/08/2009 23:17.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.248 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090811-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Proprietario\Dati applicazioni\inst.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER09BE5ED0.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER0CEB5579.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER3F8C5ED0.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER4A2D0DE5.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER55465579.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER64240029.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER67A60DE5.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER6C804823.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER7B0718BE.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNER84344BAE.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERAA8E0029.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERB26E4823.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERC0C618BE.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERCB7A0099.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERDAEB4D06.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERDE850029.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERE28C5D03.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERE3D53B25.exe
c:\documents and settings\Proprietario\Impostazioni locali\TempNERF2FA0029.exe
c:\windows\desktop
c:\windows\desktop\Fish.scr
c:\windows\Installer\10c79.msi
c:\windows\Installer\1108e.msi
c:\windows\Installer\82728.msi
c:\windows\Installer\a83d5.msp
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf


.
((((((((((((((((((((((((( Files Creati Da 2009-07-11 al 2009-08-11 )))))))))))))))))))))))))))))))))))
.

2009-08-11 19:44 . 2009-08-11 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 19:43 . 2009-08-11 19:43 152576 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 19:14 . 2009-08-11 19:14 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Malwarebytes
2009-08-11 19:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 19:13 . 2009-08-11 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-11 19:13 . 2009-08-11 19:13 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-11 19:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 16:55 . 2009-08-10 16:55 -------- d-----w- c:\programmi\CCleaner
2009-08-10 16:54 . 2009-08-10 16:54 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-09 19:13 . 2009-08-09 19:13 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-09 19:10 . 2009-08-09 19:10 -------- d-----w- c:\programmi\AC3Filter
2009-08-09 18:35 . 2009-08-09 19:09 -------- d-----w- c:\programmi\xp-AntiSpy
2009-08-09 18:26 . 2009-08-09 18:26 -------- d-----w- c:\programmi\Trend Micro
2009-08-08 18:49 . 2009-08-09 19:10 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\DNA
2009-08-08 16:29 . 2009-08-09 19:11 -------- d-----w- c:\programmi\Wise Disk Cleaner
2009-08-01 18:33 . 2009-08-01 18:33 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Samsung
2009-08-01 18:27 . 2009-08-01 18:27 -------- d-----w- c:\programmi\Samsung
2009-07-29 20:33 . 2009-07-29 20:33 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\TomTom
2009-07-29 20:32 . 2009-08-09 19:14 -------- d-----w- c:\programmi\TomTom HOME 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 20:40 . 2006-08-06 20:48 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-11 19:43 . 2003-01-01 21:20 -------- d-----w- c:\programmi\Java
2009-08-11 19:41 . 2006-08-06 20:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-11 19:39 . 2007-05-12 19:31 -------- d-----w- c:\programmi\Nokia
2009-08-10 17:03 . 2006-05-02 20:05 -------- d-----w- c:\programmi\Gabest
2009-08-10 16:38 . 2007-07-30 21:23 -------- d-----w- c:\programmi\File comuni\Nokia
2009-08-10 16:35 . 2007-05-12 19:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-08-09 19:12 . 2005-10-14 22:25 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-09 19:11 . 2007-05-12 19:31 -------- d-----w- c:\programmi\DIFX
2009-08-09 19:10 . 2007-10-15 19:37 -------- d-----w- c:\programmi\AdunanzA
2009-08-09 19:10 . 2006-03-23 18:18 -------- d-----w- c:\programmi\DivX
2009-08-09 19:10 . 2009-03-14 20:11 -------- d-----w- c:\programmi\GameTop.com
2009-08-09 19:10 . 2006-05-05 19:45 -------- d-----w- c:\programmi\ffdshow
2009-08-09 19:10 . 2003-01-01 22:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-09 19:10 . 2005-10-16 18:45 -------- d-----w- c:\programmi\EPSON
2009-08-08 18:31 . 2006-05-05 19:43 -------- d-----w- c:\programmi\RadiumMp3Codec
2009-08-08 18:31 . 2005-10-16 19:54 -------- d-----w- c:\programmi\AMP Font Viewer
2009-08-08 16:20 . 2005-10-22 19:19 33652 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\wklnhst.dat
2009-07-31 18:38 . 2009-07-31 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-31 18:37 . 2009-07-31 18:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-02 20:50 . 2009-07-02 20:49 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-06-27 20:27 . 2009-05-29 19:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-06-27 19:22 . 2007-05-12 19:32 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Nokia
2009-06-27 19:12 . 2009-06-27 19:12 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-06-27 19:10 . 2009-06-27 19:10 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-27 19:10 . 2009-06-27 19:10 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-27 19:10 . 2009-06-27 19:10 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-27 19:10 . 2009-06-27 19:10 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-27 19:09 . 2009-06-27 19:11 33705352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_ita.exe
2009-06-14 20:45 . 2007-10-29 20:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2004-02-24 06:50 . 2005-10-15 05:28 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BackupNotify"="c:\programmi\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\programmi\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"bit4id store register"="c:\windows\system32\bit4cnsp.dll" [2008-05-16 155648]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"TotalRecorderScheduler"="c:\programmi\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-07-13 40960]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2008-05-21 57344]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Office.lnk - c:\programmi\Microsoft Office\Office\OSA.EXE [1997-9-1 51984]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SysKbp"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/04/2008 21:23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/04/2008 21:23 20560]
R2 NokiaSuite3;NokiaSuite3;c:\windows\system32\drivers\NokiaSuite3.sys [08/04/2007 16:02 837696]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [25/10/2008 14:15 24832]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [26/08/2007 22:00 544768]
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-08-11 c:\windows\Tasks\User_Feed_Synchronization-{1A356D97-AEF0-4F8E-8499-C88FCD3B4F0C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-POINTER - point32.exe
ShellExecuteHooks-{F28439F2-4996-41B8-8BD0-22789780DE81} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uDefault_Search_URL = hxxp://srch-it10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://srch-it10.hpwis.com/
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: intesasanpaolo.com\www
DPF: Iphona - hxxps://servizi.inps.it/servizi/ParlaConNoi/VoipFiles/Iphona.CAB
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Ora fine scansione: 2009-08-11 23:34
ComboFix-quarantined-files.txt 2009-08-11 21:34

Pre-Run: 88.112.893.952 byte disponibili
Post-Run: 88.154.566.656 byte disponibili

196 --- E O F --- 2009-06-27 19:08



LOG HJt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:12, on 11/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\SSLEmptyCache.exe
C:\WINDOWS\system32\ps2.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programmi\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] "c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Programmi\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] "c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Iphona - https://servizi.inps.it/servizi/ParlaConNoi/VoipFiles/Iphona.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) - http://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) - http://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) - http://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) - http://supportsiss.lispa.it/components/pdlc.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://www.coolstreaming.us/consolle/plug-in/SOPCORE.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
O24 - Desktop Component 0: (no name) - http://www.ilsole24ore.com/js/general.js
O24 - Desktop Component 1: (no name) - http://www1.agenziaentrate.it/nsin/gn/immagini/logo_entrate_new.jpg

--
End of file - 9768 bytes

I MENU DI INTERNET EXPLORER SONO DIVENTATI NERI!!!

Scusami r16 ma sono ansiosa.... ecco il log di Malwarebytes appena fatto.

Il messaggio malefico è apparso ancora ma solo una volta prima di fare questa scansione e poi basta.

Malwarebytes' Anti-Malware 1.40
Versione del database: 2605
Windows 5.1.2600 Service Pack 3

12/08/2009 18:01:39
mbam-log-2009-08-12 (18-01-39).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 178294
Tempo trascorso: 57 minute(s), 20 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Non mi servi ansiosa......
Mi servi: calma, tranquilla, e lucida.
Se ti agiti, non ci guadagnerà nessuno.

Disistalla IE8.

Se non sai dove scaricare IE7 scaricalo da qui:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9ae91ebe-3385-447c-8a30-081805b2f90b&DisplayLang=it

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore (poi esegui le pulizie)

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
Elimina TUTTE le voci 016

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Riavvia il pc.

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Finite queste operazioni, dimmi che problemi riscontri.

VITTORIA!!!!!!!!!! Grazie R16!!!!!!!!! ti sono molto grata per l'aiuto. Ho risolto il problema.
Solo volevo dirti che stranamente (per me forse..) una volta disinstallato IE8 mi è rimasto "sotto" IE07, nel senso che sembra non essersi mai cancellato. Il file di IE7 .exe quindi non mi è servito. Ho notato anche che dopo la disinstallazione di IE8 il messaggio killer non è più apparso. Per il resto ho seguito tutto quello che mi hai detto ed eccomi qua strafelice.
Grazie, grazie ancora.
Un salutone da Salvinik